DoctorNash
asked on
'svchost.exe has generated errors' - say what??
Dear Experts,
I've been developing and running applications on Windows 2000 Pro without any problem whatsoever, for the past two years now. However, a couple of days ago something strange happened. When I dial into the Internet now, the following dialog box pops up from time to time: 'svchost.exe has generated errors and will be closed by Windows. You will need to restart the program'. After pressing 'OK', everything looks fine again (no freezing, crash etc) - I can still navigate to sites, but pressing links in sites no longer works, and worse, I discovered I can't launch local applications like Frontpage, Photodraw, Visual Basic etc etc. The only way to correct this is to restart Windows/PC. I can't think of anything in particular I may have done to cause this problem. Any ideas? Could it be a virus? (am not running VirusScan)
Thanks for your help.
Anxious,
DocNash
I've been developing and running applications on Windows 2000 Pro without any problem whatsoever, for the past two years now. However, a couple of days ago something strange happened. When I dial into the Internet now, the following dialog box pops up from time to time: 'svchost.exe has generated errors and will be closed by Windows. You will need to restart the program'. After pressing 'OK', everything looks fine again (no freezing, crash etc) - I can still navigate to sites, but pressing links in sites no longer works, and worse, I discovered I can't launch local applications like Frontpage, Photodraw, Visual Basic etc etc. The only way to correct this is to restart Windows/PC. I can't think of anything in particular I may have done to cause this problem. Any ideas? Could it be a virus? (am not running VirusScan)
Thanks for your help.
Anxious,
DocNash
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ok, I'm confused here -- none of the literature that I'm reading at Symantec, Microsoft, in the news, etc., about the W32Blaster worm ever seems to mention the svchost.exe error message as being a symptom of infection. I mean, I believe that it is, too -- our library's network of 25 computers is mostly running W98, and they're all fine, but we've got 4 machines running W2000 Professional and all 4 of them started up with the same svchost.exe error messages yesterday (8/11/03). And once you get it everything starts heading downhill -- all kinds of goofy registry messages when you try to open a Word file, run other programs, etc. If you log out, you can't log back in properly either, until you reboot. But the machines aren't actually shutting down, like the news says infected machines are doing, Internet access is mostly uninterrupted, and I'm not actually finding the msblast.exe file or process running. The Gates Foundation, who provided and supports the 4 affected machines, advised us that it is most likely the W32Blaster worm as well. But what leads us to believe that the svchost.exe error message is indicative of a Blaster worm infection...?
Laurie
Laurie
svchost.exe is only shown when your system default is set to take no action rathen than reboot.
Right click Remote Procedure Call, select Properties, then Recovery. On all three drop-down boxes in this window, select take no action. The default is set to reboot. This will give you all the time you need to update. Please note that Control Panel > System > Advanced > Startup and Recovery > uncheck Automatically Restart does not seem to work to prevent system reboot.
Right click Remote Procedure Call, select Properties, then Recovery. On all three drop-down boxes in this window, select take no action. The default is set to reboot. This will give you all the time you need to update. Please note that Control Panel > System > Advanced > Startup and Recovery > uncheck Automatically Restart does not seem to work to prevent system reboot.
Hi Guys,
I would like to join this discussion, as I too have the same problem as 'DoctorNash'. In fact, I think a million people would have this problem, as it was mentioned on ABC Radio this morning (Australia). I run Symantec Firewall and SystemWorks 2003 and update viruses definitions and 'liveupdates' every day- it is a routine and happens atomatically. I have very strict internet settings (high) and I am really dissapointed that Microsoft + Symantec have not got a patch that works - at least not for me.
I am running Windows 2000 Pro and due to a recent crash I re-build my PC, which has been working just fine. Upon installing the OS I was prompted to update to service pack 2, which I did not do. I am currently running service pack 1. All the patches (fixes) supplied by Microsoft does not work for service packs 1. I have downloaded services pack 2, but can't install it, as the OS will not accept this. I am also told that the Windows Installer Service could not be accessed. So I have a problem here, I can't install the patch as the ones available are only for services packs 2.
