How to fix generic host process error

If you get a message Generic Host Process Error then connection to the Internet and LAN network is lost, maybe your computer has been infected with Conficker. The ability of the virus spread Conficker really aggressive.

Not limited to portable storage media like USB or memory card Flashdisk it but this virus can spread through a LAN network using bug (security holes) RPC DCOM service 3 which is an existing network operating system based on Windows 2000 or XP.

Conficker able to disable System Restore to reset the way "Restore Point" To prevent the victim eradicate this virus with the return path Restore Point. At the infected computer, Conficker will perform the function as a web server (HTTP server) to the local network. If any computer on a local network vulnerable DCOM RPC 3, then he will attack and if successful the victim's computer will download to the HTTP server had to then download and run the virus file.

 

Solution :

• You may download the patch for RPC DCOM bug from Microsoft here :http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
• Download Removal Tools from Antivirus Update here : http://free-antivirus-updates.blogspot.com/2009/12/w32conficker-and-w32downadup-removal.html

Continue Reading >>

Net-Worm.Win32.Kido.ih Removal

This worm spreads via local area networks and removable storage media. When Net-Worm.Win32.Kido.ih copies itself to remote computers, the worm creates a temporary file with a random extension. The worm itself is a Windows DLL Library file. The worm components vary in size from 155KB to 165KB and packed with UPX.

Once the Net-Worm.Win32.Kido.ih worm infected, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created :

[HKLM\SYSTEM\CurrentControlSet\Services\netsvcs]

And then modifies the following windows registry key value:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs" = "<original value> %System%\<rnd>.dll".

The Net-Worm.Win32.Kido.ih worm then launches an HTTP server on a random port, then used to download the worm's executable file to other computers in the same network as the victim machine and attacks via a buffer overrun vulnerability (MS08-067) in the Server service.

The Net-Worm.Win32.Kido.ih worm copies its executable file to removable media under the following name:

<Drive>:\RECYCLER\S-<%d%>-<%d%>-%d%>-%d%>-%d%>-%d%>-%d%>\<rnd>.vmx,

In addition to its executable file, the worm also creates file shown below in the root of every disk:

<Drive>:\autorun.inf

This file will launch the worm's executable file each time Explorer is used to open the infected removable drive.

Download Net-Worm.Win32.Kido.ih Removal Tools here

Continue Reading >>