Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: SFC Warning

20 May 2013   #11
tom982

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Thanks tom982!

This stuff is spreading like wildfire. There is work being done on it, but not sure as to whether a solution is yet found.

Like you mentioned, it symbolically links files associated with Windows Defender and/or MSE, and there are a couple of tools being used to detect and remove the junctions, but have not seen the final solution. Have you?
Nope, it's above my pay grade I'm afraid


My System SpecsSystem Spec
.
20 May 2013   #12
cottonball

Windows 7 Home Premium
 
 



Your pay grade and mine = 0!!!

Fortunately, some with higher paygrades solved the issue.
My System SpecsSystem Spec
20 May 2013   #13
cyrilhubert

Windows 7 Home Premium 64bit
 
 

Thanks for telling. My laptop was hit by ZeroAccess. MSE failed to scan when hidden folder was scanned and scanning stopped as Not Responding. SFC reported Windows Resource Protection at 21% then 19%.Elevated to run as administrator still failed and used startup repair command prompt same result. No choice but to reformat and execute clean installation Windows 7 again.
My System SpecsSystem Spec
.

20 May 2013   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

So in a 'nutshell' C++ fails on MpEvMsg.dll > Client Security kernel-mode mini-filter, which gives/allows buffer overflows and exploitation... this would be a 'pointer' not a 'referrence'.

Quote:
References cannot be null, whereas pointers can; every reference refers to some object, although it may or may not be valid
Just trying to get the basic understanding of this too. It all goes back to inadequate security, not updating Windows (and other vulnerable programs, such as Java and Adobe) and taking chances with file sharing (P2P).
My System SpecsSystem Spec
21 May 2013   #15
tom982

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
So in a 'nutshell' C++ fails on MpEvMsg.dll > Client Security kernel-mode mini-filter, which gives/allows buffer overflows and exploitation... this would be a 'pointer' not a 'referrence'.

Quote:
References cannot be null, whereas pointers can; every reference refers to some object, although it may or may not be valid
Just trying to get the basic understanding of this too. It all goes back to inadequate security, not updating Windows (and other vulnerable programs, such as Java and Adobe) and taking chances with file sharing (P2P).
Thanks for the update, Jacee


Whilst the security software plays a large part in this, quite a lot of the onus is on the user in the first place. As far as I know this variant doesn't come with any form of exploit and requires the user to elevate the program by accepting the UAC prompt - but they've disguised this by loading their dodgy dll under an installer for Adobe Flash Player so the UAC prompt says that Flash wants to elevate, not the ZeroAccess dropper.


If a website ever says you have outdated software, be sure to check this yourself from the vendors website and don't download the file they are offering!
My System SpecsSystem Spec
22 May 2013   #16
sygnus21

Windows 10 Pro
 
 

I found this thread very interesting as I'm not as savvy when it comes to the inner workings of Windows. As someone mentioned, this is above my pay grade (for now). But it is a fascinating read, and something to learn about.

That said, this caught my attention...

Quote   Quote: Originally Posted by tom982 View Post
If a website ever says you have outdated software, be sure to check this yourself from the vendors website and don't download the file they are offering!
I was doing a Google search for something and ran across a site that piqued my interest. Normally I watch what site I enter, but the article got the better of me. Anyway I clicked the link, and was greeted with a "Your Flash" isn't working, click here to update". Well me being the suspicious type, and knowing my Flash was working, I ignored it. A few hour later I'm looking at this tread and see the above quote

Thank god for my intuition, and knowing my system!

So yes, keeping your programs, including Windows updated can avoid such problems. I get in arguments about this all the time, but some have the attitude of "if it ain't broke, don't fix it.

Anyway thanks for the info.
My System SpecsSystem Spec
22 May 2013   #17
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Sygnus I have found lately there are a lot of sites which pop up a window saying My Flash Player is out of date. I always ignore them too.
My System SpecsSystem Spec
22 May 2013   #18
sygnus21

Windows 10 Pro
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Sygnus I have found lately there are a lot of sites which pop up a window saying My Flash Player is out of date. I always ignore them too.
Some could be legit, but this is where knowing your PC and your (updating) habits comes into play. I'm pretty obsessive about keeping my stuff updated so when that one popped up it just made me think.

Anyway I don't want to hijack the thread, I just wanted to add that little tid-bit.

Peace
My System SpecsSystem Spec
22 May 2013   #19
x BlueRobot

 

Quote   Quote: Originally Posted by Jacee View Post
So in a 'nutshell' C++ fails on MpEvMsg.dll > Client Security kernel-mode mini-filter, which gives/allows buffer overflows and exploitation... this would be a 'pointer' not a 'reference'.

Quote:
References cannot be null, whereas pointers can; every reference refers to some object, although it may or may not be valid
Couldn't this BSOD potentially also occur from stack buffer overruns?

STOP 0x000000F7: DRIVER_OVERRAN_STACK_BUFFER ~ BSOD Index
My System SpecsSystem Spec
22 May 2013   #20
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Is the faulty symlink always MpEvMsg.dll, or is this just an example?

In case it's always MpEvMsg.dll:
  1. delete the symlink
  2. reinstall microsoft security essentials
Of course this doesn't remove ZeroAccess, but fixes the SFC problem(?) Or is this not the whole story
My System SpecsSystem Spec
Reply

 SFC Warning




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
A warning!!
Don't know if anyone has come across the site called RemoveVirus.*** and I haven't put the link in just in case it's a threat itself. But it goes on for several pages of security suites that have GUI's that look awfully similar to ones we use - one looks very much like the Kaspersky ISS and...
System Security
Warning!
What's this?please help.
General Discussion
Anybody else getting this warning?
So I'm going to check my email this morning and I get this warning page. I go to Comcast.Net several times a day to check my email and this is a new one to me, I've gotten this page before but usually from a site I haven't been to before. I'm just wondering if anyone else has gotten this warning...
System Security
Warning about IEPro 2.4.7 !
hi ! IEPro is a nice program that adds some improvements to Internet Explorer, like fx. DNS-prefetch. but a warning about IEPro 2.4.7: it comes with "ASK-Toolbar" !!! for those who doesn´t know: ASK-toolbar is considered a security risk by experts ! after installing IEPro as admin, i...
System Security
Win 7 rc Warning????
This is just odd. It has happened twice now. First on my x86 pc and just now on my Studio xps laptop. Windows action center alerts me to the fact that I do not have the most recent ,up to date version of Firefox. I do. 3.5.2 as well as the latest flash. I was thinking that I might as well install...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App