Can't seem to be able to remove Malware

swobo · Aug 4, 2010

I was getting Junt in Time Debugger on my IE 7 and Chrome last week. Upgrading to IE 8 stop the message from coming up. It was also redirecting my browser. I was OK yesterday but this morning it started to give me error message for Generic Host Process for Win 32 Services had encountered and needs to close message. If I close it, it will freeze the PC. If I leave it open I could still work on it so I followed the removal instruction.

I followed the removal instruction from here.
http://forums.majorgeeks.com/showthread.php?t=139313

Superantispyware removed cookies. Malwarebytes didn't find any Malware. Combo Fix will start and close the 2 Generic Host Process box and freezes. Rootrepeal didn't do anything after I launched it.

Thanks in advance for your help. Here is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:10 PM, on 8/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed.

swobo · Aug 3, 2010

Malware????

I think I have a Malware. I'm getting Generic Host Process for Win32 Services error on bootup. If I debug or close it, it freezes the computer. I could use it if I don't close it though. I went through the removal procedure. SUperAntiSPyware removed cookies. Malwarebytes didn't find anything. Combo Fix will start and close the 2 errror box and freezes. Rootrepeal won't launch.

Here is the MGlog..Thanks in advance for your help.

chaslang · Aug 4, 2010

Welcome to Major Geeks!

Based on the only log you attached and the fact that you said SAS and MBAM found nothing, it is not looking like you have malware. I will give you two more things to run just to dig deeper, but you may need to uninstall McAfee since there is a chance that it is causing you problems.

Download TDSSKiller from Kaspersky to your directly onto your Desktop

Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )

Allow the application to run if prompted by Windows or any security programs you have installed

It will start the scan and run rather quickly and will notify you of whether anything is found or not.

Follow the instructions to delete/quarantine if asks you what to do when if finds something.

Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post[/URL] )

Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)

It will show a Black screen with some information that will contain either the below line if no problem is found:

Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.

MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

Attach this log to your next message.

Log in or Sign up

Can't seem to be able to remove Malware

swobo Private E-2

swobo Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member