Advice Request Buffer overflow of LogonUI (Win 10 22H2) is a sign of attack, right?

[Victor M]

Hi fellow Malwaretipsters,

Is a buffer overflow warning for LogonUI a sure sign of an attack? I installed BitDefender Total but rebooting got me a bluescreen, there is no way to get back into Windows. So I reluctantly re-imaged from golden image. But when I boot up after the re-image, I got a buffer overflow warning from Windows for LogonUI. This looks to me like a sign of attack, stemming from my installation of BitDefender. Maybe the initial download of BitDefender duing setup something slipped in beside it. And the malware managed to persist after a re-image, and needed access to my system again. So it buffer overflowed LogonUI, which is run by System.

So I zero filled the SSD and re-imaged again. No more funny warnings this time around.

 

[Andrezj]

Hi fellow Malwaretipsters,

Is a buffer overflow warning for LogonUI a sure sign of an attack?

no, buffer overflow logonui notification from windows itself, it has been reported as issue on windows 10 over years

 

[Ink]

Maybe the initial download of BitDefender duing setup something slipped in beside it. And the malware managed to persist

Not all things related to malware.

 

[ItsReallyMe]

I get buffer overflow every day because of Hitman Pro Alert

 

[Victor M]

A month ago, I was installing AVG Free. When the install finished and it began a first scan, it found malware in memory and cleaned it.

Thus I am thinking it's more of the same again this time.

 

[Andrezj]

A month ago, I was installing AVG Free. When the install finished and it began a first scan, it found malware in memory and cleaned it.

Thus I am thinking it's more of the same again this time.

how do you know it was not a false positive, if not false positive how are you getting infected so often?
i bet you install\uninstall a lot of software, this behavior always causes problems - from infection to an unstable system or one with breakages

 

[Victor M]

Actually I install very little software. What I was doing back then, was that I restored from Win 11 golden image for reasons I have forgotten, and then decided to try AVG Free. The AVG episode may have been a false positive. After it 'cleaned' out the in memory malware, I left the machine alone ever since then. Then a week ago I bought a new laptop to run Win 10 because Win 11's Software Restriction Policy is kaput, and also because I need a 'reference' Win 10 machine to physically look at when I answer forum questions. As per usual, I installed, then hardened, then made a offline state golden image. I left the new machine alone for a week and then decided to install BitDefender Total because I have a 2 yr license.

I usually leave out installing an antivirus until I have hardened the machine and made an offline state golden image. That's because AV installations needs to be done online and there is a risk there. The risk being a) I sometimes have to turn off OSArmor, and b) I have to allow unknown bits and pieces of the installer to run on my machine, and some of those bits can be unsigned. c) thus you are running your admin account online, with your protections turned off and allowing 'unknown' software to run. If that is not risky, then I don't know what is.

Well, if the Win 10 LogonUI is a known Win 10 problem, and if the AVG episode is a false positive, then I am not being attacked and it's just paranoid old me. Every time when things don't work as usual I blame hackers and try to beef up my defences. That's my version of 'assume compromise'.