Buffer Overflow at QueryAllInformationFile

Discussion in 'ESET NOD32 Antivirus' started by agruener, Feb 5, 2008.

Thread Status:
Not open for further replies.
  1. agruener

    agruener Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    9
    Hello,

    I am using Nod32 3.0.621.0 Antivirus.

    Running the program 'Process Monitor' from Sysinternals (http://www.microsoft.com/germany/technet/sysinternals/utilities/processmonitor.mspx) it shows very frequently this error with different files on my hard disk.

    Event:

    Sequence: 26398
    Date & Time: 05.02.2008 13:03:46
    Event Class: File System
    Operation: QueryAllInformationFile
    Result: BUFFER OVERFLOW
    Path: C:\WINDOWS\Prefetch\PROCMON.EXE-0C5DBC94.pf
    TID: 248
    Duration: 0.0000028
    CreationTime: 03.02.2008 12:57:29
    LastAccessTime: 05.02.2008 13:03:46
    LastWriteTime: 05.02.2008 13:03:46
    ChangeTime: 05.02.2008 13:03:46
    FileAttributes: A
    AllocationSize: 49.152
    EndOfFile: 47.608
    NumberOfLinks: 1
    DeletePending: False
    Directory: False
    IndexNumber: 0xc00000001bab8
    EaSize: 0
    Access: Generic Read
    Position: 0
    Mode: Synchronous IO Non-Alert
    AlignmentRequirement: Word

    Process:

    Description: Eset Service
    Company: ESET
    Name: ekrn.exe
    Version: 3.00.0621.0000
    Path: C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
    Command Line: "C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe"
    PID: 2004
    Parent PID: 1092
    Session ID: 0
    User: NT-AUTORITÄT\SYSTEM
    Auth ID: 00000000:000003e7
    Architecture: 32-bit
    Virtualized: n/a
    Integrity: n/a
    Started: 05.02.2008 13:02:22
    Ended: (Running)
    Modules:
    ekrn.exe 0x400000 0x71000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
    xpsp2res.dll 0x20000000 0x2D9000 C:\WINDOWS\system32\xpsp2res.dll
    ekrnEpfw.dll 0x20300000 0x3E000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
    updater.dll 0x21000000 0x2A000 C:\Programme\ESET\ESET NOD32 Antivirus\updater.dll
    ekrnUpdate.dll 0x21100000 0x20000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
    ekrnAmon.dll 0x21300000 0x3D000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
    ekrnEmon.dll 0x21500000 0x17000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
    ekrnScan.dll 0x21E00000 0x30000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnScan.dll
    ekrnMailPlugins.dll 0x22900000 0x17000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
    NETAPI32.dll 0x597D0000 0x54000 C:\WINDOWS\system32\NETAPI32.dll
    uxtheme.dll 0x5B0F0000 0x38000 C:\WINDOWS\system32\uxtheme.dll
    comctl32.dll 0x5D450000 0x9A000 C:\WINDOWS\system32\comctl32.dll
    hnetcfg.dll 0x66710000 0x59000 C:\WINDOWS\system32\hnetcfg.dll
    wshtcpip.dll 0x719F0000 0x8000 C:\WINDOWS\System32\wshtcpip.dll
    WS2HELP.dll 0x71A00000 0x8000 C:\WINDOWS\system32\WS2HELP.dll
    WS2_32.dll 0x71A10000 0x17000 C:\WINDOWS\system32\WS2_32.dll
    MPR.dll 0x71A80000 0x12000 C:\WINDOWS\system32\MPR.dll
    SAMLIB.dll 0x71B70000 0x13000 C:\WINDOWS\system32\SAMLIB.dll
    wbemsvc.dll 0x74E50000 0xE000 C:\WINDOWS\system32\wbem\wbemsvc.dll
    wbemprox.dll 0x74E70000 0x8000 C:\WINDOWS\system32\wbem\wbemprox.dll
    wbemcomn.dll 0x75210000 0x37000 C:\WINDOWS\system32\wbem\wbemcomn.dll
    msctfime.ime 0x75250000 0x2E000 C:\WINDOWS\system32\msctfime.ime
    fastprox.dll 0x75620000 0x76000 C:\WINDOWS\system32\wbem\fastprox.dll
    MSVCP60.dll 0x76020000 0x65000 C:\WINDOWS\system32\MSVCP60.dll
    IMM32.DLL 0x76330000 0x1D000 C:\WINDOWS\system32\IMM32.DLL
    USERENV.dll 0x76620000 0xB5000 C:\WINDOWS\system32\USERENV.dll
    NTDSAPI.dll 0x76750000 0x13000 C:\WINDOWS\system32\NTDSAPI.dll
    WINMM.dll 0x76AF0000 0x2E000 C:\WINDOWS\system32\WINMM.dll
    Psapi.dll 0x76BB0000 0xB000 C:\WINDOWS\system32\Psapi.dll
    iphlpapi.dll 0x76D20000 0x19000 C:\WINDOWS\system32\iphlpapi.dll
    rtutils.dll 0x76E40000 0xE000 C:\WINDOWS\system32\rtutils.dll
    rasman.dll 0x76E50000 0x12000 C:\WINDOWS\system32\rasman.dll
    TAPI32.dll 0x76E70000 0x2F000 C:\WINDOWS\system32\TAPI32.dll
    Rasapi32.dll 0x76EA0000 0x3C000 C:\WINDOWS\system32\Rasapi32.dll
    DNSAPI.dll 0x76EE0000 0x27000 C:\WINDOWS\system32\DNSAPI.dll
    WLDAP32.dll 0x76F20000 0x2D000 C:\WINDOWS\system32\WLDAP32.dll
    CLBCATQ.DLL 0x76F90000 0x7F000 C:\WINDOWS\system32\CLBCATQ.DLL
    COMRes.dll 0x77010000 0xD3000 C:\WINDOWS\system32\COMRes.dll
    OLEAUT32.dll 0x770F0000 0x8B000 C:\WINDOWS\system32\OLEAUT32.dll
    comctl32.dll 0x773A0000 0x103000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    ole32.dll 0x774B0000 0x13D000 C:\WINDOWS\system32\ole32.dll
    NTMARTA.DLL 0x77660000 0x21000 C:\WINDOWS\system32\NTMARTA.DLL
    VERSION.dll 0x77BD0000 0x8000 C:\WINDOWS\system32\VERSION.dll
    msvcrt.dll 0x77BE0000 0x58000 C:\WINDOWS\system32\msvcrt.dll
    msv1_0.dll 0x77C40000 0x23000 C:\WINDOWS\system32\msv1_0.dll
    ADVAPI32.dll 0x77DA0000 0xAA000 C:\WINDOWS\system32\ADVAPI32.dll
    RPCRT4.dll 0x77E50000 0x92000 C:\WINDOWS\system32\RPCRT4.dll
    GDI32.dll 0x77EF0000 0x47000 C:\WINDOWS\system32\GDI32.dll
    SHLWAPI.dll 0x77F40000 0x76000 C:\WINDOWS\system32\SHLWAPI.dll
    Secur32.dll 0x77FC0000 0x11000 C:\WINDOWS\system32\Secur32.dll
    MSVCR80.dll 0x78130000 0x9B000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    MSVCP80.dll 0x7C420000 0x87000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
    kernel32.dll 0x7C800000 0x107000 C:\WINDOWS\system32\kernel32.dll
    ntdll.dll 0x7C910000 0xB7000 C:\WINDOWS\system32\ntdll.dll
    USER32.dll 0x7E360000 0x90000 C:\WINDOWS\system32\USER32.dll
    SHELL32.dll 0x7E670000 0x821000 C:\WINDOWS\system32\SHELL32.dll


