[Essexboy]

Simple centre is a media player - did you not install it ?

[Advertisements]

Simple Center is a media player which i downloaded from my Nokia mobile software.

What should i do next?

Thanks.
Legna

[legna]

Simple Center is a media player which i downloaded from my Nokia mobile software.

What should i do next?

Thanks.
Legna

[Essexboy]

Something is hiding that I can not yet find

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[legna]

I was editing my videos using the free software called Soft Video Dub when an update to the software appeared. I clicked and was directed to the website,
http://www.dvdvideos...deo-editing.htm. Suddenly the frequent GENERIC HOST PROCESS FOR WIN32 SERVICES APPEARED, and pc was frozen!. I had no choice but to 'off' power.

When i restarted, the generic host process appeared again with nothing in the background except the wallpaper and pc was also frozen! I then off power again. When it restarted, generic host appeared again. I off power a few times. Finally it was back to normal.

I then downloaded the AVP tool but after scanning for 8 hours and 20 mins, guess what it found? NOTHING!!!!!!

Generic host process and all these hidden viruses has been bothering me for the past year.

Hmmm......what should I do now?

[Essexboy]

Download and run this hotfix from MS and let me know if there is any change http://www.microsoft...;displaylang=en

[legna]

Regarding the MS update link which you had given me, when i click on the top right hand corner microsoft update, it also brought me to another page whereby i am being asked to check windows program and newest update, and 2 choices to choose from....with the first one being recommended. i clicked on the quick fast button. After a couple of minutes, it searches for the newest update for my pc which is KB936929 xp sp3....

By the way, my MS is in chinese language, therefore I chose the chinese version from the drop down menu.

I am a bit confused.
Was the hotfix KB894391：Windows XP (the link you provide) already downloaded when i click on the top right hand corner initially?
or should i downloading this newest update KB936929 xp sp3?

In fact, previously i downloaded IE7 but as the generic host was causing me problems, i thought it was IE7 which caused it. Therefore i deleted IE7 two months ago.

Please enlighten whether how i can check to know if the hotfix is already being downloaded and whether i need the newest update KB936929 xp sp3?

Edited by legna, 29 March 2009 - 11:29 AM.

[Essexboy]

They are both different hotfixes so accept them both

The download for the link I gave you is the download button on the left just above quick details

[legna]

Long virus story. Will post later.

[legna]

Pardon the temporary delay as my pc has been scanning for almost the whole day!

All these malware is giving me a great headache! So many of them that I don't know what I shall start reporting first.

The hotfix DOES NOT solve the generic host problem.

THE big problem now is the silent killer that is hibernating inside my pc, like a 'dormant volcano' that is ready to erupt anytime.

For your info, the Dr.Web scan did not run smoothly the other day as the scan only lasted 7 mins (compared to the several hours which you had mentioned in your previous post).
At that point in time, I did sense something amiss as the scan ended as soon as it had just started! This time the scan is indeed taking almost the whole afternoon to do so.

I had updated Dr.Web to the latest version and did a complete scan.
The previous time, when the msg pops up, I did not choose to update to latest version.
While the AVP tool found nothing after an 8 hours scan yesterday, this time Dr.Web FOUND THE SAME VIRUS WHICH HAD ALREADY BEEN DELETED IN THE PREVIOUS DR.WEB SCAN.Win32.HLLW.Gavir.ini. It just keeps reappearing!
As usual, it always repeats itself in the same folder my music, my pictures, my videos and etc.
Even the drivers in C are infected with VBS.Generic.278!
All this while, SERIOUS INFECTION also occur in the SAME SYSTEM VOLUME INFORMATION_RESTORE folder with tool Prockill being found.
Tool.Prockill reappeared again in Dr.Web.
Here's  Dr.Web_2009_03_30.txt   1.04KB   313 downloads

In fact, i Have been receiving everyday pop ups from avira all these months with many malware found inside System Volume Information_restore folder.
Remember, the previous malwarebytes' scan, I had already deleted the rogue malware, Tool.Prockill. This time, it was under status in Dr Web scan with no course of action to be taken. It wasn't automatically deleted. After the scan finished, I deleted it and remove selected.

