Tech Support banner
Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
79 Posts
Discussion Starter · #1 ·
I have a problem with my generic host for win32(sv_ghost).I connect to the internet and after a while i get the message that generic host for win32 has encountered a problem and that it needs to close....

I cleaned up my pc from virus (i had a trojan) and i thougt that my problem was solved.For 2 days since i cleaned my pc i had no problem.The third day i saw again the same message.I can t tell if it s again a virus or is it a windows problem, i was instructed to post here if had a problem again so i posted this thread.

I want to ask if you can help me with this problem.
And another question i want to ask is if its possible to get a virus without going into suspecious sites or downloading suspicius things.

Thank you in advance.

PS:I was helped by your site again and i was completely satisfied,this is the reason i am posting again.
 

·
TSF Team Emeritus , Microsoft Visiting Expert
Joined
·
3,258 Posts
Hi Ang3ofd3ath


Yes, it's possible to get infected without doing anything at all = especially if you are connected to a local network (either at home or at a business, a "LAN") or by a broadband connection to the Internet (DSL, cable, or satellite, a "wide-area-network" or "WAN") - or to both. The malware type known as a "network worm" can travel in this way - with no activity on your part.

This is especially true if you don't have the latest Security Updates for Windows XP, available from Microsoft's Windows Update or Microsoft Update websites (which can be reached automatically by turning on "Automatic Updates" from the XP Service Pack 2's "Security Center" in the Windows XP Control Panel). Or if your firewall is either off or simply inadequate.

Whenever online, remember to always have your firewall, antivirus, and antispyware running. If you are currently not running one of these - you risk getting reinfected over and over. The longer a system is infected, the greater the chance it can have a rootkit (sometimes several) attack. These truly make cleaning the PC a bigger chore.

Try scanning and cleaning your malware as thoroughly as possible once again. Scan with the settings set to as "high" and "thorough" as possible. Scan under each Username that you see from the Logon screen (if you have one), and scan under the "Administrator" username when booted into Safe Mode.

Scan for rootkits as well - I like to recommend Rootkit Revealer --- http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx --- and BlackLight --- http://www.f-secure.com/blacklight/try_blacklight.html --- BlackLight's trial period is due to run out soon, so grab it and run it while you can. For a good background article on rootkits and how they work, see --- http://www.pcsupportadvisor.com/rootkits.htm --- The introductory article at the Microsoft/SysInternals site is also very good.

Let us know if a rootkit is found.

If you are able to eradicate any infections, and the system scans clean of malware, next try a run of the Windows File Protection program (like an XP version of the "System File Checker"). This program will restore damaged or missing Windows operating system files from either your Windows Installation CD, or from the installation files stored on your hard drive (usually in the .cab format). To start the program, go to the Start/Run box and type

sfc /scannow

The process will run in the background, and put entries in the EventViewer logs for when it starts, when it replaces files, and when it finishes. If it can't find your installation files, it will ask you to insert your Windows XP installation CD, or to locate the files on your hard drive (you'd browse to that location - rather like "pointing" XP to them).

Should you need good free-for-personal use tools for fighting malware, some of the tools I recommend are:
Antivirus -- avast! (for moderately powerful XP computers)
----------- AVG (for modestly powered XP or earlier-version computers)
Antispyware -- AdAware
-------------- SpyBot Search & Destroy (especially, use it's "Immunize" ------------------feature and update it often)
Firewall -- ZoneAlarm or Sunbelt/Kerio Personal Firewall.

If you'd like a tool to help you see what processes are running inside of each of the "svchost" task that you see in Task Manager, download and run the Microsoft/SysInterals tool "Process Explorer". An "svchost" is actually a collection of programs - rather a tote-bag of services. Some malware programs are getting pretty good about hiding in these. http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx --- Now that I think about it, you might be interested in looking in on your Startup processes with "Autoruns" as well --- http://www.microsoft.com/technet/sysinternals/Utilities/Autoruns.mspx

... And, if it's been a while, visit Windows Update to get caught up with the "Critical Updates".

Best of luck
. . . Gary

[P.S. ... I suppose I should add that you can only install and run one firewall at a time, and one antivirus program at a time. Such installs are best done when disconnected from all networks. Only one real-time active spyware scanner should run, though you can have many antispyware tools installed. Just remember to scan with your antispyware programs one-at-a-time (for example, don't run a manual SpyBot scan at the same time as an AdAware scan).]
 

·
Registered
Joined
·
79 Posts
Discussion Starter · #3 ·
Hi, thank you for answering my question.I read carefully what you replied me
and i have some questions,about rootkits(as i first hear about them).Could you give me more information
about the rootkits.


