|
Home > Archive > alt.certification.a-plus > August 2003 > svchost.exe problem. Help if you know of this
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
svchost.exe problem. Help if you know of this
|
|
| DullRazor 2003-08-16, 12:23 am |
| Hi all
I've posted this question once but I never saw it show up in the
group. Heres the problem; I reinstalled Windows 2000pro on my machine
and ever since I get an error message that says, "svchost.exe has
generated problems and will be shutdown. You will have to restart the
program. An error log is being generated". When this happens my
windows search menu will not come up. I can click on start, go to
search, then to files and folders but the search window will not come
up. Also, I can go into Winnt and it is completely blank as well as
the programs folder. I know what svchost.exe is and I have done some
research on the internet about it. Most sites talk about svchost.exe
using up to much processor resources and bogging down the system. I
haven't seen anything about svchost causing my kind of problems. I can
turn the machine off then back on and all will work fine for a while.
Other than that the system still works fine. Any ideas??????
| |
|
|
"DullRazor" <ultraflt@earthlink.net> wrote in message
news:11orjv413f06kbgkbk81fip3m
kjuu89g50@4ax.com...
> Hi all
> I've posted this question once but I never saw it show up in the
> group. Heres the problem; I reinstalled Windows 2000pro on my machine
> and ever since I get an error message that says, "svchost.exe has
> generated problems and will be shutdown. You will have to restart the
> program. An error log is being generated". When this happens my
> windows search menu will not come up. I can click on start, go to
> search, then to files and folders but the search window will not come
> up. Also, I can go into Winnt and it is completely blank as well as
> the programs folder.
<snipped>
This issue is being caused by the msblaster worm. Further information
on this issue can be found here:
http://securityresponse.symantec.co...laster.worm.htm
l
Patch for Windows 2000/NT
http://www.microsoft.com/downloads/...a846-f541-4c15-
8c9f-220354449117&displaylang=en
..
| |
| DullRazor 2003-08-16, 2:23 pm |
| YEP, I got it. It got past my antivirus program and I keep that
updated. I am pretty sure I can manually remove it so I'll do that
first chance I get. Everyone better keep on top of this one.
Thanks for the advise.
On Sat, 16 Aug 2003 14:20:30 GMT, "Dave" <nomailplease@127.0.0.1>
wrote:
>
>"DullRazor" <ultraflt@earthlink.net> wrote in message
> news:11orjv413f06kbgkbk81fip3m
kjuu89g50@4ax.com...
>> Hi all
>> I've posted this question once but I never saw it show up in the
>> group. Heres the problem; I reinstalled Windows 2000pro on my machine
>> and ever since I get an error message that says, "svchost.exe has
>> generated problems and will be shutdown. You will have to restart the
>> program. An error log is being generated". When this happens my
>> windows search menu will not come up. I can click on start, go to
>> search, then to files and folders but the search window will not come
>> up. Also, I can go into Winnt and it is completely blank as well as
>> the programs folder.
><snipped>
>This issue is being caused by the msblaster worm. Further information
>on this issue can be found here:
>
>http://securityresponse.symantec.co...laster.worm.htm
>l
>
>Patch for Windows 2000/NT
>http://www.microsoft.com/downloads/...a846-f541-4c15-
>8c9f-220354449117&displaylang=en
>
>.
>
| |
| Glenn \(SBfan2000\) 2003-08-16, 5:23 pm |
| I have been having this same problem with errors about svchost.exe! After I
get the error some programs will not run correctly and the search function
will not work! After restarting, everything works fine! Its not the
blaster worm I have updated windows patches, updated virus def. and the
blaster addition to the registry is not present! Also have a firewall and
it is not reporting and attempts on the ports that blaster uses!
"DullRazor" <ultraflt@earthlink.net> wrote in message
news:6f7tjvgh2ajrm9iq7k14gq63d
9hapk9v55@4ax.com...
> YEP, I got it. It got past my antivirus program and I keep that
> updated. I am pretty sure I can manually remove it so I'll do that
> first chance I get. Everyone better keep on top of this one.
> Thanks for the advise.
