Data Execution Prevention and the hard drive

DEP won't let me open my hard drive using windows explorer or the my computer link. However It is quite happy to let me use the save and open feature of windows programs to look at my hard drive.

There was a post over 60 days old on this issue, it suggests that I change the DEP settings to 'off'. However in my Control Panel there is no 'off' there is only 'everything' or everything except 'x' and 'y'.

Moreover I could just add Windows Explorer to the DEP ignore list, but if data is attempting to execute itself from a part of the Hard Drive that shouldn't be executing anything then I am very wary of just opening windows explorer to see what happens.

It is of course also possible that I am over estimating the proficiency of DEP and it's just taken a dislike to my hard drive.

 

Looks like virus to me & DEP is only doing its job. Suggest that you update your antivirus/antispyware and scan the system (full scan) both in normal & safe mode.

 

I checked that already. I've virus checked twice a week since I've had this PC and the only virus I had was set to execute on an exploit in Winamp (and I don't have Winamp so it would never have activated). Could it be a rootkit attack?

 

There's info here as to how you can turn DEP off if you desire.

A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003

 

Well Zander, even if you could & did turn off DEP, what's the basic problem? Any guesses?

 

Hello spudule,

Missing the history:

When did this start happening, meaning after software additions - sites visited - download of any files and so on?

Are you prepared to re create your system: do you have your user data backed up - have a way to re install the OS or get back to a state before this? This may be a problem with the way DEP is interacting with the system, this is why some background is important, to try to make a judgement.

If you've scanned the system with virus checkers and found none, then scan the system with the following:

http://www.resplendence.com/hookanalyzer scans for apps that have Kernel hooks in your system. Legitimate apps do create hooks, ZoneAlarm does.

http://www.sysinternals.com/Utilities/RootkitRevealer.html Rootkit analyzer from sysinternals. Do read the instructions and documentation for this.

Regards - Charles

 

No, not really. There's really not enough info provided to make a guess. What happens when explorer or my computer is opened? Any error messages, or does just nothing happen? What makes you believe DEP is the cause of the problem (although, this could be determined by turning it off).

From my limited understanding of DEP, I find it kind of difficult to believe that you can be denied access to an entire drive in windows explorer because of it. From what I understand about it, it has more to do with protecting memory addresses, not hard drives.

I find it odd that My Computer and Explorer won't open but the save and open dialog boxes do. Either way you're accessing the file system. If you were somehow being blocked from accessing it, I wouldn't think they would work either. Or, maybe I'm guessing wrong here and they do they open in this case but don't show anything when opened? As I said, a little more info is needed.

 

Well my point exactly. DEP was developed to stop the bad guys & here its stopping everything. May be Explorer is corrupt or some dll file has been overwritten.

 

My point is, how does spudule know it's DEP causing the problem? Is there an error message saying so? If so, what is it?

 

A very wild guess - I think so. Never heard of anything like this before - upto this time.

 

I think we're on the same page now.

 

At last.

 

OKay guys sorry for the late reply. I think we're dealing with seperate time zones here and I've been at work all day.

Thanks for the useful threads. I am investigating them right now.

Okay. I've taken a screen dump of the situation, but as I don't have any web space I can't show it to you.

The symptoms in short: I Run Windows explorer or click on C: or D:. The window opens, but without any information. ie the program only calls a blank window. Then DEP says that to help protect my computer windows has closed the program.

In Task manager There is an icon of a folder called myhddname (C: ) the status is not responding.
There is an icon for DEP...which is running.
Then there is an icon of the hard drive called myhddname (C: ) (Not Responding) and the status is not responding.

(For clarification there are 3 windows open. 1 is Task Manager. 2. is Acer (C: ) (Not responding) (which has the icon of the hdd not the folder) and 3. DEP telling me things I don't want to hear about closing my software

(Clarification for Zander: The save and open dialogs do show information)

I did opt to send Microsoft the information as per the crash tool in XP, but as DEP is closing Explorer I don't get to see the feedback (I have never had any helpful feedback before from using the feedback funtion, but I live in hope)

I am not too happy with ignoring DEP until I know why it is doing this. I am going to work round the problem to the best of my ability before just toggling the software that is telling me something I don't want to hear.

...WiFi router has gone down, decide to experiment...

Okay forget working round it. I turned DEP off for windows explorer (if DEP is a memory checker not an HDD checker then what's the big deal).

I open c: fine. I then turned DEP back on (for everything including explorer) and it had no problem loading explorer. Except now, if I go to the My computer shortcut menu, all the usual suspects are present, then for a second two new entries called ( empty ) are shown then they disappear... I just so happen to have 2 linux partitions on my hard drive. Is explorer now detecting these and not being able to read them (hence the empty) If so why is it doing it now?

In what I think is a conclusion: DEP went nuts, i toggled it off then on again, restarted windows and it worked again...or... my PC has been invaded

 

Thanks for telling me DEP has nothing to do with the hard drive. I was under the impression that something was trying to load itself from my hard drive and DEP was on the case. As DEP only deals with memory then as long as there's nothing in my boot or registry on startup and there's no virii on the hard drive then there should be no problem with memory, but we all know windows software can get buggy and unresponsive and all you can do is reset what needs reseting and restart the computer.
Sorry for dressing it up as such a big problem, but you don't know these things at the time do you...

 

thanks for the helpful response. The DEP error hasn't gone away as I thought it had so I will investigate. I am glad you showed me this post anyway, because I am not too happy when substandard software adds itself to explorer without my permission... As it has in the case of my PC. Even if this is not the cause of my problem (which it may well be) then I will have learned something valuable. Thanks again

EDIT: I have just checked out windows debugger and the shell ex viewer. What fantastic bits of kit. No offence to the rest of you, but that last post was excellent. I really appreciate being given those links, because although I'm smart when it comes to PCs, I'm a complete village idiot when it comes to finding stuff. The Debug software especially looks like a good jumping off point for a deeper analysis of my system... d-(^ ^)