Buffer Overrun Detected when starting Internet Explorer

By spk1973
Jan 24, 2009
Topic Status:
Not open for further replies.
  1. This is very similar to another thread on this forum, I understood the general steps involved in running HiJackThis but I don't know which files to fix/uninstall/delete and was hoping one of the good knowledgeable folks on this forum could shed some light.

    Windows XP Home Edition Version 2002 Service Pack 3.
    Complete text of alert:

    Title: "Microsoft Visual C++ Runtime Library"

    "Buffer overrun detected!
    Program:C:\Program Files\Internet Explorer\iexplore.exe
    A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated."

    I have attached the HJT log file.
    Any help much appreciated.
    -Shawn
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    The log will not be fully helpful without a full description of the motherboard, memory, chipset, hard drive, video graphics card or port, etc.
    The buffer overrun could be easily promolgated by the hardware and install.
  3. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    I should also point out that Safari is installed and works without any problems, but this error seems consistent with other "quirks" with this PC that seem indicative of a virus/malware.

    Compiled from SiSandra:

    Processor
    Model : Intel(R) Celeron(R) M processor 1.60GHz
    Speed : 1.60GHz
    Cores per Processor : 1 Unit(s)
    Threads per Core : 1 Unit(s)
    Type : Mobile
    Internal Data Cache : 32kB, Synchronous, Write-Back, 8-way, 64 byte line size
    L2 On-board Cache : 1MB, ECC, Synchronous, ATC, 4-way, 64 byte line size

    System
    System : TOSHIBA Satellite M45
    Mainboard : ATI SB400
    Bus(es) : X-Bus PCI IMB PCMCIA CardBus USB FireWire/1394 i2c/SMBus
    Multi-Processor (MP) Support : No
    Multi-Processor Advanced PIC (APIC) : Yes
    System BIOS : Phoenix Technologies LTD 1.50
    Total Memory : 448MB DDR SO-DIMM

    Chipset
    Model : Toshiba RS400/133 Host Bridge
    Front Side Bus Speed : 4x 100MHz (400MHz)
    Total Memory : 512MB DDR SO-DIMM
    Shared Memory : 1GB
    Memory Bus Speed : 2x 167MHz (334MHz)

    Memory Module(s)
    Memory Module : Samsung M4 70L6524CU0-CB3 512MB DDR PC2700U DDR-166 (2.5-3-3-7 2-10-0-0)

    Video System
    Adapter : ATI RADEON XPRESS 200M Series (64MB, PCI, PS2.0, VS2.0)

    Storage Devices
    HTS541080G9AT00 80GB (ATA100, 2.5", 5400rpm, 7MB Cache) : 75GB (C:)
    MATSHITA DVD-RAM UJ-841S (ATA33, DVD+-RW, CD-RW, 2MB Cache) : N/A (D:)

    Logical Storage Devices
    SQ003920 (C:) : 74GB (NTFS) @ HTS541080G9AT00 80GB (ATA100, 2.5", 5400rpm, 7MB Cache)
    CD-ROM/DVD (D:) : N/A @ MATSHITA DVD-RAM UJ-841S (ATA33, DVD+-RW, CD-RW, 2MB Cache)

    Peripherals
    LPC Hub Controller 1 : Toshiba IXP SB400 SMBus
    LPC Hub Controller 2 : Toshiba IXP SB400 PCI-ISA Bridge
    LPC Legacy Controller 1 : SMSC LPC v1
    Audio Device : Toshiba IXP SB400 AC'97 Audio Controller
    Serial Port(s) : 1
    Disk Controller : Toshiba IXP SB400 IDE Controller
    USB Controller 1 : Toshiba IXP SB400 OHCI USB Controller
    USB Controller 2 : Toshiba IXP SB400 OHCI USB Controller
    USB Controller 3 : Toshiba IXP SB400 EHCI USB 2.0 Controller
    FireWire/1394 Controller 1 : Toshiba TSB43AB21 1394a-2000 OHCI PHY/link-layer Controller
    CardBus/PCMCIA Controller 1 : TI PCI1410 PC Card CardBus Controller
    System SMBus Controller 1 : AMD IXP SMBus

