Member Login

Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

VirusScan - SVCHOST.EXE Buffer Overflow

VirusScan - SVCHOST.EXE Buffer Overflow

Good morning Tech's, I am having a very strange issue on a large amount of our PC's in our remote location. This remote location is connected to my centeral office via a Point-to-Point. All servers reside in the central office and so does the Internet Gateway. Reason for the above is this issue is only happening in our remote location.

The issue is that McAfee VirusScan keeps popping up on users computers with the following message:

Buffer OverFlow
Blocked by Buffer Overflow Protection

I also notice but do not know if this is related that on the users PC their Windows Credintials has changed to "Debug User", we usually have everyone as Administrator.

If anyone can shed some light or direction it will he greatly appricated. Virus Def is 5533 and Scan Engine 5300.

RE: VirusScan - SVCHOST.EXE Buffer Overflow

You might have covered this, but we saw this a while ago, and it was caused by the Conficker.worm.

RE: VirusScan - SVCHOST.EXE Buffer Overflow

Hi VampireJ, can you lead where can i find the Conflicker.worm forum.

I could not find it on tek-tips.

Thanks. Any idea how we can track down what is spreading this worm.

RE: VirusScan - SVCHOST.EXE Buffer Overflow

Hey dude,

The quick and easy way is to first of all download the Microsoft Malicious Removal Tool from MS website (KB890830). Then download the MS patch, KB958644, which prevent confiker from coming back.

I have a document from McAfee about Conficker, but I can't attach it here, so if you want a copy, PM me and I'll send it across. To be honest though, I didn't read through it, and just did the steps above and the conficker was removed from our machines.

Good luck,


RE: VirusScan - SVCHOST.EXE Buffer Overflow

Hi All

1) I would suggest that you apply MS08-067 which is the Microsoft fix for Conficker.

2) With most recent DAT files, run a SCHEDULED On Demand Scan > Reboot > SCHEDULED On Demand Scan

The reason for it being scheduled is because Conficker requires elevated priveledges to be removed. A scheduled On Demand Scan uses the "System" account whereas running the scan by right click system tray > On Demand Scan uses the locally logged on user account.

Even if the logged on user is Domain Admin, Conficker can lock out Domain Admin accounts.

McAfee recently posted a knowledge base article on conficker:

Hope this helps.

Also I would recommend using VSE 8.5 or 8.7 as they have better rootkit scanning ability than VSE 8.0, considering that Conficker also has a variant that infects memory.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close