My OS is not crashing, but it is a pain to use, can't copy, paste and searching the Internet has some limitations, e.g, some web sites does not work, as an example all jumpmenus can't be accessed. All content in the jumpmenus are gone, only the top text of the jump menus appear, which does nothing if selected.
I subscribe to Symantec and get all their "ALERTS" by email, etc. Yesterday afternoon, I scanned my computer for viruses, none found. I even updated my live connection and definitions. Despite my rutine I might have got the worm you are all referring to - or do I???
I have downloaded Symantec's 'blasterfix.exe', and have scanned and used this tool in normal and safe mode. The result = The W32.Baster Worm was not found.
I have also have had a look in the REGISTEREDIT, but again nothing there. I have also looked under Windows task manager (processes), again nothing there.
After having used the Symantec Removal tool I managed to get the sysytem to work for about 2-3 minutes, but then suddently the "Scvhost.exe" error message appeared again. This happen as I was investigating my Internet Settings (Symantec) and just as the messages was displayed the firewall was disabled. This was caused by the descibed error message.
I have used both the Microsoft patch as well as Symantec removal tool. But the problem is still there. I have also tried to rescann the PC using my Symantec software suite of solutions, but it will not run. The 'liveUpdate' functions displays an error : 'LU1803' - LiveUpdate failed.
Symantec recommend (on their web site) to call for technical support, which I also have done. You can't get through - the line is busy. I have called since 8.00am this (from Melbourne, Australia) morning and have been connected twice to an online waiting message system. After 45 minutes of waiting I was disconnected. This happened twice today and at this moment I cant get a free line to Symantex. It really p..... me off - you pay good money for software which you think is reliable and when it comes to support - it really sucks.
Can you help me? I am still not 100% sure I have the worm, after all symantec's own removal toll has told me I don't have it. I still have my 'scvhost.exe' problem.
If this problem is controlled by a port, how can I get this under my control? I can't activate Symantec's firewall nor its anti-virus program, so I what am I to do?
Please assist....
WebMAD
I would like to join this discussion, as I too have the same problem as 'DoctorNash'. In fact, I think a million people would have this problem, as it was mentioned on ABC Radio this morning (Australia). I run Symantec Firewall and SystemWorks 2003 and update viruses definitions and 'liveupdates' every day- it is a routine and happens atomatically. I have very strict internet settings (high) and I am really dissapointed that Microsoft + Symantec have not got a patch that works - at least not for me.
I am running Windows 2000 Pro and due to a recent crash I re-build my PC, which has been working just fine. Upon installing the OS I was prompted to update to service pack 2, which I did not do. I am currently running service pack 1. All the patches (fixes) supplied by Microsoft does not work for service packs 1. I have downloaded services pack 2, but can't install it, as the OS will not accept this. I am also told that the Windows Installer Service could not be accessed. So I have a problem here, I can't install the patch as the ones available are only for services packs 2.
My OS is not crashing, but it is a pain to use, can't copy, paste and searching the Internet has some limitations, e.g, some web sites does not work, as an example all jumpmenus can't be accessed. All content in the jumpmenus are gone, only the top text of the jump menus appear, which does nothing if selected.
I subscribe to Symantec and get all their "ALERTS" by email, etc. Yesterday afternoon, I scanned my computer for viruses, none found. I even updated my live connection and definitions. Despite my rutine I might have got the worm you are all referring to - or do I???
I have downloaded Symantec's 'blasterfix.exe', and have scanned and used this tool in normal and safe mode. The result = The W32.Baster Worm was not found.
I have also have had a look in the REGISTEREDIT, but again nothing there. I have also looked under Windows task manager (processes), again nothing there.
After having used the Symantec Removal tool I managed to get the sysytem to work for about 2-3 minutes, but then suddently the "Scvhost.exe" error message appeared again. This happen as I was investigating my Internet Settings (Symantec) and just as the messages was displayed the firewall was disabled. This was caused by the descibed error message.
