0

Hi all,

looks like this problem with lost internet connection showed up some days earlier here in Europe. This issue seems to be related to a newly discovered security hole in XP, which has been adressed by MS already. It doesn't seem to be clear what exactly causes the Generic Host Process to crash, but many people over here solved it pretty simple:

They just updated their XP with the most recent security patches from MS. If for some unknown reasons :rolleyes: the automatic updater failed or isn't active on your computer, try to install one of the "after SP2"-update packs, provided on some sites like:

http://www.ryanvm.net/msfn/updatepack.html

Most users here report the problem solved after updating the OS. If it doesn't work, you probably have an additional infection with malware.
The crashing Generic Host Process issue itself seems not to have any further malicious effects, so it could be a friendly "proof of concept" for an exploit of the security hole, just being spread all over the world. (?)

As you know, this posting might be worth only 2 cents.... :cheesy:

Ollie

3
Contributors
6
Replies
8
Views
11 Years
Discussion Span
Last Post by Xpenetrator
0

hi how can i open the file on that site cause i've downloaded a fix but the extension of the file was ".FILE"..

0

hi how can i open the file on that site cause i've downloaded a fix but the extension of the file was ".FILE"..

Hi Neil,

Don't download the single hotfixes. Scroll down to the bottom of the page and download the

Post-SP2 Update Pack

which contains all hotfixes since SP2 release in 2004. It is a RAR archive that should install all the stuff without requiring 100 reboots. :) Unfortunately the download link doesn't work from my site, I'm afraid it won't from yours, too. Try to download the same update pack from this one:

http://www.softpedia.com/progDownload/RyanVMs-Windows-XP-PostSP-Update-Pack-Download-22694.html

If the link to the US site fails on that page, try the mirror site (from Romania? Crazy internet :) ) one line below, that works here.

Sorry for the inconvenience. Unfortunately I couldn't figure out which particular hotfix will fix this problem, so the only solution is to install them all (by an update pack) or to have Windows automatic update doing the job for you, if possible. (Win automatic update may be delayed by several days on some systems! So you might have missed the hotfix in question, even if you use Windows Update.)

Hope that helps, good luck!

0

i've already downloaded the post upadte pack, but i can't open the file i'ved use winrar already but it just saying unknown format or file corrupted. and i'd use the ryanvm integrator but a cannot find the i386 directory... please help me i'm loosing my mind to this problem cause i cannot use the internet for a period of time cuaese i always restart the computer every time the error pops out....

1

@Neilster23:
0. Don't let a machine make you loose your mind ;)
1. You probably use an old version of WinRAR that doesn't know *.7z files yet
2. The RyanVM update pack seems to be for integration on a XP installation disc only. Let me explain: Over here, I can choose between at least to different suppliers of update packs, which come in 2 different flavors (full and incremental/diff versions) as an easy-to-install self-extracting *.exe file. So I was googling like hell for a similar thing for the english versions of XP and all I found was the RyanVM software (of which I thought it's just the same thing :o ). Sorry, but read on, I did some more research on that:

@All
I found these single hotfixes
WindowsXP-KB921883-x86-ENU.exe (MS06040)
and probably
WindowsXP-KB894391-x86-ENU.exe

fixed the problem for most affected people. Everybody should be able to download them from the MS site:
http://www.microsoft.com/athome/security/update/bulletins/200608.mspx
The first and seemingly deciding one can be found also here:
http://www.softwarepatch.com/windows/index.html

There is a workaround to prevent your internet connection from being cut: Just drag the error message window out of sight and don't click on any button. This way you can go on trying to fix it.

Another approach to the problem is disabling certain services (which is basically no bad idea anyway) by using a simple tool like Windows Worms Doors Cleaner v1.4.1 which can be found here:
http://www.firewallleaktester.com/tools_list.htm
or here (another similar tool)
http://www.dingens.org

The reason for this new massive appearance of GHP errors is probably described here:
http://isc.sans.org/diary.php?storyid=1592&isc=74178c1ba2ef4b85d3c9bb52fce76370
and here:
http://www.lurhq.com/mocbot-ms06040.html
According to these, this is not a "friendly proof-of-concept" but almost all people with that problem report clean HJT logs and no antivirus software found something. If they found something, it seems to be by coincidence and there is most likely no correlation. It has some analogy to the outbreak of the "Blaster"-worm in August (!) 2003, which manifested itself by a similar error message. But little is known yet...

Remember, there are many reasons for svchost crashes and maybe your problem is not related to this issue. Only error messages like Neilster23 got

[example debug code]
EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6
P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 411096ac P7 : 0000a3c0
P8 : c0000409 P9 : 00000000

point to that specific issue, but many of them appeared in the past few days.

Maybe that helps somebody now. :cheesy: Good luck!

Votes + Comments
nice job
0

Thank you for gathering all of that info into one post, Xpenetrator!

As this exploit/problem looks like it will be a "chart-topper" for the near future, I'm pinning this thread to the top of the forum list as a reference for all.
:)


<EDIT>

I hope you don't mind that I changed the thread title slightly to make it more immediately descriptive...

</EDIT>

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.