Sign in to follow this  
emywright

Lavasoft Support Forums - Posting New Issue

Recommended Posts

I am a Novice and have never gone through anything like this before. I just need help getting the pop up out of my machine!!! I do AdAware scans every day or two. Had my computer fixed after some type of infection a couple weeks ago, but they didn't go into Windows. I believe that is where it is. After hours of looking thru the log, I found Microsoft Windows Operating System. Generic Host Process for Win 32 Services. Internal Name: svchost.exe File Version: 5.1.2600.2180(xpsp_sp2_rtm.040803-222159). This info was under "Scan Survey for C:\Windows\system 32" and ran from #7 - 916, #8 - 1008, #9 - 1096, and #10 - 1252. I have no idea what this all means, however, this pop up, ( which appears hundreds of times, and I have to click off, or wait until it disappears) shuts down the computer for that instant. It says: "Rules automatically created for the program Microsoft Generic Process for Host Win 32 Services."

 

Computer seemed to work ok until new updates automatically appeared. I have used Norton, which needs to be updated by June 10th, and have always used AdAware. That does find extra things every time I run it.

Then last nite I received a notice that if I didn't fix errors, it probably would crash, so I found Error Killer and ran that --- and found over 400 errors. I don't even go into weird sites; only news, politics, health and fitness, and things noone would even want to know about, but me, BUT if I put Parental Control on, will I be able to view what I use? That junk goes to spam and gets deleted, but it makes me sick to have it on my machine.

I know I am rambling now, but this thing has me upset and disgusted. Something is wrong and I want my computer back without all the interruptions. How do I do this, not knowing your language. I don't do anything but simple things!!!!

 

Now I just wonder how I will ever get back here to view a reply, if I even get one. Thanks millions.

 

Emy

Share this post


Link to post
Share on other sites

em6018,

As a starting point can you please make sure that you are using

Ad-aware SE Build 106

[if not Uninstall your old Ad-aware first then install SE]

(Note if it is a paid for version of Ad-aware that you have you will need your registration details to hand in reinstalling)

Then use the WebUpDate

to get the latest Definition file

SE1R109 22.05.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

 

(note The Application Data is a hidden folder, so you will need to show hidden files and folders

and for Windows 98/ME users your logs are stored in

C:\WINDOWS\All Users\Application Data\ ) by default.

 

GRAFX 206729.gif

Share this post


Link to post
Share on other sites

Hello Emy. We have some very talented and helpful people on these forums who can guide you through the steps necessary to solve this problem.

 

Firstly, you should follow the instructions on creating something called a "HijackThis Log"

 

The instructions for this are posted here

 

When you have done this, you may copy the content of the log file, and put it in a post in this forum, stating in as much detail as you can, the problem.

 

Someone will be along to help you out with that

 

Thanks

 

//Steve

Share this post


Link to post
Share on other sites

This is interesting. A support forum for a Lavasoft products, which can create logfiles about a computer system, but the board is more popular of another application, that is not Lavasoft owned, and which can create the same basic information that Ad-aware can, (Most infections can be removed from the information that is shown in a Ad-aware logfile, more advanced infections, normally result in HJT removal, though Ad-aware can usually remove parts of infections, which helps limit HJT usage)

 

So whats happening? If there is a problem with a user, that a FAQ article hasn't be created about, do they automatically get referred to HJT?

 

I just hope that Lavasoft realises to include the features that HJT offers its users, in Ad-aware 2004

Share this post


Link to post
Share on other sites
So whats happening?

This is probably one of the many new variants of Smitfraud that have recently been released. What is Smitfraud? The Smitfraud family of desktop hijackers comes in many packages with different names and they can pop up over the desktop or give an alert from the taskbar near the clock and displays a warning message that your computer is infected with spyware and telling you to buy/download/install their program. These warnings are fake and are a goad to have you buy the commercial version of this software. Some newer versions are slightly different than the previous variants (SpywareStrike, SpyAxe,etc.) in that the alerts do not look like Windows Security alerts but are rather a square that appears from your taskbar. They can fool users in many ways, by appearing to be new updates (As Emy has described) or as a needed (but fake) codec needed for a video, etc. The schemes to fool folks into the malware download are many right now. The software companies that do remove them are stuggling to keep up with the onslaught. And we volunteers to help the users also here and in the forum for Hijackthis logs. Sometimes a solution is many faceted until the new variants can get detected by the programs to remove them.