    Printers and Faxes
    Printer : PDF Printer Pilot (2400x2400, Colour)
    Printer : Microsoft Office Document Image Writer Driver (300x300, Colour)
    Fax : Microsoft Shared Fax Driver (200x200)
    Printer : EPSON Stylus CX4200 Series (720x720, USB, Colour)
    Printer : EPSON Stylus C88 Series (360x360, USB, Colour)

    Network Services
    Network Adapter : Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport (Ethernet, 54Mbps)
    Network Adapter : Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
    Wireless Adapter 1 : Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport (802.11g (ERP), WEP n-bit, 54Mbps)

    Power Management
    Mains (AC) Line Status : On-Line
    Battery No 1 : 96%

    Operating System(s)
    Windows System : Microsoft Windows XP Home 5.01.2600 (Service Pack 3)
    Platform Compliance : x86
  4. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    Just checking in to bump the thread. Anyone here who can offer any help with this?
    Thanks.
  5. jobeard

    jobeard TS Ambassador Posts: 13,285   +281

    first action is to get current with MS Update (yes there's hotfixes to SP3)
  6. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    I apologize, I'm not quite sure what this means. Windows does not show any need for updates after checking to make sure it automatically checks for updates.
    Please advise. Thanks so much.
    In case anything has changed between the first post and this one ( this is my father-in-laws computer), I have attached a new(most recent) hijackthis log.
    Thanks again.
  7. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    I don't see the problem in that log.
    The main problem is that you do not have nearly enough memory for what you are running. With that computer each memory slot can hold DDR2 PC2-5300 with a maximum of 1GB per slot, or a total of 2 GB. You have 512 MB in two 256 MB... which is not close to enough for what you have installed.
    Also, I would go to www.microsoft.com, then search for Microsoft Update, then run updates in Custom mode to be sure you are missing nothing... do not depend on automatic updates to fix all...
  8. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    I don't know how this can be. I have gone through his pc and removed all extraneous programs and large files. Admittedly, I know nothing about partitioning or anything like that so maybe the hard drive isn't formatted properly?
    I will check the MS site for manual updating later this morning and report back. Thanks.
  9. jobeard

    jobeard TS Ambassador Posts: 13,285   +281

    Not related at all. Buffer Overrun is a software coding error and
    whichever program was active at the time of the error NEEDS AN UPDATE
    (even if MS has yet to create it).
  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi spk1973

    Run HJT Scan only, Select and remove the below
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    Boot to Safe Mode networking and see if the issue exists there!

    Then back to normal and copy (don't change your original shortcut) an Internet explorer SHORTCUT then go into properties and add a space then -extoff to the end of the Target line.

    Should look like this. "C:\Program Files\Internet Explorer\iexplore.exe" -extoff

    This will run IE with all addons turned off. If no problem here then it is an addon that is the issue.

    Mike
  11. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    In the most supreme irony, trying to visit update.microsoft.com when NOT using IE (the browser currently not working) will bring up a page with the following message:

    "Thank you for your interest in obtaining updates from our site.
    To use this site, you must be running Microsoft Internet Explorer 5 or later.
    To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.
    If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates...."

    I went to the download center but now I must choose which updates to install? I haven't the slightest idea. There is a malicious software update that I'll try but I don't know how I can be sure I'm completely up to date. Any help, again, greatly appreciated.
    -Shawn
     
  12. mflynn

    mflynn Newcomer, in training Posts: 2,793

    When you report back on post #10 then there is a good chance we can fix that!

    Mike
  13. jobeard

    jobeard TS Ambassador Posts: 13,285   +281

    Oh yes! Although there is a tad of technicality, this is not just irony -- imo, foolishness and arrogance!
    • Technicality: MS Update requires ActiveX to allow the install. This is not a true requirement, but an implementation detail (down load and then manual or a scheduled job to run an MSI package would work as well)
    • foolishness and arrogance: Your situation highlights the issue well. If some other browser could be used, then you could repair IE or anything else that needed MS downloads.

    btw: the C++ RTE can be obtained here
  14. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    Mike,
    Thanks for your input.
    I did what you said, and ran IE and it worked with no addons. So, per you, the issue involves some addon.
    How to go about finding out which one it is?
    Thanks,
    -Shawn
  15. mflynn

    mflynn Newcomer, in training Posts: 2,793

    No time to post now out to Dinner for a couple hours!

