WGUARD caused an invalid page fault in..FYI

[wyrmrider]

happened twice but I did not save the first one
if this is worth persueing I'll monitor more closely
wyrmrider
WGUARD caused an invalid page fault in
module MSVBVM60.DLL at 017f:6600b444.
Registers:
EAX=049b151c CS=017f EIP=6600b444 EFLGS=00010202
EBX=6610e470 SS=0187 ESP=0067fbdc EBP=0067fbf4
ECX=015bf3ec DS=0187 ESI=015bf378 FS=58b7
EDX=0000001e ES=0187 EDI=00000000 GS=0000
Bytes at CS:EIP:
f6 40 3c 01 0f 85 8f 22 01 00 8b 06 8b ce ff 50
Stack dump:
bff55836 00000000 ffffffff 011c3f84 012af118 00000000 0067fc30 660061b5 bff55836 00000000 ffffffff 00000000 00000020 0067f9c8 00000000 0067fc1c

[Gavin - DiamondCS]

Hi,

Try the Runtime SP6 update listed at the page below (yes its on the TDS-3 files page)

http://tds.diamondcs.com.au/index.php?page=files

[wyrmrider]

done I'll keep you posted
installed tds-3 updated and
good news scan did not find anything
bad news still have my google addressbar error search hijack

wyrmrider

[Gavin - DiamondCS]

Hi,

Not sure about your last comment - do you mean you have google toolbar ?

Or do you have a hijack which occurs when you try to visit google. If so, use HijackThis (see the URL below) and you can send the log to support@diamondcs.com.au

http://www.wilderssecurity.com/showthread.php?t=15913

[wyrmrider]

hi
I dl the file and installed
have not had problem reoccour

If I check the box to enable "allow run the file anyway"
how do save the setting I "installed" but next time it's back unchecked
(or is this like ms performance tab in "manage your own cache??"

yes I did mean google "Im feeling lucky" in ie or default I'm feeling lucky in mozilla

I do not think hjt show anything
trying to look at it now
I'll post it up if I do(or do not find anything later)

this is not COM.ORG
behaviour is this
if you type a neme in the google bar and it is correct you are taken directly to the "i'm feeling lucky" site

if you misspell wildersecurity as a good exampel missing s
in google you get "did you mean wilderssecurity"
in I'm feeling luck or mozilla default address bar search

a lot of script runs and site redirects
and you get
apps5.oingo.dom...keywordhere
and are taken to a paid site or a phoney pay per hit search page

I'm feeling lucky requires looser cookie settings than regular google
but I think this thing is trying to install even nastier cookies or something worse
The action is blocked with IE spyads (I think that who is doing it)

another site taken to is dp.information.com whose host is blocked in my HOSTS

If you are familiar with this get back to me
or if you have any ideas
or just keep your eyes open

I can show you how the hijacker took me to
SPYWARE KILLER
while showing SPYBOT SEARCH DESTROY
hope teamspybot can track it down


tds-3 shows clean

thanks for the tip

wyrmrider

[Jooske]

Sorry for not understanding your message.
Can you try again, step by step please?
I do have WormGuard and i do have google and i do occasionally use "i'm feeling lucky" but i don't understand what you're trying to explain.

Which file or program triggers WormGuard to block it?
Are you sure the file is valid and clean?
What kind of alert does it give you?
Where is the file located, on your system or a website?

If you are in every sense absolutely sure the program or file you want to execute you could decide to exclude it from the warnings (allow always)

If you mean when using the google bar itself WormGuard jump up with a warning there must be something wrong in some way. So best come with the exact warning WormGuard gives you.