I have used both the Microsoft patch as well as Symantec removal tool. But the problem is still there. I have also tried to rescann the PC using my Symantec software suite of solutions, but it will not run. The 'liveUpdate' functions displays an error : 'LU1803' - LiveUpdate failed.
Symantec recommend (on their web site) to call for technical support, which I also have done. You can't get through - the line is busy. I have called since 8.00am this (from Melbourne, Australia) morning and have been connected twice to an online waiting message system. After 45 minutes of waiting I was disconnected. This happened twice today and at this moment I cant get a free line to Symantex. It really p..... me off - you pay good money for software which you think is reliable and when it comes to support - it really sucks.
Can you help me? I am still not 100% sure I have the worm, after all symantec's own removal toll has told me I don't have it. I still have my 'scvhost.exe' problem.
If this problem is controlled by a port, how can I get this under my control? I can't activate Symantec's firewall nor its anti-virus program, so I what am I to do?
Please assist....
WebMAD
I have yet to see the "experts" mention any relation between this svchost error and the MSBlaster worm. However, I had a computer at work have problems with the svchost. Actually just one known location had problems (46 computers throughout diff locations in the city) This one location kept having problems with svchost, even if I re-imaged the entire machine with a good image, or swapped machings completely. What I did to prevent this from happening at this location is to download the FixBlast program from symantec (like Crazyone said), and then I downloaded the security patch from microsoft updates. FixBlast told me that it couldn't find the program on my computer, however I installed the security patch and the problems with svchost stopped.
I understand from the information I have read regarding this worm that when it attempts to spread it determines (randomly) which OS it is trying to target. There is an 80% chance this will be Win XP / 20% Win 2k. If it tries to connect to an XP machine but actually the target is a 2k box this will result in the svchost error as it crashes the RPC service on the 2k box.
Hope this helps.
Hope this helps.
ASKER
WebMad, my symptoms are EXACTLY the same as yours. I too cannot invoke jumpmenus or 'copy and paste'. I too am running Windows 2000 Service Pack 1. I too cannot upgrade to Service Pack 2. As for the blasterfix.exe...it too returned 'W32.Blaster Worm not found' in my case. And finally, as you have observed, I cannot install the Microsoft patch, because my Service Pack is 1, and it works only on Service Pack 2 or higher. Like you, I am stuck. Please, Please if you (or anyone else) finds any way out, let me know. I will advertise it far and wide, as I'm sure there are many in my (and WebMad's) predicament
Kind Regards,
Jim
Kind Regards,
Jim
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
CrazyOne & Lebo2000,
You guys are geniuses! Thanks to your advice, the problem's FIXED! FIXED!! FIXED!!! God bless this site, and contributors like yourself.
CrazyOne: you immediately identified the symptoms I was exepriencing as the work of the Balster worm. This avoided the potential of time-wastage engaging in 'wild goose chases' and striking dead-ends
Lebo2000: you advised about the express Service Pack 4 upgrade, which installed flawlessly. This then allowed me to apply the MS Patch, and voila! symptoms gone.
PS WebMad - try it!
Regards,
DocNash
You guys are geniuses! Thanks to your advice, the problem's FIXED! FIXED!! FIXED!!! God bless this site, and contributors like yourself.
CrazyOne: you immediately identified the symptoms I was exepriencing as the work of the Balster worm. This avoided the potential of time-wastage engaging in 'wild goose chases' and striking dead-ends
Lebo2000: you advised about the express Service Pack 4 upgrade, which installed flawlessly. This then allowed me to apply the MS Patch, and voila! symptoms gone.
PS WebMad - try it!
Regards,
DocNash
:>)
Glad to help!
I also had the same problems. svchost, word and cut paste. But did not have blaster virus. There is another virus called w32. welchia. Its what is causing the problems. Nortons now has a fix for this as well. It get into your computer through the same port as blaster.
