data execution preventions means really virus attack ?
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Security » data execution preventions means really virus attack ?
Sachin Naik @ 2nd Nov 12:48AM:
data execution preventions means really virus attack ?
last time windows displayed a message in a window with the title data execution prevention in which windows blocks the execution of some program, I was only running 3 scans on my pc at that time and suddenly this message got displayed, so till now this message has appeared thrice but I don’t remember why it had appeared 2 times before i.e some 4 months back
my antivirus scan do not detect anything, but my MBAM had detected only one threat named as adware.ADON and later it did not detect anything
so am I infected by viruses I mean is windows data execution prevention message meant only for protection from virus attacks or it could even be because of some system mistake
reply
tomazyk @ 2nd Nov 03:26AM:
Re: data execution preventions means really virus attack ?
Data execution prevention is Microsoft's feature which help to prevent damage from viruses. You can read more here:
»support.microsoft.com/kb/875351/en-us
You said you were running 3 scan at the time. Did you run all three at the same time? If so, then that could also be a reason. I suggest you to run one scan at the time.
If you think you got infected follow rules on this site: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance and then post HTJ log here: »Security Cleanup
reply
Sachin Naik @ 2nd Nov 09:04AM:
Re: data execution preventions means really virus attack ?
actually i know whats DEP, but the reason why i have posted this topic is because I wont to know whether DEP can also be sometimes false positive like AV's or is DEP always correct
and yes i was running 3 scans at one time, they were avg, MBAM and eset online scanner full scans
The reason why i would not like to post in security clean up forum is because i am not completely infected by threats and if i post anything then i will have to download so many softwares like ad-aware and update them and its presently not possible
so do u think i am infected only because of that DEP (Data Execution prevention) message
reply
dave @ 2nd Nov 09:14AM:
Re: data execution preventions means really virus attack ?
A (hardware) DEP exception means something tried to execute code out of a data-only page.
You cannot determine whether the attempt was deliberate or accidental (a bug). If deliberate, you cannot determine whether it was malicious or misguided. All you know is the CPU fetched an instruction from a non-instruction location.
DEP is always correct or else your CPU is broken.
Someone's interpretation of what DEP means may not always be correct :-)
reply
OZO @ 2nd Nov 03:34PM:
Re: data execution preventions means really virus attack ?
No, it doesn't. It could, but it doesn't.
Some programs use it for their benefit. Do you need example? DVDFab, HD Tune, MagicISO Maker, etc. Some of the programs may use self extracting techniques (code is packed in file and extracted in memory to run). While it could be debatable (is it a good thing or bad) common programs may use it.
As you've mentioned - you know what DEP warning means. It happens at execution time. You can't find program that use it by scanning executables (at least I don't know such scanners), no matter how many scans you do.
--
Keep it simple, it'll become complex by itself...
reply
dave @ 2nd Nov 06:57PM:
Re: data execution preventions means really virus attack ?
(Was your reply really intended to be a reply to me?)
With respect to programs that need to make code on the fly and execute it - they're essentially covered under my case of 'programs with bugs'.
What such programs should do is to allocate memory for which execution is permitted (it's just a single flag on the VirtualAlloc function), and then create new code in there. But if they were written prior to DEP, they don't do that, and hence they get a DEP exception.
reply
KodiacZiller @ 2nd Nov 08:14PM:
Re: data execution preventions means really virus attack ?
said by Sachin Naik :
last time windows displayed a message in a window with the title data execution prevention in which windows blocks the execution of some program, I was only running 3 scans on my pc at that time and suddenly this message got displayed, so till now this message has appeared thrice but I don’t remember why it had appeared 2 times before i.e some 4 months back
my antivirus scan do not detect anything, but my MBAM had detected only one threat named as adware.ADON and later it did not detect anything
so am I infected by viruses I mean is windows data execution prevention message meant only for protection from virus attacks or it could even be because of some system mistake
Neither "DEP" nor the "NX" bit are for the prevention of viruses per se. It's true that they are often advertised as such (AMD used to call it virus protection), but that's only because it's easier to explain what DEP does in the context of viruses since most people aren't software engineers and have no other point of reference for understanding about memory regions, buffer overflows, etc. Essentially all DEP and the NX bit do is prevent certain regions of memory from being executable. This can be hardware enabled in 64 bit OS's (because typically only 64 bit CPU's have the NX flag) and "emulated" in 32 bit environments (with PAE enabled kernels).
"DEP" is M$'s term for what is otherwise known elsewhere as executable space protection (M$ always has to invent their own proprietary name for things that have been around elsewhere for years). M$ "borrowed" both DEP and ASLR from open-source software projects who had been working on the technology for Linux and the BSD's. The PaX project first got ESP/ASLR working on Linux around 2000-01 and M$ got the ESP technology put in Windows XP SP2 a few years later. It wasn't until Vista that M$ finally put in ASLR.
reply
OZO @ 2nd Nov 09:15PM:
Re: data execution preventions means really virus attack ?
Sorry, I hit wrong button :) Of cause it was reply to OP's original question.
--
Keep it simple, it'll become complex by itself...
reply
Sachin Naik @ 4th Nov 01:43AM:
Re: data execution preventions means really virus attack ?
@ everyone
OMG, so i think you all have proved that DEP is correct !
so somewhere some problem is there in my pc?
one more thing i dont know whether i have to mention the following things or no, but still i have mentioned
a day back before DEP message, my power supply had gone, becoz of which i wasn't able to boot then i replaced my power supply with a new one when the technician told me after testing
and now my mouse pointer also seems to be moving slowly on screen from a position till the edge of the screen even though there is no net connection and of course automatically and after doing a google search i found out that this is normal in the case of optical mouse as some of them are poor as the one i am using, i hope thats not a virus
I ran a full scan using avg, mbam, eset online scanner, super anti spware, spybot sd they dont detect anything so from where is this virus attack coming from, well thank god that the DEP message did not appear again but still what guarantee that the DEP message wont appear somewhere in future becoz till now it appeared 3 or 4 times (i.e. is in the entire 1 year) or is my cpu not functioning properly?
or i need not worry about these things
reply
dave @ 4th Nov 12:17PM:
Re: data execution preventions means really virus attack ?
I think the first lesson is "just because your PC is doing something weird, it doesn't mean you're being attacked".
Apropos the DEP popup - well, the important question is, what program?
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC