|
Regmon results Shows Buffer Overflow |
Post Reply 
|
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
molotov 
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
 Post Options
 Quote Reply
 Topic: Regmon results Shows Buffer OverflowPosted: 20 February 2009 at 10:10pm |
|
In my case, the behavior was not a problem. Malware was not involved, and neither was a p2p network program.
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
 |
|
|
pritchie
Newbie 
Joined: 20 February 2009 Location: Lincoln Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 20 February 2009 at 9:03pm |
|
I had the same problem on a computer, and it was running supper slow. I had already cleaned the computer background programs with hijack this, msconfig, ect but something was still running. Combofix.exe (if you don't know about combofix, just google it) got whatever it was off the computer and now it no longer attempts to access registry HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind and runs considerably faster.
I believe it was a p2pnetworking program that causing this problem as that was what combofix removed.
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 19 June 2007 at 10:16am |
|
FWIW, I get the same behavior on the same key - Request is "QueryValue", and 2 of 3 results are BUFFER OVERFLOWs while 1 of 3 is SUCCESS.
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ixuser
Newbie
Joined: 19 June 2007 Location: United States Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 19 June 2007 at 10:12am |
|
Ok, thanks.
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 19 June 2007 at 10:10am |
|
If this is the only activity that you are suspicious of, I can't say that I would be concerned about it. Of course, if you are concerned you can always run the appropriate AV / malware scans...
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ixuser
Newbie
Joined: 19 June 2007 Location: United States Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 19 June 2007 at 9:57am |
|
Thank you, I understand the reason why the buffer overflow is being generated, simply a small buffer.
This is showing up in HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind. I had to use xp tcp repair to get my dhcp client to work again. This is why im suspicious that MS Bind module is being replaced by a hacker/trojan/virus/malware, or something to that effect. Any thoughts or ideas? I could be overly suspicious of nothing also.
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 19 June 2007 at 9:47am |
|
Hi, ixuser.
Please see "Buffer Overflows in Regmon Traces".
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ixuser
Newbie
Joined: 19 June 2007 Location: United States Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 19 June 2007 at 9:42am |
|
While running regmon, it shows certain registry keys as BUFFER OVERFLOW in the Results column. To me, thats a big issue. How do I take care of these registry entries coming up as Buffer Overflow? Is it the actual executable that needs to be replaced? |
|
|
|
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