I don't know what is going on at all ! The problem is that I just installed Windows 2000 Professional and tried to Update it , but the only thing that worked was Internet Explorer 6. None of the nesessary downloads have been completed, which means Service Pack 4, as you suggested earlier, failed to download, too ! Here is what I am getting now:
1. Program error :svchost.exe has generated an error and will be closed by Windows.You will need to restart the program.
2.1601: Internal error in Windows Installer
3.Error 1719 : The Windows Installer Service couldn't be accessed.This can occure if you are running Windows in Safe mode or the Windows Installer is not correctly installed.
So, I can't operate my email box, although I can read my emails. Sometimes windows update web page doesn't open as well as some other pages.I can't download softwares from the Internet such as Java Software etc.
Although I have tried to fix Error 1719 by reinstalling Windows Installer.After that I tried to operate my e-box and it did work.Literally a few minutes later when I tried to open my another email box, I got the same problem with the e-box again.
Now haven't gotten any Error 1719 so far, but still have the same problem with svchost.exe .
Any solutions ?
1. Program error :svchost.exe has generated an error and will be closed by Windows.You will need to restart the program.
2.1601: Internal error in Windows Installer
3.Error 1719 : The Windows Installer Service couldn't be accessed.This can occure if you are running Windows in Safe mode or the Windows Installer is not correctly installed.
So, I can't operate my email box, although I can read my emails. Sometimes windows update web page doesn't open as well as some other pages.I can't download softwares from the Internet such as Java Software etc.
Although I have tried to fix Error 1719 by reinstalling Windows Installer.After that I tried to operate my e-box and it did work.Literally a few minutes later when I tried to open my another email box, I got the same problem with the e-box again.
Now haven't gotten any Error 1719 so far, but still have the same problem with svchost.exe .
Any solutions ?
Hi there, i look like having that same svchost problem as you except that my Windows2000 pro as just been reinstaled..? Howcome it may have a worm there if all have been format,,i think I'll have to perfrom a low level format..?? Also I used a removable hard drive from school to update my system to sp4 but it do not fix the bug, i have norton systemwork 2003 but it's unable to fix the bug to,,. About six monts ago I had to flash my bios because of a bug with a new video card, is it possible that it the source of the problem??
I'm starting to feel desparate
Please help
Hello,
All of you have very well thought out posts, and some usefull links to goto for windows updates, and virus scanners and such,, very helpfull... but not effective...
CrazyOne, I was having that problem with my TCP/IP connection also.. I would goto run my command.com (open the dos window) and type netstat, and I would have over 400 consecutive connections, trying different ports, it was terrible..
DoctorNash, I had your problem also about links not working, couldn't see files in my directorys, and I couldn't dissconnect from the internet...
Anyways,, you get the hint.. there is a problem we all seem to have it, and can't seem to get rid of it... unitill now... I'll give a step by step guide on what to do to get rid of this thing.. this very frustrating thing,, (I hate that fat computer nerd that made this virus,, I truely do!)
*** NOTE ***
These currupted/Virused files that no virus detector can seem to find are saved at "C:\WINNT\System32\wins\".
Now to get rid of them...
1) Click the Start button, goto "run", and type "regedit" in the box..
2) Goto this location... HKEY_LOCAL_MACHINE\SOFTWAR
3) In the right side window you will see a list of Reg SZ's... now I'm not positive about the name of the application, I just don't remember, I wasn't thinking I was going to be posting here on how to fix these problems.. but the file did have the word "daemon" in the name, and I think it was something like "NvChashDaemon.dll"... anyways,, if you see it, delete it....
4) After that daemon file is deleted, on the left side of the window (where the director tree is) scroll all the way back to the top of the list and click on that "My Computer" at the top.
5) Click "Edit" and "Find".. now type in the find box "wins\dllhost" and click find..
6) When it finds one, look over to the right side window and see if the link says "C:\WINNT\System32\wins\DL
7) Press "F3" (that is the shortcut key for find next) and repeat step 6 for every link it finds..
8) On that left side window again (where the director tree is) scroll all the way back to the top of the list and click on that "My Computer" at the top.
9) Click "Edit" and "Find".. now type in the find box "wins\svchost" and click find..