    Stack:

    0 fltMgr.sys fltMgr.sys + 0x1888 0xb9eeb888 C:\WINDOWS\System32\Drivers\fltMgr.sys
    1 fltMgr.sys fltMgr.sys + 0x32a0 0xb9eed2a0 C:\WINDOWS\System32\Drivers\fltMgr.sys
    2 fltMgr.sys fltMgr.sys + 0x3c48 0xb9eedc48 C:\WINDOWS\System32\Drivers\fltMgr.sys
    3 fltMgr.sys fltMgr.sys + 0x4059 0xb9eee059 C:\WINDOWS\System32\Drivers\fltMgr.sys
    4 ntkrnlpa.exe ntkrnlpa.exe + 0x18095 0x804ef095 C:\WINDOWS\system32\ntkrnlpa.exe
    5 ntkrnlpa.exe ntkrnlpa.exe + 0x6986c 0x8054086c C:\WINDOWS\system32\ntkrnlpa.exe
    6 ekrn.exe ekrn.exe + 0x48c4e 0x448c4e C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
    7 ekrn.exe ekrn.exe + 0x16891 0x416891 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
    8 <unknown> 0xa63a1f 0xa63a1f
    9 <unknown> 0xac9400 0xac9400


    I have already checked my disks with NOD32, Spybot, AVG-Anti Rootkit Free and booting from Linux CD and checked again with AntiVir and Bitdefender. No malware was found.

    The files ekrn.exe wants to access exists on my hard disk and I can edit them, e.g. C:\Programme\Wireshark\services.

    Could somebody tell me was this is all about ?

    Regards,
    Alexander
     
Thread Status:
Not open for further replies.