Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: shellcode injection - buffer overflow atack

26 Feb 2010   #1

Windows 7 Ultimate x32
shellcode injection - buffer overflow atack

Hey guys, I wanted to share this with you and hear your suggestions/opinions about this:
shellcode injection - buffer overflow atack-capture4.jpg
"In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine...."
Shellcode - Wikipedia, the free encyclopedia

Cracker's Choice

"....Buffer overflow has become one of the preferred attack methods for writers of viruses and Trojan horse programs....
QuickStudy: Buffer Overflow
On Windows Server 2008/Vista computers, it reduces the protection level of the computer, as it modifies the level of the Mandatory Integrity Control (MIC), leaving it low..."

Scanned with Avast, didn't find a thing, Malwarebytes results were (scanned and with a-squared after malwarebytes, nothing):
shellcode injection - buffer overflow atack-capture-8-.jpg
Date spotted:
First seen on 2008-12-25.
Last seen on 2010-02-26.

Detection statistics:
This object is 0.05% of all objects detected.
1,403,342 instances detected worldwide.
Hiloti is a Trojan which downloads to the affected computer the adware detected as Lop.
Additionally, when users access through the Firefox browser certain websites related to search engines, they are redirected to malicious websites from which more malware will be downloaded.
What is Trojan Hiloti. Encyclopedia. Panda Security

Now, can that trojan be somehow connected with this buffer overflow attack, or something went wrong with defense+? Was reading on Comodo's forums, didn't find conclusive answer.
When clicked terminate (on the defense+ pop up window) was expecting explorer.exe to be killed, but nothing happened,hm.

The question remains, was the trojan responsible for that shellcode injection, defense+ got something wrong, randomly happened...?

Anyway, I've re imaged system partition, just to be on the safe side, I've lost 10-15 min of my time, it isn't that much I suppose (I've spent more time scanning then re imaging,huh) After that, I was still paranoid, so I've scanned again with Malwarebytes, and guess what? I don't have a clean image... So, for the conclusion, who ever reads this post, ALWAYS BEFORE CREATING IMAGE BE AT LEAST 100% SURE THAT YOUR SYSTEM IS CLEAN, ALWAYS.
P.S I apologize if the post is kind of too long, I just wanted to provide information

My System SpecsSystem Spec
21 May 2010   #2


does your pc get back to a healthy state? or it still haunted with that hiloti?
My System SpecsSystem Spec
21 May 2010   #3

Windows 7 Ultimate x32

Format, install browser, drivers, codecs, AV+malwarebytes+firewall+winpatrol+hosts file,office,burning sowftware+making CLEAN IMAGE, I'm just fine now And I still don't now was that comodo's defense+ warning caused by hiloti, or something else...anyway, no hiloti now.
My System SpecsSystem Spec

21 May 2010   #4


i thought its a ghost a virus that will never dissapear? scary
My System SpecsSystem Spec

 shellcode injection - buffer overflow atack

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Repeated stack based buffer overflow BSOD under Win7 x64
Hi all, I've been suffering from a huge number of BSODs over the last 3 weeks of so and am now running out of ideas to work with. I built my new system up around 3 months ago and everything was just hunky dory for a couple of months. However, around 3 weeks back I made the massive mistake of...
BSOD Help and Support
Youtube Videos, buffer and then stop or dont buffer at all
Hi all, I have a problem that is becoming increasingly irritating... Everytime i try to watch a video, for example a youtube video in awesomer webpage, the video starts loading, loads about 5-10% of the video and then starts playing. Then the video reaches the buffer, it stops for another...
Music, Pictures & Video
BSOD and Run-Time error '6': Overflow when antivirus scanning
My mom gave me an old laptop of hers, it's a Gateway M285-E running Windows 7 32-bit. At first I noticed that explorer wasn't working right, for instance, the entire C drive seems to be empty (except for two files) and some explorer windows are coming up without any words (see first screenshot),...
BSOD Help and Support
Shellcode Injection
About an hour ago I did an error check on my C drive. I had to restart my computer to do it and after it was done and I had logged back in Comodo Defense had blocked the application explorer.exe. I wasn't browsing the internet in FireFox yet. It said "this is typical of a buffer overflow attack"....
System Security
Virtual Machine Stack Overflow?
Hi all, I keep getting this error every time I log on to my Admin account. Strange thing is its happening to my laptop too...anyone know what it means? Thanks
General Discussion
Ghost Injection
Hey just read this. " Epic exploited two holes in windows 7 to gain access via a ghost remote injection and crash allowing complete control of the kennel will be releasing the two zero days in a few weeks once I've had my fun." Think it is possible.
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:46.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App