Solved Generic Host Process for Win32 has encountered a problem

biggazdixon · 2011/05/08

I have dealt with the fake Total Security malware after seeing what to do on bleepingcomputer.com and realising I had all but one of the tools already on my system.

broni · 2011/05/08

Today I got something popping up every time I try to use the internet calling itself XP Total Security 2011
Click to expand...

It looks like you got reinfected.

I have dealt with the fake Total Security malware after seeing what to do on bleepingcomputer.com
Click to expand...

Update MBAM, run "Quick scan" and post fresh log.

biggazdixon · 2011/05/08

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/05/2011 22:30:46
mbam-log-2011-05-08 (22-30-46).txt

Scan type: Quick scan
Objects scanned: 164328
Time elapsed: 11 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/05/08

Good

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

...and Eset scan....

biggazdixon · 2011/05/09

I've been getting Update messages from Adobe recently but it never managed to successfully do it. I've gone with the Foxit Reader this time.
I'll do the Eset scan now.

biggazdixon · 2011/05/09

Again, after 3 attempts which just went back to the T&C after pressing start, I got 'Internet Explorer has closed this webpage to help protect your computer' wgich is what I got when I tried to update Adobe using the link you provided above. So no scan I'm afraid.

broni · 2011/05/09

Try Eset with Firefox.
If still no go....

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

biggazdixon · 2011/05/13

Sorry its taken a while, I've been away on business again at hotels with no free internet.

The scan ran on Firefox OK but wouldn't save a notepad file eve when I copied and pasted into it. The content of the result was as follows:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP838\A0218141.exe Win32/VB.ODU trojan

Hope that's OK!

broni · 2011/05/13

That Eset finding is located in one of your restore points, which we're about to reset.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

biggazdixon · 2011/05/14

OTR resulting log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gary Dixon
->Temp folder emptied: 4061660 bytes
->Temporary Internet Files folder emptied: 120255377 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61882016 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2596 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Gary Dixon
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05142011_195007

Files\Folders moved on Reboot...
C:\Documents and Settings\Gary Dixon\Local Settings\Temp\IadHide5.dll moved successfully.
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF8375.tmp not found!
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF8391.tmp not found!
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF87EC.tmp not found!
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF885C.tmp not found!
C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF897A.tmp moved successfully.
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF89BF.tmp not found!
File\Folder C:\Documents and Settings\Gary Dixon\Local Settings\Temp\~DF89DD.tmp not found!
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\Content.IE5\KRDK1RCK\md[1].htm moved successfully.
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\Content.IE5\CX2Q4NSA\st[4] moved successfully.
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\Content.IE5\B3UL9W2T\98859-active-generic-host-process-win32-services-has-encountered-problem-6[1].html moved successfully.
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\Content.IE5\4FB8YT9S\welcome[1].htm moved successfully.
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\Content.IE5\3IEQ5DJW\iframescript[1].htm moved successfully.
C:\Documents and Settings\Gary Dixon\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2011/05/14

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

biggazdixon · 2011/05/15

Hi,
sorry for the delay, I was distracted by dinner and the TV. I thought there was another download and scan to do so was waiting until I could concentrate on it I was but I was wrong!

My laptop is behaving very well, no issues really at all.

I want to thank you again for the help you have given, this is a really valuable service for the pc illiterate of us and I will certainly be making a donation to the website. It has made me wonder how one learns about all the ins and outs of windows, pc's and all that caper because otherwise, we buy these machines and are at the mercy of software designers, malicious or otherwise, because we don't know what goes on 'under the hood'

Thanks again, if I ever have issues in the future I'll be back and I'll certainly recommend the site to any friends should they have problems.

broni · 2011/05/15

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Generic Host Process for Win32 has encountered a problem

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Generic Host Process for Win32 has encountered a problem

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

biggazdixon Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches