 |  |  |  |  |  |  |  |
Generic host
 |
Hello! Does anybody know what does "generic host process for win32 services" mean? It keeps appearing in my computer when I have to restart....
Thanks!
Thanks!
Could be a worm or trojan (http://startup.iamnotageek.com/srch-...0Services.html)
I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it into a new thread in the Virus forum.
I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it into a new thread in the Virus forum.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Windows uses generic host processes to connect apps to the network on behalf of the app. Basically, it acts as a proxy to protect other processes. However, this also allows malware from getting access to the network without being detected by the destination host because it thinks it is coming from a legitimate service. If you don't know what apps are using the generic host processes, then I would suggest you follow dlh6312's advice.
Andy
Andy
Nobody believes the official spokesman, but everybody trusts an unidentified source.
-- Please do not PM me with questions about a thread. If you respond to a thread, then everyone can benefit.
-- Please do not PM me with questions about a thread. If you respond to a thread, then everyone can benefit.
Hello!
Thanks for your reply!
I did as you said.
Here is the result:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:25, on 2005/04/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Bookshelf�検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: Microsoft Excel �エクス�ート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096515566766
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite/fvliteY.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...23/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7255124B-0BB2-4A70-84F5-3F76B256E950}: NameServer = 164.161.40.121,164.161.161.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO SonicStage Server (Application) (VAIOMediaPlatform-SonicStage-AppServer) - Unknown owner - C:\Program Files\sony\SonicStage\SSSvr\SSSvr.exe" /Service=VAIOMediaPlatform-SonicStage-AppServer /displayName=VAIO SonicStage Server (Application) (file missing)
Thanks for your reply!
I did as you said.
Here is the result:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:25, on 2005/04/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Bookshelf�検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: Microsoft Excel �エクス�ート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096515566766
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite/fvliteY.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...23/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7255124B-0BB2-4A70-84F5-3F76B256E950}: NameServer = 164.161.40.121,164.161.161.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO SonicStage Server (Application) (VAIOMediaPlatform-SonicStage-AppServer) - Unknown owner - C:\Program Files\sony\SonicStage\SSSvr\SSSvr.exe" /Service=VAIOMediaPlatform-SonicStage-AppServer /displayName=VAIO SonicStage Server (Application) (file missing)
At first glance I don't see anything blantantly obvious that shouldn't be there. So, my next suggestion would be to Google each of the processes that you don't recognize to find out what they are. The process may be legitimate.
Andy
Andy
Nobody believes the official spokesman, but everybody trusts an unidentified source.
-- Please do not PM me with questions about a thread. If you respond to a thread, then everyone can benefit.
-- Please do not PM me with questions about a thread. If you respond to a thread, then everyone can benefit.
As nicentral noted, there are no obviously suspicious or abnormal processes/programs listed in your log.
If you are saying that you get an error or message concerning the process, please post the full contents of the message. If you mean something else, please be more specific.
•
•
•
•
Originally Posted by csceci
It keeps appearing in my computer when I have to restart
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
You're welcome. 
Did you find out where the error/message/whatever was coming from?
Did you find out where the error/message/whatever was coming from?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- error -- Generic Host Process for Win 32 Services (Windows NT / 2000 / XP)
- I NEED HELP WITH "Generic Host Process for Win32 Services ERROR" (Viruses, Spyware and other Nasties)
- Generic host error (Viruses, Spyware and other Nasties)
- Generic Host Process for Win32 Services (Viruses, Spyware and other Nasties)
- Generic Host Process for Win32 Services (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Worm virus - XP issues
- Next Thread: My HJT log. Ready for help!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
