|
| ||
| Generic host Hello! Does anybody know what does "generic host process for win32 services" mean? It keeps appearing in my computer when I have to restart.... Thanks! |
| ||
| Re: Generic host Could be a worm or trojan (http://startup.iamnotageek.com/srch-...0Services.html) I suggest you get the self-extracting version of HijackThis from here (in line 2): http://www.malwareremoval.com/downloads.html Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it into a new thread in the Virus forum. |
| ||
| Re: Generic host Windows uses generic host processes to connect apps to the network on behalf of the app. Basically, it acts as a proxy to protect other processes. However, this also allows malware from getting access to the network without being detected by the destination host because it thinks it is coming from a legitimate service. If you don't know what apps are using the generic host processes, then I would suggest you follow dlh6312's advice. Andy |
| ||
| Re: Generic host Hello! Thanks for your reply! I did as you said. Here is the result: Logfile of HijackThis v1.99.1 Scan saved at 14:40:25, on 2005/04/27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\Atiptaxx.exe C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\CAP4RSK.EXE C:\WINDOWS\System32\ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\Downloads\hijackthis\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Bookshelf�検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001 O8 - Extra context menu item: Microsoft Excel �エクス�ート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/ O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/c...on=4,3,2,20802 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096515566766 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite/fvliteY.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...23/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7255124B-0BB2-4A70-84F5-3F76B256E950}: NameServer = 164.161.40.121,164.161.161.21 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO SonicStage Server (Application) (VAIOMediaPlatform-SonicStage-AppServer) - Unknown owner - C:\Program Files\sony\SonicStage\SSSvr\SSSvr.exe" /Service=VAIOMediaPlatform-SonicStage-AppServer /displayName=VAIO SonicStage Server (Application) (file missing) |
| ||
| Re: Generic host At first glance I don't see anything blantantly obvious that shouldn't be there. So, my next suggestion would be to Google each of the processes that you don't recognize to find out what they are. The process may be legitimate. Andy |
| ||
| Re: Generic host As nicentral noted, there are no obviously suspicious or abnormal processes/programs listed in your log. Quote:
|
| ||
| Re: Generic host Thank you very much for your help!! |
| ||
| Re: Generic host You're welcome. :) Did you find out where the error/message/whatever was coming from? |
| ||
| Re: Generic host HI! No, I didnt find... my computer is in japanese, so I dont understand what it says... but lately thiat message it is not appearing anymore... Thanks again Ceci |
| All times are GMT -4. The time now is 9:27 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC