Hello all,
This is a pain of a problem and haven't gotten much help elsewhere but thought I would try here. I sure hope so I can't get any work done!!!
A few days ago I started getting "svchost.exe has generated errors ..." Those of you that has experienced this know the drill.
FYI - I have read Vinaya_Pande and HughJass's post's form 5/31/05. no help, and I'm not formating. I'll put a bounty on the @#$%^ that created this bugger first!!
My config:
XP PRO w/SP2 - 2.4ghz celeron - 512meg mem - 2 users defined.
Symptoms:
Click on my logon and hear the pretty music - At the end of startup ( just after network processes etc. ) Icons flash vigorously ( more than normal active desktop re-painting ) and taskbar flashes and briefly looks like the old win98 start button is going to stay...then flashes back to XP start button.
Then I receive the svchost.exe error. A couple of ways I know I'm in trouble...try to pull up volume control and get "...no active mixers available.." and sound is gone. Can't get to microsoft firewall I get " ...associated service not running..".
If I try to ride it out and try to use other programs they slowly degrade in response time and functionality ex. Dreamweaver runs real slow and can't connect to databases etc..
Went to a many, many forums and many google searches and here is what I have done:
Ran:
AVG w/current updates
spyware doctor
Ad-aware
xoftspy
cleanmypc - registry tool
tweak regcleaner
CrapCLeaner
PC bug doctor
Spybot
Aluria's Security Center errored out when I tried to scan. ( the send report error )
They all found something different - Thats a pain in itself! Except AVG didn't find any viruses.
I know its some kind of worm that uses the legit svchost service. So ran the following worm removal tools:
Blaster
poza.a
welchia
assarm@mm
gaobot
They each took about 2 hours to run and found nothing!!!.
Found other instances of svchost.exe running in folders other than windows/system32
and deleted them ...The system booted up good and I thought I was out of the woods.....then the svchost error popped up again and I was back where I was. However during that time I read that microsoft firewall might have allowed the worm in and in fact ran Sheilds up online port test and sure enough port 1025 had been open all this time!! I was able to shut down the firewall and loaded the pcInternet patrol firewall.
Now this stopped the error from popping up but the contamination was still there, I.e. Flashing taskbar almost going to win98 taskbar, can't pull up the volume etc and programs still not running right.
The only thing I can figure is the this bugger has attached itself to a real process and that's why none of the anti-virus, spyware, regcleaners can't find it. - Doesn't give me a real warm and fuzzy about any protection I'm supposed to be getting and in some cases PAYING FOR!!!
Anyway - I'm hoping another set of eyes can help!!
I'll entertain any ideas!!
Here is my log from HIjackThis if that helps anyone!
Logfile of HijackThis v1.99.1
We need a FULL listing, not one cropped by you!
(realblackstuff)
Can't put the rest because it's to long and mostly has to do with explorer toolbar stuff and that's pretty much been ruled out.
I don't believe you! (realblackstuff)
Hope to hear from someone but I'm not that confident...cause this is a real mess!! And I have got to get some work done!!
Thank you for reading this!
Sorry for the confusion on the hijack log...I've sent it as an attachment.
By the way I ran Ewido have included that scan report as well.
Thanks again. Hope you can see something.
This is a pain of a problem and haven't gotten much help elsewhere but thought I would try here. I sure hope so I can't get any work done!!!
A few days ago I started getting "svchost.exe has generated errors ..." Those of you that has experienced this know the drill.
FYI - I have read Vinaya_Pande and HughJass's post's form 5/31/05. no help, and I'm not formating. I'll put a bounty on the @#$%^ that created this bugger first!!
My config:
XP PRO w/SP2 - 2.4ghz celeron - 512meg mem - 2 users defined.
Symptoms:
Click on my logon and hear the pretty music - At the end of startup ( just after network processes etc. ) Icons flash vigorously ( more than normal active desktop re-painting ) and taskbar flashes and briefly looks like the old win98 start button is going to stay...then flashes back to XP start button.
Then I receive the svchost.exe error. A couple of ways I know I'm in trouble...try to pull up volume control and get "...no active mixers available.." and sound is gone. Can't get to microsoft firewall I get " ...associated service not running..".
If I try to ride it out and try to use other programs they slowly degrade in response time and functionality ex. Dreamweaver runs real slow and can't connect to databases etc..
Went to a many, many forums and many google searches and here is what I have done:
Ran:
AVG w/current updates
spyware doctor
Ad-aware
xoftspy
cleanmypc - registry tool
tweak regcleaner
CrapCLeaner
PC bug doctor
Spybot
Aluria's Security Center errored out when I tried to scan. ( the send report error )
They all found something different - Thats a pain in itself! Except AVG didn't find any viruses.
I know its some kind of worm that uses the legit svchost service. So ran the following worm removal tools:
Blaster
poza.a
welchia
assarm@mm
gaobot
They each took about 2 hours to run and found nothing!!!.
Found other instances of svchost.exe running in folders other than windows/system32
and deleted them ...The system booted up good and I thought I was out of the woods.....then the svchost error popped up again and I was back where I was. However during that time I read that microsoft firewall might have allowed the worm in and in fact ran Sheilds up online port test and sure enough port 1025 had been open all this time!! I was able to shut down the firewall and loaded the pcInternet patrol firewall.
Now this stopped the error from popping up but the contamination was still there, I.e. Flashing taskbar almost going to win98 taskbar, can't pull up the volume etc and programs still not running right.
The only thing I can figure is the this bugger has attached itself to a real process and that's why none of the anti-virus, spyware, regcleaners can't find it. - Doesn't give me a real warm and fuzzy about any protection I'm supposed to be getting and in some cases PAYING FOR!!!
Anyway - I'm hoping another set of eyes can help!!
I'll entertain any ideas!!
Here is my log from HIjackThis if that helps anyone!
Logfile of HijackThis v1.99.1
We need a FULL listing, not one cropped by you!
(realblackstuff)
Can't put the rest because it's to long and mostly has to do with explorer toolbar stuff and that's pretty much been ruled out.
I don't believe you! (realblackstuff)
Hope to hear from someone but I'm not that confident...cause this is a real mess!! And I have got to get some work done!!
Thank you for reading this!
Sorry for the confusion on the hijack log...I've sent it as an attachment.
By the way I ran Ewido have included that scan report as well.
Thanks again. Hope you can see something.