After this, I did a Quick Scan with malwarebytes' Anti Malware AND LATER A COMPLETE SCAN.

Please take Note
I have an IMPORTANT QUESTION here. I noticed a similar pattern which occurs everytime when the scan reaches avenger.exe. An error code to report
in malwarebytes will pop up with 1 object being infected. It labels this as a Malware Tool. IS THIS A VIRUS WHICH I HAVE DOWNLOADED OR IS IT JUST A FALSE POSITIVE?

After deleting the malware tool, I looked into the logfile but it seems to be a clean log.....!!

I had both AVENGER.zip and AVENGER.exe quarantined in avira and deleted it from there. Please let me know if avenger had been infected.

It also found this


Here's the Malwarebytes logfile after the complete scan showing further infection in system volume info.
 complete_scan_mbam_log_2009_03_31__00_09_41_.txt   1.25KB   265 downloads

Finally, simultaneously, the generic host process pops up together with the malware. I notice that there is something different in the error report.
C:\DOCUME~1\username\LOCALS~1\Temp\WERea70.dir00/svchost.exe.mdmp
C:\DOCUME~!\username\LOCALS~1\Temp\WERea70.dir00\appcompat.txt


Oh dear, I am totally lost now, groggy with all those pop ups when scanning. The worst thing is that these so called malware will not show itself unless
doing certain scannings and not all scanning has the ability to detect them!

I hope I have not left out anything.

[Essexboy]

OK we will kill the restore point whilst I have a quick think about my next mode of attack. AS Dr Web normally kills this one dead

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Fresh
• Click CREATE

You now have a new restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

[legna]

Finished performing the above steps.

Thank You.

[Essexboy]

I would like to run another OTScanit log but with different parameters, this will be a much larger log so may need uploading to Mediafire