>
> On Sat, 16 Aug 2003 14:20:30 GMT, "Dave" <nomailplease@127.0.0.1>
> wrote:
>
> >
> >"DullRazor" <ultraflt@earthlink.net> wrote in message
> > news:11orjv413f06kbgkbk81fip3m
kjuu89g50@4ax.com...
> >> Hi all
> >> I've posted this question once but I never saw it show up in the
> >> group. Heres the problem; I reinstalled Windows 2000pro on my machine
> >> and ever since I get an error message that says, "svchost.exe has
> >> generated problems and will be shutdown. You will have to restart the
> >> program. An error log is being generated". When this happens my
> >> windows search menu will not come up. I can click on start, go to
> >> search, then to files and folders but the search window will not come
> >> up. Also, I can go into Winnt and it is completely blank as well as
> >> the programs folder.
> ><snipped>
> >This issue is being caused by the msblaster worm. Further information
> >on this issue can be found here:
> >
>
>http://securityresponse.symantec.co...blaster.worm.ht
m
> >l
> >
> >Patch for Windows 2000/NT
>
>http://www.microsoft.com/downloads/...8a846-f541-4c15
-
> >8c9f-220354449117&displaylang=en
> >
> >.
> >
>
| |
|
|
| Simon Telrenner 2003-08-18, 1:25 pm |
| I have the same issue on a couple of different computers. I even ran the
msblaster check from Norton to make sure, and nothing.
--
Kendal R. Emery, MCSE, Network+, A+, MCNGP #19
Systems Administrator
Coordinated Home Care
kemery@coordinatedhomec
are.me.com
remove me to email to me
"Glenn (SBfan2000)" <webmaster@glenngriffith.com> wrote in message
news:vjt4cn21i2tde9@corp.supernews.com...
> I have been having this same problem with errors about svchost.exe! After
I
> get the error some programs will not run correctly and the search function
> will not work! After restarting, everything works fine! Its not the
> blaster worm I have updated windows patches, updated virus def. and the
> blaster addition to the registry is not present! Also have a firewall and
> it is not reporting and attempts on the ports that blaster uses!
>
> "DullRazor" <ultraflt@earthlink.net> wrote in message
> news:6f7tjvgh2ajrm9iq7k14gq63d
9hapk9v55@4ax.com...
> > YEP, I got it. It got past my antivirus program and I keep that
> > updated. I am pretty sure I can manually remove it so I'll do that
> > first chance I get. Everyone better keep on top of this one.
> > Thanks for the advise.
> >
> > On Sat, 16 Aug 2003 14:20:30 GMT, "Dave" <nomailplease@127.0.0.1>
> > wrote:
> >
> > >
> > >"DullRazor" <ultraflt@earthlink.net> wrote in message
> > > news:11orjv413f06kbgkbk81fip3m
kjuu89g50@4ax.com...
> > >> Hi all
> > >> I've posted this question once but I never saw it show up in the
> > >> group. Heres the problem; I reinstalled Windows 2000pro on my machine
> > >> and ever since I get an error message that says, "svchost.exe has
> > >> generated problems and will be shutdown. You will have to restart the
> > >> program. An error log is being generated". When this happens my
> > >> windows search menu will not come up. I can click on start, go to
> > >> search, then to files and folders but the search window will not come
> > >> up. Also, I can go into Winnt and it is completely blank as well as
> > >> the programs folder.
> > ><snipped>
> > >This issue is being caused by the msblaster worm. Further information
> > >on this issue can be found here:
> > >
> >
>
>http://securityresponse.symantec.co...blaster.worm.ht
> m
> > >l
> > >
> > >Patch for Windows 2000/NT
> >
>
>http://www.microsoft.com/downloads/...8a846-f541-4c15
> -
> > >8c9f-220354449117&displaylang=en
> > >
> > >.
> > >
> >
>
>
| |
|
| Could be a different variation of Blaster - there are a couple out there
unfortunately.
| |
|
| There is a d.o.s variant of the same exploit utilised by blaster, just
crashes servicehost. walling port 135 stops it
"RussS" <yeah_right@roflmao.com> wrote in message
news:CTb0b.120536$JA5.2743524@news.xtra.co.nz...