10) Again, when it finds one, look over to the right side window and see if the link says "C:\WINNT\System32\wins\SV
11) Press "F3" (that is the shortcut key for find next) and repeat step 10 for every link it finds..
12) Shut down your computer and reboot..
13) After your computer reboots and your sitting there looking at your desktop. Double click "My Computer", double click "C:\", double click "WINNT", double click "System32".... now in this System32 folder find that folder called "wins", click it one time (just to highlight it) and delete that (Edited by Computer101) ! empty it out of the Recycle Bin and get it off your computer!!...
14) Reboot again.. (just to make sure there is absolutly no fragments of that virus left)
15) Now update your windows.. with one of these links...
*** Just a Copy/Paste from CrazyOne's post above ***
The Patch
Microsoft Windows XP 64-bit Edition :
Microsoft Windows XP Home SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows XP Home :
Microsoft Windows XP Professional SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Windows 2000 Professional SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Windows 2000 Server SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en
All of you have very well thought out posts, and some usefull links to goto for windows updates, and virus scanners and such,, very helpfull... but not effective...
CrazyOne, I was having that problem with my TCP/IP connection also.. I would goto run my command.com (open the dos window) and type netstat, and I would have over 400 consecutive connections, trying different ports, it was terrible..
DoctorNash, I had your problem also about links not working, couldn't see files in my directorys, and I couldn't dissconnect from the internet...
Anyways,, you get the hint.. there is a problem we all seem to have it, and can't seem to get rid of it... unitill now... I'll give a step by step guide on what to do to get rid of this thing.. this very frustrating thing,, (I hate that fat computer nerd that made this virus,, I truely do!)
*** NOTE ***
These currupted/Virused files that no virus detector can seem to find are saved at "C:\WINNT\System32\wins\".
Now to get rid of them...
1) Click the Start button, goto "run", and type "regedit" in the box..
2) Goto this location... HKEY_LOCAL_MACHINE\SOFTWAR
3) In the right side window you will see a list of Reg SZ's... now I'm not positive about the name of the application, I just don't remember, I wasn't thinking I was going to be posting here on how to fix these problems.. but the file did have the word "daemon" in the name, and I think it was something like "NvChashDaemon.dll"... anyways,, if you see it, delete it....
4) After that daemon file is deleted, on the left side of the window (where the director tree is) scroll all the way back to the top of the list and click on that "My Computer" at the top.
5) Click "Edit" and "Find".. now type in the find box "wins\dllhost" and click find..
6) When it finds one, look over to the right side window and see if the link says "C:\WINNT\System32\wins\DL
7) Press "F3" (that is the shortcut key for find next) and repeat step 6 for every link it finds..
8) On that left side window again (where the director tree is) scroll all the way back to the top of the list and click on that "My Computer" at the top.
9) Click "Edit" and "Find".. now type in the find box "wins\svchost" and click find..
10) Again, when it finds one, look over to the right side window and see if the link says "C:\WINNT\System32\wins\SV
11) Press "F3" (that is the shortcut key for find next) and repeat step 10 for every link it finds..
12) Shut down your computer and reboot..
13) After your computer reboots and your sitting there looking at your desktop. Double click "My Computer", double click "C:\", double click "WINNT", double click "System32".... now in this System32 folder find that folder called "wins", click it one time (just to highlight it) and delete that (Edited by Computer101) ! empty it out of the Recycle Bin and get it off your computer!!...
14) Reboot again.. (just to make sure there is absolutly no fragments of that virus left)
15) Now update your windows.. with one of these links...
*** Just a Copy/Paste from CrazyOne's post above ***
The Patch
Microsoft Windows XP 64-bit Edition :
Microsoft Windows XP Home SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows XP Home :
Microsoft Windows XP Professional SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Windows 2000 Professional SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Windows 2000 Server SP4:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Windows2000-KB823980-x86-E
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en
I have found that "svchost.exe error" can be generated without any detectable virus / worm infection. But it always occurred while online (by 56k modem) and was usually accompanied with the inability to disconnect the modem (needed to restart Windows). Other times, AVG would detect one of the following worms:
Agobot in \WINNT\SYSTEM\WINHLP~1.EXE
Lovsan.A in \WINNT\SYSTEM\MSLAUGH.EXE
Nachi in \WINNT\SYSTEM\WINS\DLLHOST
However, I did not detect any MSBlaster at any time during my svchost errors.