    Mike
  16. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    Also, I can visit the MS update page with IE add-ons blocked, but cannot access updates due to add-ons being blocked. Cannot disable add-ons without quitting and opening non-add-on-blocked IE, which will not open due to Buffer Overrun.
    Aaargh!
  17. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK do this!

    Download Dial-A-Fix (DAF)
    http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
    http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

    Have XP CD available in case DAF needs a file.

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here 1 at a time do the below

    Flush DNS
    Flush Icons
    Reinstall BITS
    Repair Permissions
    Reset networking
    Watch for any File not found or other errors and make note as this may lead to the fix!

    Reboot retest winupdate with regular IE not the noaddons one.

    Mike
  18. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    Hi Mike,
    Did all the above, did not notice any unfound files or other errors.
    Rebooted, but I'm not sure what you mean by retest winupdate with regular IE. I tried opening the IE shortcut (the one without addons) and it still won't open. Buffer overrun error again.
    -Shawn
     
  19. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok that usually does it.

    So do the below..

    Temp files can cause this so clean up deeply with these

    CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
    Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
    -------------------------------------------
    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
    Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
    -------------------------------------------
    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. Run Analyze and clean.
    -------------------------------------------
    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    After the above reboot and test for the Buffer Overrun. before continuing below but even if fixed I advise the below!

    -------------------------------------------
    Finally run SAS http://www.techspot.com/downloads/2695-superantispyware.html
    I am recommending this for one of its repair tools, but go ahead and do a Malware scan and post the results (this will tell us if we have malware that could cause this issue). We may not need the tools from SAS if the other above works.

    Mike
  20. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Fix the memory. 448 MB is inadequate for so many other operations with your setup and service packs.

    Then follow the guide for a full Microsoft Update.

    Then work on the other stuff, if needed.

    First things first.
  21. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    If you installed Internet Explorer 7 over an existing install of Internet Explorer 6.1, Use Add or Remove in the Control panel to remove Internet Explorer 7.
    Then reboot and try your system without Internet Explorer 7...

    Then if it works, reinstall Internet Explorer 7 after using CCleaner to clean, then Defragment, then a reboot.
  22. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ram will not fix a Buffer overflow!

    And he can not access updates at this point. That is what we want to do fix the Buffer overflow then do the Windows Updates.

    Mike
  23. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    OK, so I did everything above, and there were 159 files detected by SAS. I've attached the scanner log. What next?
    Thanks for your help so far. I think I might be getting to the problem slowly but surely.
  24. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ouch!

    Not good! May not be all of problem but it is not logical to try and repair a System issue with Malware! We need to Clean the Malware first!

    We may after cleaning need to reinstall IE7 as advised by Raybay but until we are clean we do not want to install anything except Malware cleaners, as it could be compromised as soon as installed.

    You owe it to yourself to do the 8 Steps now! http://www.techspot.com/vb/topic58138.html

    With these exceptions!

    1. You have already done CCleaner so skip that one.
    2. You have already done SAS
    3. Do nothing with Virus scanners or Firewalls yet.

    Update SAS Scan again Quick scan this time click to remove the tracking cookies and attach another log.

    Then get the HJT and MBAM installed run and logs attached!

    Mike
  25. spk1973

    spk1973 Newcomer, in training Topic Starter Posts: 52

    Thanks, Mike. I quarantined/removed the bad files, but I'm gonna go through the steps you mentioned.
    By the way IE WORKS!!!!!! YOOHOO!!! I have visited the update page and gotten critical updates and was working through the custom updates but it won't let me install this one:
    Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86
    Thanks so much for your (and raybay and joebeard's) help. I will post later today with the results from the 8 steps, HJT and MBAM logs attached. It's great that IE works but my end goal of all this is to clean this computer good. It certainly appears that I'm getting there.
    Thanks again,
    -Shawn
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.