Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dual - google redirect and svchost.exe.mdmp shutdown


  • Please log in to reply
1 reply to this topic

#1 kmbndshlp

kmbndshlp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 24 January 2010 - 04:11 AM

My daughter's computer was infected after a McAfee subscription had expired. I am posting from my computer.
Symptoms:
1) redirection to "random" unrelated sites when selecting an item from a google search. Both IE and Safari.
2) Some random period after any access to the internet a message about "Generic Host Process for Win32 Services" and "DCOM Server Process Launcher service terminated unexpectedly and needs to close" followed by a message to shutdown in 60 sec. (I use shutdown -a to disable the shutdown allowing me to run the tools without any additional problems). Inspecting the MS Errorlog, it states that the issue is with two files: svchost.exe.mdmp and appcompat.txt.

The computer is a Toshiba Satellite running MS Windows XP SP3. It was an OEM load and I believe that she has lost the restore disks, so running sfc was of no help.

I recently cleaned a \common\helper.sig issue (with other misc. findings) on her PC using McAfee, McAfee Stinger, and Malwarebytes' Anti-Malware, and TrendMicro Housecall, but not of the above is catching whatever is causing the google redirection. I also ran ComboFix to completion and it found and "cleaned?" something reporting rootkit activity, but it had no impact on the above two problems.

Thank you in advance for any help in resolving this.

BC AdBot (Login to Remove)

 


#2 kmbndshlp

kmbndshlp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 24 January 2010 - 04:45 PM

Downloading TDSSkiller from Kaspersky appears to have fixed our problem. It found and repaired a root kit in the atapi.sys file, and then rebooted. A second run found no issues. Then a small test run showed no more redirection and the shutdown problem did not appear during this time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users