Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HTML Application host "problem"


  • This topic is locked This topic is locked

#1
wighty

wighty

    New Member

  • Member
  • Pip
  • 7 posts
Over the course of the past 12 hours, my wife's computer (Dell 4550, WIN XP Home SP1+) seems to have been infected by what I believe may have been the Remote Code Execution exploit. The computer is behind a FW, has virus (NAV) & spyware (Counterspy) protection, security patches, hotfixes, etc.. I it also networked (via cable) with my computer to the internet (cable) through a 4 port router. My system was not affected.

Last night all was well. But this morning several MS programs produce the same error message, "Microsoft ® HTML Application host has encountered a problem and needs to close". We are sorry for the inconvenience...". The programs affected are IE6, OE6, Services, System Restore, User Accounts, NAV, etc. I also found the Remote Assitance box checked under System Properties, when I know I had unchecked it some time ago, and disabled the associated services. I also get random Access violations in User32.dll

Using a diagnostic known as AIDA32 (no longer being upgraded), I was able to find a couple of suspicious entries under the SERVER folder - Opened Files, Global Groups, & Account security. The opened files screen is grayed-out, but the AIDA32 Account security page lists these items (that I'm certain I did not create):
Computer Role Primary
Domain Name SEZ4550
Primary Domain Controller Not Specified
Forced Logoff Time Disabled
Min / Max Password Age 0 / 49710 days
Minimum Password Length 0 chars
Password History Length Disabled
Lockout Threshold Disabled
Lockout Duration 30 min
Lockout Observation Window 30 min

I've read a similar Topic in this forum about someone who had a similar experience in Jan 06, but there seemed to be no resolution to the problem.

Although I'm not a computer novice, I am not experienced with the Windows Server. Based on what I've been able to find I suspect "someone" created a new user account and "adjusted" the permissions on several key Windows system files.

I'm hoping the collective knowlege in this forum can help me diagnose the problem, and hopefully come up with a solution that doesn't involve reformatting the HD and reistalling Windows. Is that possible?
  • 0

Advertisements


#2
wighty

wighty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just to ensure I follow forum protocol, I ran spyware, virus, & HJT scans. The Spryware scan (CounterSpy) found FunWeb products & My Web Search Toolbar items that I removed - that did not affest (improve) the original problem.

Since NAV would not work, I D/Ld AVG and ran their virus scan - none found.

I then used HJT and have a log file. But I'm not certain that I should C&P that info in this forum, and since I started this topic outside the HJT forum, I'm not sure if I need to have my topic moved there before posteding the HJT log. < moderator's insight needed :blink: >

In addition to the other things that don't work, I now find that I can not create new folders on the HD... :whistling:
  • 0

#3
Dwight

Dwight

    Member

  • Member
  • PipPipPip
  • 480 posts
Hi wighty. Welcome to G2G. I think you should try this
that way you will know for sure.


Please go to malware forum and follow the instructions at the top
Specially the CLICK HERE.
That will give you several steps that will help you clean up 70 percent of
all problems by yourself. If at the end of the process you are still having
difficulty and you may not be
Then post a hijackthis log in THAT forum.
Click Here before posting a Hijack This log.
http://geekstogo.com...o_Here-f37.html

Please be patient it may take some time before one of the
experts can address you problem.

If you are still having problems after getting a clean bill of health from
the malware expert, please return to this thread.
  • 0

#4
wighty

wighty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Dwight. I will do that... :whistling:
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Continued here:
http://www.geekstogo...howtopic=134552

Therefor closing this one.
Thank you Dwight :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP