I have a mid-size Windows network (40 PCs, 3 AD servers) and everything was working fine until some months ago. suddenly, I started to see in some PCs and servers the weird "Generic host process" error. It even reappears a couple of days after the PC is reinstalled. All the solutions in internet involve patching, but my systems says that the patch is not required (seems that XP SP3 and Server 2003 SP1 already have the patch). Then a new problem appeared: many PCs simply cant browse the network because Workstation and Server services dont start. I have to go and manually start the services. A third problem appeared: one server (not AD server) is trying to start a session in several worsktations, generating a failure report, flooding the security log. Then, a fourth problem appeared: now the audio device fails in some PCs and user have to restart to have it workng again. all Pcs have Kaspersky 6, updated daily. Can somebody give me an idea about whats happening or how to solve it?


That is a pretty tough one to diagnose. Have you tried Malwarebytes scan on one of the systems that is giving you the errors? You mentioned it is showing up on clients even after they have been reloaded, I am assuming that the systems have been added to the domain. If that is so and this is occuring after they are added to the domain, I would take a look at the group policy settings in the server to see if there is something being passed to the clients that is causing the change to the system. If you have applied the latest updates to the OS then I think I would also suggest that you run something like CCleaner to remove old registry entries that are not longer needed.

Do you have antivirus running on all PCs? Have you checked them for malware?

if you are on windows xp, then you are being hit by conficker worm. download the patch from the following link for your os
Click Here

xp sp3 does not have the patch built in.

i'd recommend you to isolate each host from network, reinstall the os, apply the patch, use kaspersky internet security instead of antivirus and then join the network.

After some careful observation, I think that this patch solved the issue. Also seems I have conficker as you say.

keep in mind that applying this patch doesnot remove the conficker worm from your system. Run a scan with an updated av and remove it completely. there are infected dlls in system32 dir and possibly jpg files in the temp internet directory. applying the patch prevents the worm to attack your pc from network.

What AV is confirmed to remove it? I have Kaspersky updated daily and it doesnt detects conficker.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.