Hi all,
Norton AV got a bit wobbly recently and apparently let something in the door. Symptoms:
- the ever-popular Google search results redirect
- regedit and regedt32 are blocked
- Windows Updates are blocked
- updates to just about anything else are blocked
- eventual lock up of the UI
I've done the 8-step program. MBAW uncovered two registry key threats (shown in the attached log addendum), which were removed. SASW detected Trojan.dropper/gen-123, a DLL file, and another batch of registry keys. These have all been placed in quarantine.
After placing these items in quarantine, the error "Generic Host Process for Win32 has encountered an error and needs to close" occurs when trying to start regedit or install Windows updates. This error makes the system unusable and it must be shut down with the power switch.
I've attached a current MBAW log (clean) with an addendum showing the initial bad registry keys. For some reason, a log did not get generated for that pass. Also attached is the SASW log from when the Trojan.dropper items were found, and a subsequent scan after they were quarantined. And of course, a HiJack This log.
Any help would be greatly appreciated -- Thanks!!
Norton AV got a bit wobbly recently and apparently let something in the door. Symptoms:
- the ever-popular Google search results redirect
- regedit and regedt32 are blocked
- Windows Updates are blocked
- updates to just about anything else are blocked
- eventual lock up of the UI
I've done the 8-step program. MBAW uncovered two registry key threats (shown in the attached log addendum), which were removed. SASW detected Trojan.dropper/gen-123, a DLL file, and another batch of registry keys. These have all been placed in quarantine.
After placing these items in quarantine, the error "Generic Host Process for Win32 has encountered an error and needs to close" occurs when trying to start regedit or install Windows updates. This error makes the system unusable and it must be shut down with the power switch.
I've attached a current MBAW log (clean) with an addendum showing the initial bad registry keys. For some reason, a log did not get generated for that pass. Also attached is the SASW log from when the Trojan.dropper items were found, and a subsequent scan after they were quarantined. And of course, a HiJack This log.
Any help would be greatly appreciated -- Thanks!!