I also want to inform you that i use avg free antispyware (i was told to do so
by your site),kasperky antivirus and kerio personal firewall (firewall engine version 2.1.5)
I am also connected to a network with my powerbook g4 (apple) but i don t think that this can
cause a virus or a similar problem.

Yesterday i met a friend of mine and while talking we realised that we had the same provider.(Forthnet,
a greek company) and i told him about my problem.He had the same problem and he was told to install new
drivers for his modem which is the same with mine(Forthnet provides the same modem to all).I did that yesterday
and for a day i had no problem.Today it crashes after five to ten minutes since i connect.

When it crashes i am still connected to the internet for some time or until i push "Don t send report" and then
my pc gets messed up.Sometimes my pc can t play sounds and i get the message(down to the clock) that my system is
running low on memory.

I had formated my disk for several times as i thought that it was a virus, but the problem still exists.

I am looking to solve the problem cause i need my connection for work and i can t have such a problem.
I tried to contact to my tech provider support but my impression is that they can not help me.Cause they aren t
willing to hear details of my problem as you are.

:eek::wave:
 

·
Roaming To Help
Joined
·
5,667 Posts
Svchost errors are critical. To me it certainly seems like a driver as they are either a corrupt OS, hardware, virus or driver issue.

I would run windows driver verifier tool to make sure and get some accuracy. Also give us any errors/warnings from the Event Viewer in Admin Tools, if there are any.

*Close all applications.
*Start>Run> type: verifier.exe and hit Enter
*You're running this Driver Verifier utility for XP which has options shown as HERE
*Create Standard Settings>and choose "Automatically select all drivers installed on this computer"
*Proceed and see what it lists.
*If there's something wrong with a driver causing BSoD's, it'll usually give you another BSoD with the driver name included or show it: i.e. xxxxxx.sys
*Make a note of that.

See how that goes.
 

·
TSF Team Emeritus , Microsoft Visiting Expert
Joined
·
3,258 Posts
Hi again

You have a growing list of things to check:
1) Thoroughly scan, with all the your anti-malware tools, and include the rootkit scans as well. Note that it's best to disconnect from networks (unplug your ethernet cable or disable your wireless), and have no other programs open when you run the rootkit scans. A network worm can enter your system through any network connection: regardless of the operating systems the other computers are using, unless your firewall is setup correctly to block unwanted connections - and your antivirus to catch any infections you accidentally receive from an infected site/file/email. The source is usually the Internet. If you've been restoring data after each reinstall, scan the backups to make sure you aren't reintroducing a pest when you restore.
2) Check on your Startups and Background processes, as recommended (Autoruns & Process Explorer)
3) Run the driver verification tool that Kalim recommended.
4) Run the memory diagnostics that Kalim recommended (you could also test your hard drive too - these tools are always a good idea, they help either to identify or to rule out hardware problems as the source of trouble) --- http://www.tacktech.com/display.cfm?ttid=287
5) Visit Windows Update and install Critical Patches. If you have been using a Restore/Recovery Disk Set during your several "reformats" - then you should know that it very important to get up-to-date at Windows Updates as quickly as possible. Your system is vulnerable until completely patched.
6) Look in on your EventViewer logs & read the error messages there that correspond with the system failures. Start/Control Panel/Performance and Maintenance/Administrative Tools/Event Viewer. Right-click on the line in the log containing the error, and select "Properties". Especially look to see if the error message mentions a module [it very well might be the broadband modem's driver that you recently replaced]. If it is indeed the broadband modem driver, it's possible that the driver needs for Windows XP to have the latest Service Pack for XP already installed before you install the new driver. You can check this by calling Forthnet, or by checking on their website. Visiting Windows Update is a crucial step = it can't be stressed too much.

If you have changed your Virtual Memory settings at all during your troubleshooting, by all means, set them back to "system managed". Having too small a page file creates all sorts of problems. To reset Virtual memory =
1) Click Start, right-click My Computer, and then click Properties.
2) Click the Advanced tab.
3) Under Performance, click Settings.
4) Click the Advanced tab.
5) Under Virtual Memory, click Change.
6) Click No paging file. Click OK, click OK, and then click OK.
7) Restart your computer.
8) Click Start, right-click My Computer, and then click Properties.
9) Click the Advanced tab.
10) Under Performance, click Settings.
11) Click the Advanced tab.
12) Under Virtual Memory, click Change.
13) Click System managed sized. Click OK, click OK, and then click OK.
14) Restart your computer.