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All Users
• Check the Radio button for Rootkit check YES
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EventViewer Errors/Warnings (last 10)
• Under the Custom Scans box at the bottom left paste the following in
  %systemroot%\Prefetch\*.* /s
  %systemroot%\system32\drivers\*.dat
  %systemroot%\Temp\bca4e2da.$$$
  %systemroot%\Temp\ed47fa.$
  %systemroot%\Temp\fa56d7ec.$$$
  %systemroot%\System32\antiwpa.dll
  %PROGRAMFILES%\*crack*.
  %PROGRAMFILES%\*keygen*.
  %SYSTEMDRIVE%\*crack*.
  %SYSTEMDRIVE%\*keygen*.
  %SYSTEMDRIVE%\*.zip
  %SYSTEMDRIVE%\*.rar
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*.zip
  %systemroot%\*.rar
  %systemroot%\system32\*.zip
  %systemroot%\system32\*.rar
  %PROGRAMFILES%\*.zip
  %PROGRAMFILES%\*.rar
  %PROGRAMFILES%\*.exe
  %DESKTOP%\*.zip
  %DESKTOP%\*.rar
  %DESKTOP%\*.exe
  %PROGRAMFILES%\Common Files\*bak*.
  %systemroot%\SYSTEM32\*bak*.
  %PROGRAMFILES%\*bak*.
  %USERNAME%\*.zip
  %USERNAME%\*.rar
  %USERNAME%\*.exe
  %USERPROFILE%\*.zip
  %USERPROFILE%\*.rar
  %USERPROFILE%\*.exe
  %ALLUSERSPROFILE%\*.zip
  %ALLUSERSPROFILE%\*.rar
  %ALLUSERSPROFILE%\*.exe
  %APPDATA%\*.zip
  %APPDATA%\*.rar
  %APPDATA%\*.exe
  %ALLUSERSSTARTMENU%\*.zip
  %ALLUSERSSTARTMENU%\*.rar
  %ALLUSERSSTARTMENU%\*.exe
  %ALLUSERSSTARTUP%\*.zip
  %ALLUSERSSTARTUP%\*.rar
  %ALLUSERSSTARTUP%\*.exe
  %ALLUSERSPROGRAMS%\*.zip
  %ALLUSERSPROGRAMS%\*.rar
  %ALLUSERSPROGRAMS%\*.exe
  %ALLUSERSAPPDATA%\*.zip
  %ALLUSERSAPPDATA%\*.rar
  %ALLUSERSAPPDATA%\*.exe
  %APPDATA%\*.zip
  %APPDATA%\*.rar
  %APPDATA%\*.exe
  %QUICKLAUNCH%\*.zip
  %QUICKLAUNCH%\*.rar
  %QUICKLAUNCH%\*.exe
  %STARTUP%\*.zip
  %STARTUP%\*.rar
  %STARTUP%\*.exe
  %STARTMENU%\*.zip
  %STARTMENU%\*.rar
  %STARTMENU%\*.exe
  %MYDOCUMENTS%\*.zip
  %MYDOCUMENTS%\*.rar
  %MYDOCUMENTS%\*.exe
  %PROGRAMFILES%\Mozilla Firefox\plugins\*.*
  %PROGRAMFILES%\Internet Explorer\*.*
  %PROGRAMFILES%\Mozilla Firefox\*.zip /s
  %PROGRAMFILES%\Mozilla Firefox\*.rar /s
  %PROGRAMFILES%\Mozilla Firefox\*.exe /s
  %PROGRAMFILES%\Internet Explorer\*.zip /s
  %PROGRAMFILES%\Internet Explorer\*.rar /s
  %PROGRAMFILES%\Internet Explorer\*.exe /s
  %SYSTEMDRIVE%\*.dat
  %SYSTEMROOT%\*.dat
  %SYSTEMROOT%\*.sys
  %systemroot%\system32\drivers\*.exe /s
  %systemroot%\system32\drivers\*.zip /s
  %systemroot%\system32\drivers\*.rar /s
  %APPDATA%\*.sys
  %systemroot%\system32\serauth1.dll
  %systemroot%\system32\serauth2.dll
  %systemroot%\system32\sysaudio.sys
  %PROGRAMFILES%\*TinyProxy*.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[legna]

Here's the OTScanIt log attached.
 OTScanIt_31_03_09.Txt   227.78KB   1028 downloads

Help!!!!!!Generic Host Process CANNOT STOP appearing! I tried opening Dr Web, and the generic host pops up right in front!

The Generic Process is bothering me again.
It seems that something is preventing me from uploading my videos to a hosting site. Whenever I upload, the generic host problem pops up!
On that site, it shows Video Upload Failed.
Very frequently, whenever I am editing my videos, the Generic Host Process for Win32 Services will pop up and all sounds concerned will be cut off.
I hope all my videos are not infected. I normally burn them using my DVD-writer and erase those videos later.

PS: Received the latest popup
Virus or unwanted program 'HEUR/Malware [heuristic]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E8O6H50W\msl[1].exe.
Action performed: Move file to quarantine

Edited by legna, 31 March 2009 - 11:21 AM.

[Essexboy]

You are being infected from whatever website it is that you are visiting - as all occurences are within the temp internet files and nothing is showing on your system as a trigger file. To clear the generic host process it might be advisable to upgrade to SP3. Are you visiting one main site to get these infection popups ? They are being stopped at the moment but it is only a matter of time before one gets through

[legna]

I visit a few sites, not only one main site. I normally go to blogger and http://www.photobucket.com

I normally upload videos to my blogger site. Can the virus penetrate into my blogger website?

Very frequently, even if I am not visiting any sites.....I am normally converting videos into various formats on my desktop and the generic popup still occur.
Sometimes to test the system, I will on my pc the whole night while I am sleeping. The worst thing is that I can hear the CONTINUOUS beeping popup sound when avira
picks up the virus for it to be quarantined!

I really don't have any idea what is going on.

Will go and upgrade to SP3 now.

Edited by legna, 31 March 2009 - 12:59 PM.