Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I am infected - need help


  • Please log in to reply
12 replies to this topic

#1 William340

William340

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 08:01 AM

hello.

I am running Win7 64 bit.

my computer is now getting an endless series of "Host Process for Windows has stopped working - A problem caused the program to stop working correctly.  Widows will close the program and notify you if a solution is available."  windows popping up. there is a "close program" button.  if you click it the window closes, but then reappears within seconds. 

 

there is a 2nd window that shows on the task bar.  if you hover over it it says "Police Report".  the page itself is completely blank.  if you click on it in the taskbar, it completely whites out the screen (including taskbar) until the "Host Process" window pops up over it.  then if you "close program" button you get back to the desktop.  the "police report" window never closes.  it just gets minimized, I guess.

 

as of now, this only happens when I sign on in the admin account.  it does not seem to happen when I am in my "media server" account which the PC boots into.

 

from the Admin account, I have run Windows security scan (found nothing), rkill (found nothing) and  Malwarebytes, which has found a few things & deleted them, but the problem has not gone away.  I have run Malwarebytes (full scan) and rebooted, got the problem, run Malwarebytes (full scan) and rebooted again a number of times.

I have also performed the "Flash Scan" but it said everything was ok.

 

also, when I switch from the "media server" account to the Admin account, a DOS window pops up that reads (in part, I'm sure I don't have it all) something about winsta32.dll and regsrv32.exe

I'm pretty sure it did not used to do this before I had this problem.

 

I think that's most everything.

thank you for your help.

 

 



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:00 PM

Posted 08 June 2014 - 10:10 AM

 Can you boot to Safe Mode?  The first thing I'd want to do would be to save any data I didn't want to lose.  If you can't boot to Safe Mode, I'd make a system repair disk on another 64 bit Windows system (via Backup and Restore applet of Control Panel), and boot from it to do a repair, then boot to command prompt and use XCOPY to save my data if I still couldn't boot to safe mode.  From an elevated command prompt you could try the command SFC /scannow to attempt repair of corrupted system files.  If none of that helps, I'd restore to factory settings.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 10:24 AM

I will try to boot to safe mode.  I am backed up thru Backblaze, so that should be ok.

but I'm not sure what to do once I get into safe mode.

just try to get to command prompt & try SFC/scannow ?

 

thanks for your help.



#4 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:00 PM

Posted 08 June 2014 - 11:09 AM

 I'd definitely want to run SFC in Safe Mode.  You could run Malwarebytes in Safe Mode too.  Sometimes malware can hide itself in normal mode.  Since Safe Mode makes it a lot harder for malware to get initialized, you're better off doing malware checking that way.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#5 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 11:33 AM

I was able to get into safe mode w/ command prompt & run the SFC/scannow.

the message was : Windows Resource Protection did not find any integrity violations.

 

not sure if it's because I am an idiot, but I could not get on the internet in safe mode as it said I had no networks connected.

so I had to restart in normal to come back & check thread.

 

I guess I will go back to safe & try Malwarebytes from there.

then go back to normal mode & check back in here.

 

thanks.



#6 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 11:38 AM

ok, this time I noticed "safe mode w/ networking" lol

so I won't have to jump back & forth to check back here.



#7 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 01:40 PM

Malwarebytes found nothing on a full scan of the C: drive.

also found nothing using the "flash scan"

 

should I try the "repair" option that shows when I hit F8 on a restart?

it's on the top of the list when I go into safe mode.



#8 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 01:53 PM

I ran rkill while I was in safe mode and it seemed to do something.

so, I am going to run Malwarebytes again.  and maybe the windows security scan.



#9 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 02:14 PM

well the "quick scan" did not find anything.

and I can't start the Windows Security.

I get a message that says "Turn on Windows Security Center Service (important)

but then when I click on it it says "the Windows Security Center can not be started".

 

I guess I am ready to try to boot back into normal mode.



#10 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 03:05 PM

still have the Host Processes window opening in regular mode.

I am running Microsoft Security Essentials full scan now.

 

I was able to read in the DOS box before it closed that the dll file it is running is 

C:\users\<username>\avast\winsta32.dll

this seems to be a hidden folder, as I can't see it if I use windows Explorer, but I can get there if I search for that file name.

should I delete that .dll file?



#11 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 06:25 PM

Security Essentials scan finished.

found nothing.



#12 William340

William340
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2014 - 08:11 PM

tried to delete the winsta32.dll and the bat file that was starting it from normal mode.

it would not let me, and said that the files were in use by Malwarebytes!

booted into safe mode and deleted them.

then back into normal mode.

naturally the DOS window that says it's starting the file no longer appears.

 

more significantly - I am no longer getting the window popping up with the Host Processes error, nor do I see the window that was labeled "Police Report".

 

I have run rkill again, as well as Malwarebytes flash scan & quick scan.

everything comes back clean, (in normal mode).

so, I may be ok now.



#13 DDG5233

DDG5233

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 20 August 2014 - 12:16 PM

We are having the exact same problem as described on this post (same OS, same behavior, same blank file called police report, and same host process for windows has stopped pop ups).   Question, I am not able to locate a C:\users\<username>\avast\winsta32.dl - can you describe how you identified the .dll and associated bat file that was causing the issue? 

 

Has anyone else experienced this issue and are there any known tools that have been identified to address it?   We have already tried Malwarebytes, Rkkill, and several others - all came back with pretty much nothing found.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users