Generic Host Process = dead, Winlogon = dead, cntrl+alt+del, also dead

Pages: 1

Index »
Community »
Tech »
Generic Host Process = dead, Winlogon = dead, cntrl+alt+del, also dead

2006-12-02 12:27:25

Inspect@hDeck: Member; +23|6881|Browntown

Yeah, so here I am removing the Vundo Trojan from my computer. I go to reboot, and everything runs sexily for about 10 minutes. At which time, I get "winlogon has encountered an error". So I restart and it goes away. Next time I get "generic host process has encountered an error", so I restart.

So, now every time I use the computer, even though no error messages pop up, I hear the fatal error tone, and about 5 minutes later, my desktop goes from default blue scheme, to the default classic XP scheme. When this happens,

I can not use any hardware attached to my computer, speakers, printer, ect. (my monitor still works though).

I also can not revive the computer when the monitor goes off due to power saving, nor can I use ctrl+alt+del to open up task manager. No CD drive is detected after the error tone, either.

To make it worse, I don't have an XP Pro disc, which is the OS I'm running with SP2, so I can't repair or format. I have a XP Home disc, though, perhaps I can use that?

Thanks, I just want to use my computer normally again.

3.06GHz P4, 1G ram, Geforce 7600gt, anything else, just ask.

Last edited by Inspect@hDeck (2006-12-02 12:31:57)

2006-12-02 12:57:49

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

edit didnt see u cant reformat

err

have u thought of d/l an OS

linux for example?

im still looking for how 2 solve your problem

Last edited by Zero!. (2006-12-02 12:58:48)

2006-12-02 13:13:35

Inspect@hDeck: Member; +23|6881|Browntown

I've thought about DL'ing xp pro off the internet, and using my CD-key that I already have, but that is kind of a pain in the ass. If there is no other fix, I'll definatley do it.

EDIT: I JUST got an error message, this time, it says the appname responsible is explorer.exe.

and now my desktop has dissapered.

I'm posting on a different computer, in case you are wondering.

Last edited by Inspect@hDeck (2006-12-02 13:16:17)

2006-12-02 13:17:50

iNeedUrFace4Soup: fuck it; +348|7001

Just find a way to reinstall. It is going to be a huge pain in the ass to fix everything manually.

2006-12-02 13:18:30

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

what av and spyware u running?

2006-12-02 13:21:41

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

right through some research ive found that it is caused by a worm or a virus

in this case its that virus you tried to remove

there are a few ways of doing this

the way which is cropping up most is 2 download the latest anti-virsu updates from the manufactuter and doing a FULL system scan

p.s i reccomend kaspersky

if you use torrents download it uses hardly any sys memory and is fantastic, ive used it for years had no problems and its caught every bastard virus and worm that has tried to reach my comp

another note im running kaspersky internet security 6

p.s again im still looking

edit: have you patched for the RPC exploit in win XP?

if not go here and d/l and install

http://www.nacs.uci.edu/security/Micros … ploit.html

edit 2: also if you have a legitamate copy of win xp this is available through windows update

if not you can d/l a update crack by team eth0 which allows you the updates on a volume key system

edit 3: can u do us a fav if u can download this program called HiJack this

http://www.majorgeeks.com/download3155.html

post the log when its done and ill take a look (note do this on the buggered comp)

Last edited by Zero!. (2006-12-02 13:36:01)

2006-12-02 13:34:33

Inspect@hDeck: Member; +23|6881|Browntown

I'm running Avast, and Ewido pro. I'll DL and run Kapersky now. If it works/doesn't work, I'll let you know the details.

and also, I havent yet patched that thing, I'll do that after I DL kaspersky.

Last edited by Inspect@hDeck (2006-12-02 13:38:36)

2006-12-02 13:37:05

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

can u do us a fav if u can download this program called HiJack this

http://www.majorgeeks.com/download3155.html

post the log when its done and ill take a look (note do this on the buggered comp)

another note get the latest ewido database

im running the same spyware as you

if its cracked you have to manually get the updates just search google for ewido manual updates and d/l the latest ones

2006-12-02 14:13:19

MECtallica: Member; +73|6960|jalalabad

donkey porn = viruses

2006-12-02 14:17:55

=Karma-Kills=: "Don't post while intoxicated."; +356|7040|England

*IN SAFE MODE*
1. Try Hijack This.
2. Try Kaspersky.
3. Try Nod32.
4. Look through start up folder (msconfig)... delete anything dodgy
5. Try Mcafee Stinger http://vil.nai.com/vil/stinger/
6. Try Vundo Fix http://www.bleepingcomputer.com/forums/topic18610.html
7. May think of more later...

2006-12-02 14:30:39

Inspect@hDeck: Member; +23|6881|Browntown

Code:

Logfile of HijackThis v1.99.1
Scan saved at 5:20:03 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EE917FB-AE14-49E2-8ED4-46842BAA64D2} - C:\WINDOWS\inf\nuerg.dll (file missing)
O2 - BHO: (no name) - {568AA92C-5BF9-4867-BB06-6A270DE83097} - C:\WINDOWS\system32\rogiijrt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {802CEBC3-C0B9-431C-9FB6-95D18EF4EE74} - C:\WINDOWS\system32\rogiijrt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B731CDD3-536A-2897-1D24-2910E8277FB2} - C:\WINDOWS\system32\vbybe.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ptgojroe - C:\WINDOWS\SYSTEM32\ptgojroe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Kaspersky has so far found like 32 Trojans, I suck at computer security.