These problems were all cleared by installing SP4 and Patch KB823980 from Microsoft.
Maarten van Eerten
Agobot in \WINNT\SYSTEM\WINHLP~1.EXE
Lovsan.A in \WINNT\SYSTEM\MSLAUGH.EXE
Nachi in \WINNT\SYSTEM\WINS\DLLHOST
However, I did not detect any MSBlaster at any time during my svchost errors.
These problems were all cleared by installing SP4 and Patch KB823980 from Microsoft.
Maarten van Eerten
Hello from a new kid on the block
I found this site searching for a solution to the scvhost.exe error and the sp4 and patch fixed my problem on both of my PC's. The puzzle is that one of them lost a hard drive, and when I replaced it with a new one, I used a ghost file that was created before the computer ever went on line for the first time. It was a clean install, but when I went on line for the first time with this new hard drive to download SP4, the "svchost.exe has created error etc." popped up and surprised me. It had never happened to this computer before. Anyway, there's no way I could have gotten a virus that quick. Plus, I had Norton protecting me. The point--- it may be the blaster worm that can cause it, but, don't always look just for that because something else is happening out there to do this.
Thanks for the info to fix this annoying problem. I'm sure I'll be in touch again.
Gary ( the other half)
I found this site searching for a solution to the scvhost.exe error and the sp4 and patch fixed my problem on both of my PC's. The puzzle is that one of them lost a hard drive, and when I replaced it with a new one, I used a ghost file that was created before the computer ever went on line for the first time. It was a clean install, but when I went on line for the first time with this new hard drive to download SP4, the "svchost.exe has created error etc." popped up and surprised me. It had never happened to this computer before. Anyway, there's no way I could have gotten a virus that quick. Plus, I had Norton protecting me. The point--- it may be the blaster worm that can cause it, but, don't always look just for that because something else is happening out there to do this.
Thanks for the info to fix this annoying problem. I'm sure I'll be in touch again.
Gary ( the other half)
Hi everyone
I'm just wondering since SP4 is able to fix the svchost.exe error, is SP4 only compatible with windows 2000? Because I have tried everything on this board and nothing has worked. I am currently running xp and I was wondering if SP4 is compatible with xp as well.
I'm just wondering since SP4 is able to fix the svchost.exe error, is SP4 only compatible with windows 2000? Because I have tried everything on this board and nothing has worked. I am currently running xp and I was wondering if SP4 is compatible with xp as well.
Now you cand't install SP4 on XP it is not compatible
Installing SP4 for Win2000 alone did not fix the problem for me - the ol' svchost.exe error popped up shortly after connecting to the Internet. It still needed the security patch KB823980 from Microsoft to fix it. Since then, I have not seen the error re-appear.
You would not need to install SP4 for WinXP, but you will still need KB823980 security patch (XP version).
Maarten
You would not need to install SP4 for WinXP, but you will still need KB823980 security patch (XP version).
Maarten
I've been having this svchost error for a long time. So I decided to use "dalahastine1978's" method. I renamed the values in my registry that had wins\svchost.exe and wins\dllhost.exe so they wouldn't run. Then I deleted the files. Then I rebooted. When I typed my password and pressed enter on the login screen, it took ages to get in. Then my taskbar changed into the normal gray taskbar and everything started running slow. On top of that my internet stopped working. I got so fed up, that I just reinstalled xp. So of course my computer looked as if I bought it brand new. I pressed ctrl+alt+del and the svchost.exe and dllhost.exe is still there! I also noticed I have other unwanted files such ass lsass.exe. And this is all after I reinstalled the darn thing. Somebody plz help me...my computer is working fine for now. But when I delete the svchost.exe and dllhost.exe files, everything goes wrong. I also have KB833330-ENU and KB823980 patches installed for xp if that helps.
