1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Generic hosting process failing, browser-based adware, and netby.sys rootkit

By Spakz
Jul 25, 2011
  1. Greetings,
    I have various problems with my laptop (Toshiba, running Windows XP), and was looking at recieving some help. Any aid would be much appreciated.
    I'll do my best at attempting to describe the major issues I face.
    1) Svchost.exe climbs to high CPU usage
    Approx. 1-2 minutes after booting my laptop and loading my profile, svchost will start to climb in CPU usage and in memory usage. It eventually reaches such a point that the rest of my system becomes almost unusably slow. Eventually Generic Host Proccess for Windows will fail (prompting an error message) and unusual problems will begin. Programs which had not been opened previously will not play sound. The OS style/skin (I'm not sure exactly what to call it) will revert to a lower setting, similar to an older Windows OS. The last of the consistent errors I can identify is that if I shut my laptop/hibernate it, it will not connect to the internet when it is opened again​
    2) Adware spam/search engine redirection
    This one is fairly simple. When using Google, often a clicked search result will bring me to a redirect, and then to a different page. Also, at seemingly random intervals, many, many, many new tabs with Google searches will open. I can end this by using Alt+F4 on the browser and restarting it.​
    3) Rootkit netbt.sys
    This rootkit seems to be quite stubborn. I am alerted by avast! about its presence quite often, but my attempts to remove it seem futile​

    Additional info:
    I have a great deal of computer experience, so no worries in that department. I have avast! free antivirus, and Malwarebyte's Anti-Malware. I run Windows XP and use Opera as my web browser.

    This is what I know so far. Any help would be much, much appreciated. I will respond to this thread as quickly as I can. Thank you once more.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome! Thanks you for the clear and concise description of your problems. I'll be glad t help you. Nice to hear you know your way around the system- that will make things easier.
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    Our basics:
    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    Your particulars:
    1. As you know, many processes in Windows run under the name of Generic Host Processes for Win32.

    And as you probably also know, malware can run under the name of almost any process. The svchost.exe processes weill run in multiples and can all be legitimate. Even if one is using high CPU, it will have to be identified as to legitimate or malware.
    2. About the redirects, et al. Yes, very common here. Can be serious malware or just the nuisance kind causing it.
    3. About netbt.sys
    What is netbt.sys?
    Microsoft Windows MBT transport driver that should be located in the C:\Windows\System32\drivers directory.

    So the name alone doesn't tell us anything. It's going to be about location. That's why we run the preliminary scans. We can 'see' what's running and where it running from. Then we can apply the most appropriate additional scan. I will know more when I see your logs. Since you are an experienced user, you will realize the importance of not doing anything that will change the system, such as run other cleaning scans, clean or change Registry, etc.

    Allow me to direct you.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...