Data Execution Prevention

[Guest]

I'm getting a series of DEP messages when I shutdown and restart my computer.
Actually the computer won't shut down or restart without being powered off.
When I restart I get the series of messages tagged with the time of shoutdown.

The message is as follows:

Data Execution Prevention - Microsoft Windows
In order to protect your computer windows has closed this program.

Name: Generic Host Porcess for Win32 Services
Publisher: Microsoft Corporation

When I close this I get a message with an option to notify Microsoft. This
message has a details button. When pushed another window opens with a
mini-dump. This window also has a details button. When pushed this brings
up a window with two lines.

c:\Documents & Settings\My ID\Local
Settings\Temp\Wer4b94.dir00\svchost.exe.mdmp

and

c:\.....\Wer4b94.dir00\appcompat.txt

I understand DEP is complaining because a program is attempting to send
something over the internet from my data space. Does anyone have any idea
how I can trouble shoot this and find out what the program is?

BTW. I have run Ad-aware and SpyBot and cleaned all spyware and malware
from my system. Norton AV doesn't find any sign of viruses.

 

[Guest]

My problem is similar.
Upon startup a Data Exeution Prevention window appears, stating Windows has
closed the program:

Generic Host Process for Win32 Services
Publisher: Microsoft Corporation

When closed, the window reappears.
I have run: Ad Aware, SpySweeper, Yahoo Antispy, a-squared (malware
remover), SpywareBlaster, Spybot, Norton Antivirus, F-Prot Antivirus, Avast
Antivirus, and AVG Antivirus, until clean.
I am running updated XP SP2, and wasn't able to pull up Generic Host Process
on the Mirosoft Update site.

Am I being too paranoid to wonder if it's safe to turn off the DEP settings
for this program? If I don't get an answer, maybe increasing my
antipsychotic medication dose will help!
-Confused-ious

 

[Dave]

dep is not about sending data over the internet. see:
http://support.microsoft.com/default.aspx/kb/875352
for more info. it is stopping a program from trying to run instructions out
of what is supposed to be its data segment. this should never happen in a
properly designed and compiled program. it is used by hackers attempting
buffer overflow exploits, they force too much data into a buffer and then
cause the program to jump to some location they have their code in, which of
course has to be in the data segment. so it could be that your system is
corrupted, or you have a virus or spyware that is not being detected, or
that you are being attacked and it is causing this protection to kick in.

 

[Guest]

Hi...I am have the same problem as Confused-ious. Should I be scared? I've
only been operating on this notebook with XP for two weeks and have all the
standard Norton anti-virus and spyware installed....is there anything I
should be doing????

Thanks, Jones

 

[Dave]

be afraid... be very afraid.

though i'm not sure just where to look. the generic host process handles a
bunch of misc services on the network i believe. i am wondering if the dep
message is really saying that you were being attacked from the network by
some kind of buffer overflow exploit and that it stopped the attack by
killing the process? do you have a firewall?? any other symptoms?? cough,
fever, chills??

 

[Guest]

I'm getting a similar error but at memory location "0x009296bc" regarding
svchost.exe.

I have the latest critical XP udpates, Norton Antivirus updates as well as
the Spybot updates.

I've also checked the file cksum (MD5) to verify its legitimacy per
http://windowsxp.mvps.org/svchost.htm ...and it is legitimate.

I verified that there is not an entry (possible trojan) in the
msconfig/startup for svchost.exe per
http://www.sysinfo.org/startuplist.php?filter=svchost

Still, I feel uneasy to have a Data Execution Prevention (DEP) exclusion for
svchost.exe. Any ideas?

--Ivan