Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host process for Win32, Search redirect - HELP, PLEASE!!!


  • Please log in to reply
3 replies to this topic

#1 ramonv

ramonv

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 21 January 2010 - 09:56 AM

Ok, I had the redirect problem, and have fixed it twice, but it won't stay gone. Yesterday, I ran Malware, SAS, and ATF (SAS & ATF in SAFE mode). This seemed to fix it, but this morning, I got the Host Process message, and then got the search redirects, and my pc pretty much froze up.
Is there a solution? If not...
Is there a site you recommend where someone can fix this remotely, for a fee, or where do you suggest I take my pc, if this can't be fixed easily at home?

Thank you very much!

BC AdBot (Login to Remove)

 


#2 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 21 January 2010 - 11:50 AM

Here is more detailed info on my problems and my pc...

First of all, I had been on my pc (WinXP SP3, IE8), and then left it on while doing other things around the house. When I came back, I noticed it was slow to respond, and acting funny. Then, my McAfee (provided by AT&T, with their DSL service) asked if I wanted to allow a registry change. I said "no", and had to block these changes several times. Then I got several messages saying McAfee had blocked and removed a Trojan. Well, no, apparently not. I saw the red circle with the "x" in the lower right corner, and a message appeared from it. I immediately recognized it as a fake error message. I minimized my browser windows, and saw that I had a bright green wallpaper, instead of the photo I used to have. So I ran Malware Bytes and Super Anti Spy. Both found things and removed them (no problem removing anything). Suspecting this was a nasty virus, I even deleted every cookie that SAS found, rather than leaving ones from sites I visit often. While these scans were running, I did other things around the house. Once, while checking on the status of the scans, I saw that 2 browser windows had opened, and gone to sites that I never heard of (not porn, just odd sites). After the scans were complete, and I had restarted, I opened a browser window, and looked at my history. I had visited 20-30 sites w/o my knowledge. I picked one site, and searched it. When I saw a search result that was from bleepingcomputer or symantec, I clicked on it. It took me somewhere else. I tried searching for something simple, like "dogs". It allowed me to go to the AKC site (a dog site), but only after briefly stopping at some other plane or boat site.

Also, at one point, I made the mistake of right-clicking on the "warning" window that had popped up, and selecting "close".
This caused the warning to change, and changed my wallpaper from bright green to dark blue.

So I knew I still had something wrong. I came to bleepingcomputer, and saw a link for ATF Cleaner. I downloaded ATF, saving it to my desktop. After downloading it, I ran it, restarted my pc, and everything seemed fine. I never started my pc in safe mode, by the way.

Yesterday, I got a message from my McAfee, saying it had blocked and removed a trojan, that had something to do with Adobe. Immediately after that, I got the redirect problems again, although w/o the green screen or fake security message this time.

I ran a Malware Bytes scan. It found a trojan downloader and a trojan and got rid of both. I ran SAS and ATF in safe mode. SAS found nothing but cookies, which I deleted all of. I did the SAS scan the way I saw it posted here, with just 3 things checked, and the rest unchecked. ATF freed up a bunch of space - don't know if it got rid of anything malicious. I also had done a McAfee scan, and it found and quarantined 13 trojans. After the final SAS and ATF scans, I had rebooted, and everything seemed fine, so I turned it off and went to bed.

This morning, I got the Generic Host process for Win32 message. When I ignored it, my browser locked up. When I clicked on Debug, I got the NT Authority\System shutdown message. I found that I was also getting the search redirect again, and when I tried to log into BC, it said there was no user with my user name.

Now my pc is barely working, and if I click ctrl-alt-delete, I see the task manager in my tray, but I cannot access it. The window does not pop up.

Edited by ramonv, 21 January 2010 - 11:51 AM.


#3 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 21 January 2010 - 06:58 PM

IT dept at my work says this fixed this problem on an employee's pc just by using system restore, and going back about 3 weeks. Will that really work?
I was reading about Hitman. Sounds like it works. Can it be downloaded to my desktop, or do I need to put it on a CD, using a different pc?

#4 ramonv

ramonv
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 21 January 2010 - 10:05 PM

Well, I downloaded Hitman Pro 3.5, and it appears my problems are solved.
Had to do the "shutdown -a" thing to keep my pc going long enough for the download and scan, but it seems to have worked. *fingers crossed*




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users