Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue AV, Generic Host process crash, google redirects with popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 fathomosity

fathomosity

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 27 October 2010 - 10:22 PM

Like the title says, I picked up malware off some website while looking for a disassembler that started with a rogue antivirus(antivirus safebrowser and fake security essentials) that got removed with malwarebytes. Now I get a generic host process crash win32 relating to svchost.exe and module ntdll.dll. With the crash, the system sort of hangs and doesn't open anything like task manager. I've managed to get the system working again with windows styles disappeared(blue taskbar,green start button) by leaving task manager open before the crash and ending the svchost.exe process that's taking up 100+MB of memory.
Not only is the generic host process crashing, but IE keeps redirecting me when I click on google search links and random popups.
My situation is exactly like this post http://www.bleepingcomputer.com/forums/topic332187.html.

I've run combofix, malwarebytes, norton, gmer, and a few other scanners with no luck on this svchost issue. I've even tried replacing svchost and ntdll.dll files from an identically configured system.
Anyways, here is the otl log and gmer log.

OTL was scanned using the custom/fix settings from the post above.

For some reason, I get connection interupted when I try to post the whole log, and when I post a partial of the log after what's already been posted. is there a post length/size limitation?
I've attached the otl log in a zip and the gmer log. Please advise. And thanks in advance for the help!

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 28 October 2010 - 12:44 AM.


BC AdBot (Login to Remove)

 


#2 fathomosity

fathomosity
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 29 October 2010 - 12:38 PM

TDSSKiller got rid of it. it was lurking in the master boot record. all problems gone!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 29 October 2010 - 04:48 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users