Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host Process Win32 Problem


  • This topic is locked This topic is locked
30 replies to this topic

#1 helpcook

helpcook

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 October 2011 - 09:03 AM

Hello:

I had a couple of viruses (did not write them down) did a system restore to the earliest restore point, now my computer will only boot in safe mode with no networking.

After it boots in Safe Mode I get a Generic Host Process for Win32 Services has encountered a problem and needs to close.

I reboot and go right back through the same process. Just stuck in a loop until someone can walk me through fixing the problem.

Thanks for your help!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 16 October 2011 - 03:57 AM

After you get the Generic Host error, does Windows force a reboot, or can you still continue working in safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 16 October 2011 - 03:54 PM

Yes, I can still work in Safe Mode.

Thanks!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 17 October 2011 - 01:46 AM

In that case, lets move this topic to the malware removal forum, and do some investigation. :)

Please transfer any tools we need with a CD or flashdrive.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 October 2011 - 06:40 PM

Thanks for helping me.

Here are the reports.

Attached File  dds.txt   10.2KB   4 downloads

Attached File  attach.txt   18.64KB   3 downloads

Thanks again!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 18 October 2011 - 03:14 AM

It looks like some malware leftovers are causing the problems here.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 October 2011 - 06:56 AM

Hello:

I could not install Microsoft Windows Recovery as my computer only boots in safe mode without networking.

Ran ComboFix. Said it found a rootkit virus and would reboot on its own. Got the BSOD before it rebooted on its own. I turned it off, turned it back on and ComboFix ran the following scan & report in safe mode again.

Thanks again for all your help!

Attached Files

  • Attached File  log.txt   16.36KB   3 downloads


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 18 October 2011 - 07:18 AM

Hi again, please see if you can boot in normal mode now?

Run also the following tool.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 October 2011 - 07:30 AM

As I went to shut it down it started installing updates. I thought it was fixed, but it booted in safe mode again.

I already have TDSS on my computer. Do you want me to remove it & install a fresh version or just run what I already have?

Thanks, David

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 18 October 2011 - 08:12 AM

Please download a new one, delete the old copy.

At this point, what happens when you attempt to boot in normal mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 October 2011 - 08:53 AM

Hello:

I Do Not get the generic host process error, but it continues to boot to safe mode. I even did the F5 thing to make sure it was set to nomal mode, but it automatically boots to safe mode. Again, I have no networking.

David

#12 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 19 October 2011 - 09:37 PM

I did find out that I have networking in safe mode. Updated & ran AVG which found multiple viruses. Ran Malware bytes, no infections. Ran ComboFix & downloaded the recovery console, ComboFix deleted a few files. Checked msconfig and it is set to normal mode. System still boots to safe mode. Any ideas?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 20 October 2011 - 01:19 AM

Hi, please do the following.

SHOW HIDDEN FILES AND FOLDERS
-------------------------------------------------
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK


Now open My Computer and look on your C drive for boot.ini. If the file is there, right click it and select Open With > Open With Notepad.
Copy the text inside the file and post it here. Do NOT alter anything in the file, only copy its contents!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 helpcook

helpcook
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 October 2011 - 07:36 AM

Hello again:

Here's what's in the boot file:

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /safeboot:dsrepair


Thanks!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:39 AM

Posted 20 October 2011 - 09:13 AM

Right-click My Computer, and then click Properties.
On the Advanced tab, click Settings under Startup and Recovery.
Under System Startup, click Edit. This opens the file in Notepad ready for editing.

The last line now looks like this:

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /safeboot:dsrepair

Please delete the part I made bold in the quote above, the "/safeboot:dsrepair" switch; this is preventing your computer from booting in normal mode.

After doing this, exit Notepad, save the changes and click OK until you exit.

Restart your computer and let me know if Normal Mode loads now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users