If you have trouble establishing an Internet connection - your first contact choice is to check with your provider. If they feel it's not their service, equipment, or software that is the source of the problem, you can try regaining connectivity by restoring some of the Windows XP communications files by either the "sfc /scannow" routine, or by trying a tool such as WinSockXPfix --- http://www.tacktech.com/display.cfm?ttid=257

This is a lot of ground to cover, but with some careful work and a little luck, you should have your computer crash-free, well-protected, and connected.
. . . Gary
 

·
Registered
Joined
·
79 Posts
Discussion Starter · #7 ·
I have to go out of town and i will be offline for 2-3 days minimum so i cant do
anything right now.I ll inform you when i will be ready to start examining my systems problem.

i read the post you made and still i can t understand how to do all of what you said.I understand the reason for doing all the things above but i don t know how...I was wondering if you could explain them more and if you could tell me step by step how could i do them.

Thank you.
 

·
Registered
Joined
·
79 Posts
Discussion Starter · #9 ·
I can t understand your last message.What i want is if you can tell what to do step by step cause i am a little new at this stuff and i don t know how exactly to do with what you advise me to.If it s too difficult for you i ll understand.I am aware of that you have other problems to take care,i m just asking for help.;-)))
 

·
Roaming To Help
Joined
·
5,667 Posts
Its OK, it only takes asking :grin:

First I'd like to know, have you done anything that I or OldGrayGary has recommended yet?

Can you list what you have tried please.

Just so I/we know where to start from.
 

·
TSF Team Emeritus , Microsoft Visiting Expert
Joined
·
3,258 Posts
Hi all

Well, your true first task --- is to enjoy your holidays! :) Take your time with any or all of our suggestions. There's no need to rush anything. If you are uncomfortable with a procedure, let us know - & we'll try to help until you feel confident.

To make things as easy as we can, I'll make a numbered list. Then, when asking a question about a procedure, just put that number first, & we'll know which procedure you want help with.

1) Run antivirus, antispyware, & rootkit scans. (just like you did in the Security forums). At this link ---http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx --- there is a thorough explanation of rootkits & of how to use Rootkit Revealer.
2) Check on Startup and Background processes, using the Microsoft/SysInternals tools "Autoruns" --- http://www.microsoft.com/technet/sysinternals/Utilities/Autoruns.mspx --- and "Process Explorer" --- http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx --- Once again, excellent instructions are on the same webpage as the download link.
3) Run the driver verification tool that Kalim recommended. He gave step-by-step instructions in the first reply that mentioned the tool.
4) Run some diagnostics. Test your memory with MemTest86+ (http://www.memtest.org) - full instructions are on the download page [you can create either a bootable floppy diskette or bootable CD to run the diagnostic from]. Test your hard drive with the utility created by your hard drive manufacturer. There is a handy download list at this link --- http://www.tacktech.com/display.cfm?ttid=287 --- Again, you will see instuctions on how to download and how to run the program on the download page links.
5) Look in your EventViewer logs for error related to your system failures. You can reach the EventViewer by going clicking on your Start button, then on Control Panel, then Performance and Maintenance, then Administrative Tools, and then Event Viewer. [You'll see events listed in a window to your right after you select an event log to view - start with the Application and then the System logs. Right-click on the line in the log containing the error, and select "Properties". Especially look to see if the error message mentions a module [it very well might be the broadband modem's driver that you recently replaced]. If it is indeed the broadband modem driver, it's possible that the driver needs for Windows XP to have the latest Service Pack for XP already installed before you install the new driver. You can check this by calling Forthnet, or by checking on their website. Visiting Windows Update is a crucial step = it can't be stressed too much.
6) Try a run of Windows File Protecton (like an XP version of the "System File Checker"). This program will restore damaged or missing Windows operating system files from either your Windows Installation CD, or from the installation files stored on your hard drive (usually in the .cab format). To start the program, go to the Start/Run box and type "sfc /scannow" (but without the quotes). The process will run in the background, and put entries in the EventViewer logs for when it starts, when it replaces files, and when it finishes. If it can't find your installation files, it will ask you to insert your Windows XP installation CD, or to locate the files on your hard drive (you'd browse to that location - rather like "pointing" XP to them).
7) Visit Windows Update and install Critical Patches. If you have been using a Restore/Recovery Disk Set during your several "reformats" - then you should know that it very important to get up-to-date at Windows Updates as quickly as possible. Your system is vulnerable until completely patched.
8) Check that your Virtual Memory settings (also called "page file" settings) are set to "system managed". You can check on this, and then change the setting if necessary, following the instructions I left in my earlier reply (Dec. 16th). To view the setting, use those Virtual Memory instructions steps 1-4. To change the setting, use the Virtual Memory instructions steps 1-14.
9) If you lose Internet connectivity during all this, you can try restoring it using the WinsockXPFix tool. All the instructons you need are on the page the download is on --- http://www.tacktech.com/display.cfm?ttid=257

That's all there is to it: your NineStep Path to Computer Happiness!
. . . Gary

[P.S... if you print these instructions out, that will probably make it even easier]
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
1 - 12 of 12 Posts
Status
Not open for further replies.
Top