I'll try Nod32 and that stuff in safe mode next.

2006-12-02 15:18:38

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

you have like 5 kernal fault checks in there

right again if u torrented kaspersky do the same but for a program called Registry Mechanic

download install and run

that will remove all bad registry entries and MUI entries

p.s do u actually leave you av on with spyware or turn it of coz u seem 2 have allot of virus and worm entries in the registry

2006-12-02 15:22:14

dubbs: Member; +105|7087|Lexington, KY

This may help you be I am not for sure. If you have Windows Restore enabled, you can try using it to restore your copy of Windows to an earlier state. I am not for sure if this will solve your issue, I know that recently I was installing a theme, and it did not install correctly, and my computer was acting as if it was being attacked. This solved my issue.

2006-12-02 15:29:42

Cookie.VXT: Bringer Of Cookies.; +178|6891|UK

dubbs wrote:
This may help you be I am not for sure. If you have Windows Restore enabled, you can try using it to restore your copy of Windows to an earlier state. I am not for sure if this will solve your issue, I know that recently I was installing a theme, and it did not install correctly, and my computer was acting as if it was being attacked. This solved my issue.

ye it wont work as it will restore all the virus and worms that he has just removed

nice try though it was a good idea

2006-12-02 16:08:34

=Karma-Kills=: "Don't post while intoxicated."; +356|7040|England

Zero!. wrote:
dubbs wrote:
This may help you be I am not for sure. If you have Windows Restore enabled, you can try using it to restore your copy of Windows to an earlier state. I am not for sure if this will solve your issue, I know that recently I was installing a theme, and it did not install correctly, and my computer was acting as if it was being attacked. This solved my issue.
ye it wont work as it will restore all the virus and worms that he has just removed

nice try though it was a good idea

Oh yeh DIABLE SYSTEM RESTORE
Viruses may be saved in there.
So go to right click my computer > properties > system restore > turn it off > reboot > turn it back on.
This should get rid of any archives with viruses saved in them.

2006-12-02 16:45:29

Inspect@hDeck: Member; +23|6881|Browntown

Will fixing alll those fault checks and random stuff cure my problem?

Cause it's really starting to make me unhappy :p.

what do I fix using HijackThis, do I do anything at all?

Sorry to be so stupid guys, I really suck at computers.

Last edited by Inspect@hDeck (2006-12-02 16:50:05)

2006-12-02 16:49:04

dubbs: Member; +105|7087|Lexington, KY

Zero!. wrote:
dubbs wrote:
This may help you be I am not for sure. If you have Windows Restore enabled, you can try using it to restore your copy of Windows to an earlier state. I am not for sure if this will solve your issue, I know that recently I was installing a theme, and it did not install correctly, and my computer was acting as if it was being attacked. This solved my issue.
ye it wont work as it will restore all the virus and worms that he has just removed

nice try though it was a good idea

From what I understand it basically restores your registry from the back up. Thus removing the entry from the registry and rendering the virus useless.

2006-12-02 17:35:11

MECtallica: Member; +73|6960|jalalabad

some viruses use system restore to come back

2006-12-03 10:05:45

=Karma-Kills=: "Don't post while intoxicated."; +356|7040|England

Hijack This:
Run the programme.
Save the log file.
Post is somewhere like here http://www.castlecops.com/f67-Hijackthi … Oh_My.html
They will come back telling you what to remove.

PS More info on what the log means can be found here http://www.castlecops.com/HijackThis.html

Last edited by =Karma-Kills= (2006-12-03 10:07:39)

2006-12-03 10:20:10

Point&Shoot: Tank Whore; +52|7002|Canada

I got the same thing last week, the only thing that worked for me was rebooting from a different copy of windows. I didn't have any boot-disks that would allow me to access all my drives, not too sure why. But I happened to be setting up a computer with a new clean version of XP. So I just grabbed that drive and plugged it into my system and forced the computer to boot off that drive. Then I was able to delete any offending files. Because I saw that in my windows/system32 directory there were some brand new files that had just been created after the Trojan took hold awtqr.dll being one and the only one I couldn't delete because it was being loaded be winlogon.exe so no virus removal tool could remove it because as long as windows was running it couldn't be killed.

At least that's my experience with Vundo. I would check you windows/system32 directory - in detail view and sort by date and find the group of files that are dated around the time you got the Trojan. Then you need to reboot from a different O/S - boot disk or otherwise - and go in and erase those files. Like I said, for me I needed a full copy of windows on a different HDD that was totally unaffected. I tried just about everything before that - about 8 hours straight - and it was the only thing that worked.

Pages: 1

Index »
Community »
Tech »
Generic Host Process = dead, Winlogon = dead, cntrl+alt+del, also dead

Board footer

Jump to

BF2S Forums Generic Host Process = dead, Winlogon = dead, cntrl+alt+del, also dead

Code:

dubbs wrote:

Zero!. wrote:

dubbs wrote:

Zero!. wrote:

dubbs wrote:

Board footer