PDA

View Full Version : Vista woes



Edward Elrich
July 21st, 2008, 12:51 PM
Recently Data Execution Prevention (a.k.a. the security feature from hell) started closing Windows Explorer whenever I open a window to view files, but works perfectly fine from any "Brose..." dialogue (such as saving a download, opening a file in a program, etc.) I ran a virus scan and got nothing, it claimed the computer had no problems. (I'm using Norton, because that's the piece of crap my parents put on this thing.) I haven't downloaded anything strange or suspicious at all, so that's not the cause.

I know reinstalling Windows is one option, but it's one of last desperation for me. And disabling DEP is out of the question too.

Zeph
July 21st, 2008, 03:09 PM
edit: Didn't really read what you said the first time.

What's happening is Windows trying to preview the files you have with a screenshot of either one of the first frames or something towards the middle.
Data Execution Prevention (the best security feature since malicious code was introduced into images and movies that took control and gained superadmin simply by opening the folder it was in) sees that the file is accessing data on the hard drive and blocks it. There's nothing you can do about it besides viewing things in detailed form instead of thumbnails. Well, you could turn off DEP and actually have the thumbnail feature work.

Edward Elrich
July 21st, 2008, 06:44 PM
The problem is this is occurring right as the window opens, meaning I don't even have the time to go and try to turn off thumbnail previews.

Zeph
July 21st, 2008, 06:47 PM
Open my computer, switch to detailed view there, and then navigate to said folder.

Warsaw
July 21st, 2008, 06:53 PM
Doesn't Windows recognize different sections for different parts of your computer? I have detailed list for my Temporary folder, and when I get to pictures, it turns to film strip, and when I go to Programs, it turns into tiles.

Edward Elrich
July 21st, 2008, 06:54 PM
Yeah, the thing is immediately upon opening "My Computer" it says "explorer has stopped working." I don't even get to see the option to switch to detailed view.

Warsaw
July 21st, 2008, 06:55 PM
My suggestion to you is to turn off the DEP, change to a detail view, and then reactivate DEP.

Edward Elrich
July 24th, 2008, 12:47 AM
Fixed it, turns out resetting internet settings fixed it. (Maybe it was that stupid MyWebSearch toolbar in that cursor pack my sister downloaded...)

Zeph
July 24th, 2008, 01:11 AM
Fixed it, turns out resetting internet settings fixed it. (Maybe it was that stupid MyWebSearch toolbar in that cursor pack my sister downloaded...)

.......

Phopojijo
July 25th, 2008, 03:44 AM
Who wants bets he has a trojan or rootkit? Anyone? Free Cursorpack and Searchbars are not free :( They either kill you with ads, install viruses to kill you with ads, install viruses to hijack your computer to send spam email/spread viruses, install viruses to coralle your computer into a DDoS-on-command zombie... whatever.

Norton can't detect a virus if it's got a higher administrator privilege rating than it and you do :(

DEP is there for a reason. Most viruses infect systems by playing with your RAM.

(VERY simplified example)

Let's say a program allocated 800KB for an image.

Lets say someone knows the next 8KB of memory will be the image processing code.

Lets say someone knows the program doesn't check whether or not an image is less than 800KB.

Lets say someone makes an 808kb image... but puts in the last 8KB... code to install a virus.

Lets say you load the image with the said program.

The program will load the 808KB image into the 800KB buffer -- overwriting the 8KB image processor... and then run the 8KB image processor. Oh wait -- it's been overwritten by the image and is actually code to install a virus. Now you got a virus :(

One thing DEP does is it TAGS memory as Data or Execute at the CPU level. So let's redo the scenario.

You load the image with the said program.

The program loads the 808KB image in the 800KB buffer and overwrites the 8KB image processor... then runs the 8KB image process OH WAIT IT'S TAGGED AS DATA! THAT SHOULDN'T BE IN THE EXECUTE STACK! VIRUS! CRASH THE PROGRAM IT'S A TRAP!!!

So yea, DEP is very useful... but it can throw some false-positives if this sort of thing happens, even if it actually was just a benign mistake. Quicktime Windows is king of this...

Patrickssj6
July 26th, 2008, 09:35 AM
^ This or That.

Edward Elrich
July 27th, 2008, 12:09 AM
Time to install Spybot S&D...

BTW everything works fine, DEP was just set to "alwaysOn" instead of "optIn" resulting in every last process being monitored and no way to change it except through bcdedit.exe...