Driver overran stack buffer Windows 10

Hi,

Welcome to Microsoft community, the best place to get resolution for all Windows related queries.

From the issue description, I understand that you get blue screen error with the error message "DRIVER_OVERRAN_STACK_BUFFER".

Could you answer few questions to assist you further.

1.      What is the make and model of the computer?

2.      What are the hardware specifications of the computer?

3.      Have you installed any third party security software on the computer?

4.      Are all the drivers updated?

5.      Have you made any recent changes on the computer?

6.      Have you connected any external devices to the computer?

BSOD Error DRIVER_OVERRAN_STACK_BUFFER indicates that a driver has overrun a stack-based buffer.

 Parameter. A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. Basically the driver overran its local variable.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

I would suggest you to post the minidump files using skydrive. Go through the link and check for the suggestion given by “ZigZag3143, MS-MVP” to know how to post the minidump files.

Here is the link for your reference.

http://answers.microsoft.com/en-us/windows/forum/windows\_8-system/system-service-exception-in-windows-8/b8943eb6-52f6-45d5-8956-d41f62a40453

You need to upload the minidump files in the following link.

Use SkyDrive to upload collected files and post screen shot/picture.

http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65

Reference:

Bug Check 0xF7: DRIVER_OVERRAN_STACK_BUFFER (Windows Debuggers)

http://msdn.microsoft.com/en-us/library/windows/hardware/ff560389(v=vs.85).aspx

Hope it helps. For any windows related queries feel free to get back to us any time.

Regards,

Hello? Anybody on the job?

Old uninstalled antivirus, not removed with the mfg tools, will make Windows nuts.... If you have used the mfg removal tools, and you still think something is off.  

Uninstall the current Norton with tools as described above and reinstall it with the current version of what you want to use, or use Windows Defender, after using the mfg tools, and see if the stability returns.

See if the (3) tools at bleepingcomputers (see previous post) find anything....only get the tools, never click on ads.  

Also, check with malwarebytes, to see if it finds things making windows crazy.

Make sure in Malwarebytes the 'Scan for rootkits' box is checked-> Settings-Detection and Protection.

Have your FileHistory Backup up-to-date, in-case you have to do a reset at a later date, or when next, you get another computer, it will be easier to restore your files.

If viruses were found with norton, please look them up at the norton website, to see the consequences.

https://www.symantec.com/security_response/landing/azlisting.jsp

If you think it is system related 

you may want to try a disk check

right click 'C' drive, Properties (left click), 'Tools' tab, 'Check', scan.

while norton is uninstalled, you may also, want to try:  sfc/ scannow

https://support.microsoft.com/en-us/kb/929833

a blue screen is not always from a virus.  but it is good to make sure. the tools are fast. and it will help you make sure your data was not comprimised.

***Pre-installed or user previously installed antivirus may inhibit the current antivirus, use the mfg removal tools to completely remove them, if they were every on your system.***

Use the mfg removal tools to completely remove them, after running the uninstall in Programs and features see:

https://service.mcafee.com/FAQDocument.aspx?id=TS101331

(MCPR is 1/2 way down the page)

or

Norton Removal tool at:

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

For AVG removal see:

http://www.avg.com/us-en/utilities

in addition to the removal tool for your version of AVG.

Use the 'AVG Identity Protection Remover'

List of anti-malware product removal tools

http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/list-of-anti-malware-product-removal-tools/2bcb53f7-7ab4-4ef9-ab3a-6aebfa322f75

If you are really infected, i suggest some additional tools from bleepingcomputer :  http://www.bleepingcomputer.com/download/adwcleaner/ (the other two (2) suggested tools are on the bottom of the page), like rkill (1), jrt (2), and adwcleaner (3) (run all of them, in that sequence)(i put them on the desktop, and run them from there)(as administrator (right click)).  Uninstall adwcleaner, after running it and the system has rebooted, by opening the program, and choosing the uninstall button, or its quarantined files may set off your antivirus. The other tools from bleepingcomputer can be safely deleted, after running them; they are updated often, so the old versions are not necessary. After running the tools, if they found anything, you need to reset your browsers to default, then check for any unfamiliar plugin/addins within the browser. then run malwarebytes  again.

in a lot of instances,  you have to remove the malicious activity one layer at a time, so you may not want to delete the tools after the first run.

Run Malwarebytes (Free):

https://www.malwarebytes.org/mwb-download/

uncheck the box at the end of the install for trial, or convert to free at the end of the trial.

Malwarebyes is a good addition to your antivirus software. Make sure in Malwarebytes the 'Scan for rootkits' box is checked-> Settings-Detection and Protection.  Free means manual, so, you have to open it, and run it occasionally.

try geek uninstaller to uninstall programs that are unusual, it works on 32-bit and x64 programs (and it stays free)

http://www.geekuninstaller.com/download

only get the free version.

right click on the program in geek, will let you force uninstall, without running the apps native uninstaller (only use the force method, if the installed program is malicious, or will not uninstall normally). 

Try HerdProtect (free),  http://www.herdprotect.com/  ,be watchful of false positives, only remove unchecked items at the end (by putting a check in the box), if they reside in a temp type folder or you are sure about them, remember to run it again in a few hrs(per mfg instructions).  I generally uninstall HerdProtect after a few weeks, as it's cache gets large fast.

Manually check for Windows Updates.

Make sure your FileHistory backup is up-to-date (right click start, control panel, FileHistory-Turn it On). (it requires a usb external harddrive (Windows 8/10 will, automatically, create the FileHistory folder on the usb drive, when FileHistory is turned On);  or network harddrive can be used (make a 'FileHistory' folder on the Network Harddrive to connect the app to).... If you keep things in non-standard places, make new Libraries, and add the folders to your custom Libraries. Check to see where quicken , printer scan-to folders, or any other user installed software is saving data.  (You can backup quicken/intuit programs to a OneDrive folder, but do not let database files reside in OneDrive;  although, they can be included in Libraries (and probably already are), they will not backup when open.  (some (other) databases can not be restored easily from raw data alone).

see:

http://windows.microsoft.com/en-us/windows-10/show-libraries-in-file-explorer

For additional protection from ransomware see:

https://www.foolishit.com/cryptoprevent-malware-prevention/

use free version only-

Okay thanks, but what do i understand from your post. Have you looked at my minidump file? You stated if i'm really infected, shouldn't you be able to tell if you've looked at the file?