 

I think that is what happened here and so does Steve. We're doing our best here to help those folks. Steve is working hard with the Lavasoft team to get the new variants covered as they are discovered and doing a bang up job of it too from what I've observed. He is also here during his "off" hours doing what he can, where he can. I'm just a volunteer here helping with HijackThis logs so I see most of them (Smitfraud victims). I don't think Steve is asking for HijackThis log as the solution, but rather, as a diagnostic to try and see what we are dealing with here, and to get some help to the user. We can usually tell seeing a HijackThis log if they have a variant that should be detected by Adaware or not (usually being the key word here). If it is, Adaware scan will take care of it. If it is new, we'll try to collect the files needed to added detection for a new variant and get it to Lavasoft and the other companies as well, in addition to helping the affected user get the unwanted pest off their PC using manual removal methods.

 

Andy, you are usually helpful and frankly I'm surprised at your comments here. It's totally unhelpful in this thread.

 

I do hope Emy can find her way back here to get the help from the good replies she has gotten so far to get her started.

Share this post


Link to post
Share on other sites

CJ :) I have total respect for you, and all the work you have done over the years.

 

I know you are a dedicated Ad-aware fan, but i pity you. You are working so hard, by yourself on the HJT logfiles. (And if I could read HJT logfiles I would help you)

 

There was no explaination of why the sudden refferal to HJT, and from this I saw it as more work being created for you (You are single handedly running their HJT forum), and therefore the reason why I asked for why the lack of their own application use.

 

I appologise for causing offence to you, I sincerly didn't mean to. Please, if you feel that if my post should be removed, please do so.

 

Best Wishes to you CalamityJane and your family.

 

em6018; Stick near CalamityJane, she knows all :)

Share this post


Link to post
Share on other sites

Hi Andy,

 

I know you are a helper trainee at other forums where you learn how to read/understand hijackthislogs.

I guess you already noticed that hijackthis is rather a diagnostic tool and not a removal tool. The main thing hijackthis removes are registry keys.

People are posting hijackthislogs, because they already tried Adaware and it didn't solve the problem. We can't expect Adaware can deal with all malware related problems. Backdoors, worms, and other similar issues should be solved by an Antivirus and not by Adaware.

If a problem is 'within the field of Adaware' and is not being solved after using adaware, this means there's a new variant present.... and as long as there are no samples, they cannot be added to their definitions.

So, using hijackthis is an easy way to recognise new ones and collecting the samples, so Adaware can deal with it afterwards. :)

 

This isn't about the lack of their own application use, as you call it. Because Adaware was already being used. :)

Share this post


Link to post
Share on other sites

Hi,

 

I have been helping a friend get rid of pop-up/trojan/spyware and wanted someone to have a final look at a hijackthis log to see if there is anything left I missed. I will post the hijack this log in the appropriate forum under hijackthis_shades69x.log. Thank you in advance for any help.......

 

shades69x

Share this post


Link to post
Share on other sites

:D I have been dealing with a similar issue as the original post in this thread: "Rules automatically created for the program: Generic Host Process Services". I noticed that no one really came up with a definitive resolution for this problem. Here is one:

 

Since the origin of this problem seems to be with Norton Internet Security - Personal Firewall, Open Norton Internet Security and double-click Personal Firewall.

Choose the Programs tab

Under 'Manual Program Control', find the entry for Microsoft Generic Host Process Services

click the 'Internet Access' entry for Microsoft Generic Host Process Services and select Permit All.

Symanted Techsupport assures me that this does not reduce the security features of Personal Firewall in any way.

 

Like many others, I have spent hours searching for and applying various 'fixes' and creating HJT logs and running anti-spyware programs and registry repair programs without getting any useful results. This 'fix' is definitely simple but, for some reason, very difficult to find. Even the program documentation for Norton Internet Security does not address this issue. MHR,

Share this post


Link to post
Share on other sites
Sign in to follow this