> Could be a different variation of Blaster - there are a couple out there
> unfortunately.
>
>
| |
| DullRazor 2003-08-18, 8:24 pm |
|
Well I manually removed MSBLAST.EXE and have had no more svchost.exe
problems or error messages. I also went to microsoft and downloaded
their patch and have been keeping an eye on Task Manager. Thanks for
all the good advise guys. Really appreciate it.
On Mon, 18 Aug 2003 22:03:46 GMT, "Dave" <nomailplease@127.0.0.1>
wrote:
>There is a d.o.s variant of the same exploit utilised by blaster, just
>crashes servicehost. walling port 135 stops it
>
>"RussS" <yeah_right@roflmao.com> wrote in message
>news:CTb0b.120536$JA5.2743524@news.xtra.co.nz...
>> Could be a different variation of Blaster - there are a couple out there
>> unfortunately.
>>
>>
>
| |
|
| On Tue, 19 Aug 2003 09:51:29 +1200, "RussS" <yeah_right@roflmao.com>
wrote:
>Could be a different variation of Blaster - there are a couple out there
>unfortunately.
>
I had a customers machine display the symptoms of MBlast ie: shutting
down in 30 seconds, when scanned with the removal tool(two of them)
didn't pick up anything.I patched it anyway and ran Adaware and Spybot
and picked up around 150 nasties.
Customer picked up the machine and no problems ???
| |
|
| Yes, as Dave said - there is a DOS varient out there, and I am thinking a
lot of modern scanners do not check old DOS stuff.
| |
| DullRazor 2003-08-18, 10:24 pm |
| Hay Brett
Where can I pick up adaware and spybot? Are they easy to run?
On Tue, 19 Aug 2003 11:47:41 +1200, Bret <at@at.corn> wrote:
>On Tue, 19 Aug 2003 09:51:29 +1200, "RussS" <yeah_right@roflmao.com>
>wrote:
>
>>Could be a different variation of Blaster - there are a couple out there
>>unfortunately.
>>
>I had a customers machine display the symptoms of MBlast ie: shutting
>down in 30 seconds, when scanned with the removal tool(two of them)
>didn't pick up anything.I patched it anyway and ran Adaware and Spybot
>and picked up around 150 nasties.
>Customer picked up the machine and no problems ???
| |
|
|
|
| On Tue, 19 Aug 2003 01:46:00 GMT, DullRazor <ultraflt@earthlink.net>
wrote:
>Hay Brett
>Where can I pick up adaware and spybot? Are they easy to run?
RussS has kindly posted the links for you, they are easy to run, and
can be set to scan on boot every time.
| |
| Simon Telrenner 2003-08-19, 11:25 am |
| Well, I just talked to the one office that was having the service host
error. After they started having it, I went and ran the patch, even though
I didn't find the worm, I figured it couldn't hurt. And what do you know,
she hasn't had the svchost error since.
--
Kendal R. Emery, MCSE, Network+, A+, MCNGP #19
Systems Administrator
Coordinated Home Care
kemery@coordinatedhomec
are.me.com
remove me to email to me
"Bret" <at@at.corn> wrote in message
news:j6p2kv85p4agchf382tk2p4vb
6q3f6md8t@4ax.com...
> On Tue, 19 Aug 2003 09:51:29 +1200, "RussS" <yeah_right@roflmao.com>
> wrote:
>
> >Could be a different variation of Blaster - there are a couple out there
> >unfortunately.
> >
> I had a customers machine display the symptoms of MBlast ie: shutting
> down in 30 seconds, when scanned with the removal tool(two of them)
> didn't pick up anything.I patched it anyway and ran Adaware and Spybot
> and picked up around 150 nasties.
> Customer picked up the machine and no problems ???
| |
|
| Definitely sounds like one of the generic variations ;-)
| |
| ImhoTech 2003-08-20, 12:26 pm |
| Heh...yeah this seems a bit confusing on the surface. You just have to think
a little differently for Blaster and variants. We tend to think of viruses
(or worms) as the source of a given set of symptoms, remove the offensive
code, symptoms go away. But in this case the local symptoms are the result
of an infected remote system attempting to propogate using the exploit on an
unpatched system.
