"Runtime library" error?

[aelfheah]

Hi

I keep getting the following grey pop-up box, what does it mean and what should I do?;-

"Microsoft Visual C++ Runtime Library

Buffer Overrun detected!

Program:C:\WINDOWS\Explorer:EXE

A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated."

I have run AVG, SpywareDoctor and NoAdware, but this keeps popping up after a while.

Thanks

[JohnnyMalaria]

What it means:

The program (in this case, Explorer) has set aside a chunk of memory to store, say, the name of a file. Specifically, it has set aside a certain amount of memory but the name it is storing is too big for it and, as a result of trying to store the name, it is written over some other data.

What you should do:

Since it claims to be in Explorer.exe, you should make sure you have the latest updates for your operating system. If you look at the security updates that Microsoft, Apple and other companies issue, many of them are to fix these "buffer overrun" problems.

However, since Explorer.exe makes a lot of use of other programs, it may be that some other program is responsible for the problem. Does this seem to occur randomly or is there are certain thing that you do that makes it happen?

[aelfheah]

Hi Johnny

Can't think if I'm doing anything in particular, except using the net(Firefox), using Nero and opening my folders etc?

I, as an amateur, initially thought it was related to my folders?

[sanlyn]

The message refers to a "runtime library", which are Windows support files used by major applications like Explorer.exe. That executable program (Explorer, in this case, which displays your desktop, My Computer, Find and Save dialog boxes, etc.) will call on additional support files (usually .tlb, .dll, and so on) to perform certain tasks. Programmers write programs that call on these pre-coded routines, rather than re-invent the wheel every time they write a new program. The support files are called "libraries" because they are, in effect, big collections of pre-designed routines. The program feeds the library a routine i.d. and some specific values, the library routine performs the task, then the library routine returns an answer or result.

In this case, the routine is part of the Visual C++ library of support files. It is returning a message to say that it has been called by Explorer.exe to perform a task that will wreck something, and the task can't be performed.

Problem is, the message doesn't say whether the problem originated in Explorer.exe or in the runtime file. Windows and Visual C++ have thousands of such messages built-in -- many just don't give enough info to pinpoint the problem. Having worked with a bunch of these dogs, I'd say that some piece of software in your PC (it could be anywhere) that was programmed using Visual C++ has installed or requires an outdated/incompatible version of a C++ runtime file. There are literally dozens of these .tlb's on your machine. Or, an old version of Explorer.exe has somehow got into your machine (I doubt that the latter is the case, or you'd be having problems all the time all over the place, because Explorer.exe is used by almost every Windows application in the world, and at least one copy of it is always running on your PC at any time).

The other big problem with the message is that it doesn't identify the C++ runtime that originated the message. You can lookup that message on Miscrosoft's Knowledge Base (http://support.microsoft.com/search/Default.aspx). You might find one answer there, you might find 100. Mainly, you should keep track of exactly which program(s) you're using and exactly what step you're undertaking that triggers the message.

[aelfheah]

Thanks Sanlyn & Johnny for those gems of posts!

Everyone here's most helpful and knowledgeable!

I've since updated Windows and hopefully, that will be the end of it? 8)

Cheers

[mats.hogberg]

It could also be some malware disguising itself as explorer.exe - check the file properties to make sure it at least says "Microsoft Corporation" under Version->Company

/Mats

[src2206]

Do one thing, download HijackThis [please google to find the link] and run the tool. It will produce a log. Post the content of the log here and lets se what I can do for you.

BTW, its a free tool and it does not conflict with your existing AntiVirus software.

[sanlyn]

It could also be some malware disguising itself as explorer.exe - check the file properties to make sure it at least says "Microsoft Corporation" under Version->Company

/Mats

Mmm, don't think so. Malware doesn't "disguise itself" as Explorer, it always disguises itself via file cloaking of some sort. It can control your desktop, but it doesn't do it by running a phony copy of Explorer.exe; it does it by controlling Explorer's behavior, intercepting its outcalls and incalls, and by showing literally a full-fledged copy of the desktop and other dialogs that Explorer would otherwise display.

If malware actually could, somehow, get a phony copy of Explorer onto your machine, it could easily mimick the info you see in a file "properties" dialog and looks just like the real mcCoy. But that would be foolish for a serious malware deigner; it would be too easy to restore the correct file with Windows File Checker, thus wiping out the malware. Problem is, the file that actually loads the malware into your system starts at bootup before Explorer does and then removes or hides itself from the list of active processes as soon as it gets its dirty work going. So even if you "restore" Explorer, the malware reappears as soon as you boot.