I got up this morning, went to the computer, and found an error message saying that a file had a problem and needed to be closed. What’s strange is that it is a long file name containing a bunch of random letters. Here are the contents of the error report from “Problem Reports and Solutions”:

“Problem Event Name: BEX
Application Name: 067d4483-49e5-4d33-ab51-5d8d67b5e55d.exe
Application Version: 0.0.0.0
Application Timestamp: 5130c325
Fault Module Name: StackHash_fd00
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 00000000
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160”

I opened Avast, and it showed that that file was the last thing that the Behavior shield scanned, but didn’t find it suspicious. The file was in the Windows\Temp directory and is no longer there. I did a full Avast scan which didn’t find anything either. If this isn’t wasn’t a virus or hacker attempt of some sort, what kind of normal program has an executable file name like that?

I am using Windows Vista Home Premium and the latest Avast.

Did you just get a windows update or update another programme ?

Not as far as I know. I just woke up and the file crash error was on the computer. As far as I know, I didn’t get any new Windows updates today, unless it was some sort of stealth update.

BEX is a buffer overflow error and is part of windows DEP protection

How is the computer behaving anything untoward ?

The computer seems to be behaving fine.

I just checked the Event Viewer to see what Tasks may have been performed at the time of the crash, which was 6:50AM. At that time, there was an Avast emergency update due to a time trigger condition, but it also says that the task was completed.

I don’t know if that is related or not.

Hmm just looked through my logs and there were no untoward events

Do you have any minidumps at C:\windows\minidump ?

I just checked that directory and I see three dump files. It looks like 02/10/2012 is the most recent that these were modified.

I wonder if this was some buffer overflow exploit attempt that Microsoft hasn’t patched yet.

It may have been as it was DEP that stopped it

Could you upload the last two minidumps to a file sharing site for me to collect and look at

Would the minidumps have any new information? One says it was last modified on 02/10/2012, and the other says it was last modified on 02/03/2012. And there is a third that was last modified in 2011.

I’ve never had an issue like this in the almost five years I’ve been using Windows Vista. But since switching from XP to Vista, since it is so security intensive, I’ve always relied on its own Firewall rather than installing a separate Firewall. Maybe it’s time to install another Firewall.

If you wish I can check the system out for you

Unfortunately I don’t have Avast remote assistance installed, because I thought that it could be used as an exploit. If you need it, I could install it real quick.

We can do it via the forum just as easily

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Here are the two log files. Thanks for the help!

Both logs show clean with no anomalous software or registry entries at all. Nor any critical errors on the event report

Okay, thanks. It may have been nothing then. At least I can be fairly confident there is no malware.

Another option is that it could have been a windows defender update

It’s possible.

I have Defender turned off, but it still might update.

Could also have been an avast! emergency update. (I received one today.)

According to the Task Scheduler log, the Avast emergency update happened at 6:50AM which is the same time that that weird file stopped working. But it also said that the task completed. Strange.

This happened again this afternoon. New file name.

“Problem Event Name: BEX
Application Name: fb0b1946-351e-4aca-a422-79614bd0971d.exe
Application Version: 0.0.0.0
Application Timestamp: 51348652
Fault Module Name: StackHash_fd00
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 00000000
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160”

I checked TaskScheduler in Event Viewer, and once again this happened the same time as an Avast Emergency Update. It must have something to do with the emergency updates.