The worm does not have to present for the shutdown and many other issues to
occur on an unpatched machine.
Conversely patching an 'infected' machine without removing the worm won't
prevent the machine from spreading the worm, although there will be none of
the obvious symptoms.
Additionally AV software can prevent a system from becoming 'infected' by
preventing the file from being dropped, but can't prevent the exploit, so an
unpatched system with good AV won't become 'infected', but is still subject
to the same symptoms.
"Simon Telrenner" <no@way.com> wrote in message
news:3f423c8f$1@news.zianet.com...
> Well, I just talked to the one office that was having the service host
> error. After they started having it, I went and ran the patch, even
though
> I didn't find the worm, I figured it couldn't hurt. And what do you know,
> she hasn't had the svchost error since.
>
> --
> Kendal R. Emery, MCSE, Network+, A+, MCNGP #19
> Systems Administrator
> Coordinated Home Care
> kemery@coordinatedhomec
are.me.com
> remove me to email to me
> "Bret" <at@at.corn> wrote in message
> news:j6p2kv85p4agchf382tk2p4vb
6q3f6md8t@4ax.com...
> > On Tue, 19 Aug 2003 09:51:29 +1200, "RussS" <yeah_right@roflmao.com>
> > wrote:
> >
> > >Could be a different variation of Blaster - there are a couple out
there
> > >unfortunately.
> > >
> > I had a customers machine display the symptoms of MBlast ie: shutting
> > down in 30 seconds, when scanned with the removal tool(two of them)
> > didn't pick up anything.I patched it anyway and ran Adaware and Spybot
> > and picked up around 150 nasties.
> > Customer picked up the machine and no problems ???
>
>
| |
|
| Then you have to take into account any other greebles .. like the latest
SoBig.F that is around in huge numbers. I am still seeing a lot of Klez
around too - always interesting trying to explain to a client why they
should continue spending money on anti-virus software when some virus out
there actually disable it.
Currently I recommend Norton AV, SpyBot S&D and Kerios free firewall for
home users. Another option for those who are cash strapped is the free
AntiVir Personal Edition which has out performed AVG lately. However, I
have found that many of my clients (especially the elderly) appreciate a
fortnightly email I send reminding them to update their virus definitions
and just letting them know of any other issues they should be aware of.
| |
| JK_Deth 2003-08-20, 9:26 pm |
| SoBig is really punishing some of our users. We have a Virus and Spam filter
service that does a good job, but had to reconfigure for SoBig. It was set
to notify the user whenever an email was blocked, virus was per occurence.
Had to change that to once per day. It blocked the virus fine, but with each
blocked email generated a notice it was still causing havoc, one customer
had about 900 in less than 24 hours.
I agree it is amazing the number of viruses still making the rounds, I don't
have the report handy, but we're still getting the odd Magistr, hybris, lots
of klez and several others.
Concerning Blaster and variants, I think we'll be learning new things about
those for the next couple weeks. Personally I think we were lucky that
Blaster was in fact poorly written and hope some variant doesn't work the
bugs out before the majority of systems get patched.
"RussS" <yeah_right@roflmao.com> wrote in message
news:UmR0b.122019$JA5.2809432@news.xtra.co.nz...
> Then you have to take into account any other greebles .. like the latest
> SoBig.F that is around in huge numbers. I am still seeing a lot of Klez
> around too - always interesting trying to explain to a client why they
> should continue spending money on anti-virus software when some virus out
> there actually disable it.
> Currently I recommend Norton AV, SpyBot S&D and Kerios free firewall for
> home users. Another option for those who are cash strapped is the free
> AntiVir Personal Edition which has out performed AVG lately. However, I
> have found that many of my clients (especially the elderly) appreciate a
> fortnightly email I send reminding them to update their virus definitions
> and just letting them know of any other issues they should be aware of.
>
>
| |
| brirish 2003-08-21, 11:24 am |
| I have a Win 2003 server running citrix. Just today we noticed that we are having problems. I terminal served to the machine and immediately got a message that svchost.exe failed.
does this sound like the blaster (or some variant) to you? | |
|
|
|
|
|