WGUARD caused an invalid page fault in..FYI

Discussion in 'WormGuard' started by wyrmrider, Aug 3, 2004.

Thread Status:
Not open for further replies.
  1. wyrmrider

    wyrmrider Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    59
    Location:
    california
    happened twice but I did not save the first one
    if this is worth persueing I'll monitor more closely
    wyrmrider
    WGUARD caused an invalid page fault in
    module MSVBVM60.DLL at 017f:6600b444.
    Registers:
    EAX=049b151c CS=017f EIP=6600b444 EFLGS=00010202
    EBX=6610e470 SS=0187 ESP=0067fbdc EBP=0067fbf4
    ECX=015bf3ec DS=0187 ESI=015bf378 FS=58b7
    EDX=0000001e ES=0187 EDI=00000000 GS=0000
    Bytes at CS:EIP:
    f6 40 3c 01 0f 85 8f 22 01 00 8b 06 8b ce ff 50
    Stack dump:
    bff55836 00000000 ffffffff 011c3f84 012af118 00000000 0067fc30 660061b5 bff55836 00000000 ffffffff 00000000 00000020 0067f9c8 00000000 0067fc1c
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
  3. wyrmrider

    wyrmrider Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    59
    Location:
    california
    done I'll keep you posted
    installed tds-3 updated and
    good news scan did not find anything
    bad news still have my google addressbar error search hijack

    wyrmrider
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
  5. wyrmrider

    wyrmrider Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    59
    Location:
    california
    hi
    I dl the file and installed
    have not had problem reoccour

    If I check the box to enable "allow run the file anyway"
    how do save the setting I "installed" but next time it's back unchecked
    (or is this like ms performance tab in "manage your own cache??"

    yes I did mean google "Im feeling lucky" in ie or default I'm feeling lucky in mozilla

    I do not think hjt show anything
    trying to look at it now
    I'll post it up if I do(or do not find anything later)

    this is not COM.ORG
    behaviour is this
    if you type a neme in the google bar and it is correct you are taken directly to the "i'm feeling lucky" site

    if you misspell wildersecurity as a good exampel missing s
    in google you get "did you mean wilderssecurity"
    in I'm feeling luck or mozilla default address bar search

    a lot of script runs and site redirects
    and you get
    apps5.oingo.dom...keywordhere
    and are taken to a paid site or a phoney pay per hit search page

    I'm feeling lucky requires looser cookie settings than regular google
    but I think this thing is trying to install even nastier cookies or something worse
    The action is blocked with IE spyads (I think that who is doing it)

    another site taken to is dp.information.com whose host is blocked in my HOSTS

    If you are familiar with this get back to me
    or if you have any ideas
    or just keep your eyes open

    I can show you how the hijacker took me to
    SPYWARE KILLER
    while showing SPYBOT SEARCH DESTROY
    hope teamspybot can track it down


    tds-3 shows clean

    thanks for the tip

    wyrmrider
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sorry for not understanding your message.
    Can you try again, step by step please?
    I do have WormGuard and i do have google and i do occasionally use "i'm feeling lucky" but i don't understand what you're trying to explain.

    Which file or program triggers WormGuard to block it?
    Are you sure the file is valid and clean?
    What kind of alert does it give you?
    Where is the file located, on your system or a website?

    If you are in every sense absolutely sure the program or file you want to execute you could decide to exclude it from the warnings (allow always)

    If you mean when using the google bar itself WormGuard jump up with a warning there must be something wrong in some way. So best come with the exact warning WormGuard gives you.
     
Thread Status:
Not open for further replies.