Flipticballa, you say that your system works fine when the patches are installed, but all goes wrong when you delete scvhost.exe & dllhost.exe. Well, these 2 files are part of Windows and should be in ..\System32 and should not be removed.
I believe that some viruses/worms would also put a copy in ..\System32\Wins which is probably why Dalahastine1978 recommended deleting them.
With the patches in place and the 2 files in ..\System32, all should be Ok.
Maarten
I believe that some viruses/worms would also put a copy in ..\System32\Wins which is probably why Dalahastine1978 recommended deleting them.
With the patches in place and the 2 files in ..\System32, all should be Ok.
Maarten
lsass.exe is also part of windows and cannot be removed.
Description of Svchost.exe in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;250320
I get this error despite current firewall, antivirus, security updates, and service packs installed. Now what?
http://support.microsoft.com/default.aspx?scid=kb;en-us;250320
I get this error despite current firewall, antivirus, security updates, and service packs installed. Now what?
These are the svchost processes I have running:
BITSgroup BITS
netsvcs EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteacess SENS Sharedaccess Tapisrv Ntmssvc WmdmPmSN wzcsvc
rpcss
wugroup ... wuauserv
BITSgroup BITS
netsvcs EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteacess SENS Sharedaccess Tapisrv Ntmssvc WmdmPmSN wzcsvc
rpcss
wugroup ... wuauserv
Excuse me for posting on Win 2000 when in fact I'm running XP Pro, but I too have this svchost.exe problem - although mine occurs only when shutting down the PC. The actual msgbox is : -
Svchost.exe Application Error ..... The instruction at "0x77f69ecd" referenced memory at "0x00000010". The memory could not be "written".
I do not have the blaster worm or any other virus - no duplicate svchost.exe file or system32\wins folder. Any ideas anyone?
Svchost.exe Application Error ..... The instruction at "0x77f69ecd" referenced memory at "0x00000010". The memory could not be "written".
I do not have the blaster worm or any other virus - no duplicate svchost.exe file or system32\wins folder. Any ideas anyone?
The Blaster virus was not the only one that did this (svchost.exe infections). The Welchia worm, for one, also infected and affected systems in a similar way. For a friend's computer in win2k, I used the removal tools from Symantec to search for (and not find) Blaster, and search for (and remove) Welchia. I also installed Zone alarm on the computer and upgraded it to SP4. There were still security patches outstanding on Windows update so I installed them too. After all that, there were no further incidents of svchost(x).exe causing problems and online operations were normal.
I found useful guidelines on symantec's website about the steps to follow when removing these viruses. I would recommend following the process fully and don't skip installing the firewall because that's the key to avoiding further such infections, whatever hopes MS have of having fixed the vulnerability.
I understand that the vulnerability in the case of Blaster/Welchia was that NT/2000/XP systems were running an open file transfer process listening on an open TCP/IP port. The virus simply connected to that process and said "here, copy this". With a firewall running, that kind of connection won't work. The various patches from MS have shut down that file transfer, and closed several other ports that were also open for misuse.
Andrew
I found useful guidelines on symantec's website about the steps to follow when removing these viruses. I would recommend following the process fully and don't skip installing the firewall because that's the key to avoiding further such infections, whatever hopes MS have of having fixed the vulnerability.
I understand that the vulnerability in the case of Blaster/Welchia was that NT/2000/XP systems were running an open file transfer process listening on an open TCP/IP port. The virus simply connected to that process and said "here, copy this". With a firewall running, that kind of connection won't work. The various patches from MS have shut down that file transfer, and closed several other ports that were also open for misuse.
Andrew
"svchost.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created"
If you follow what I did then you should be able to do it.
1. is your computer crashing? if yes go to 2 if no go to 3.
2. (from Hurbold) If you don't get an opportunity to apply the patch before the PC reboots, go to start > run > services.msc.
Right click Remote Procedure Call, select Properties, then Recovery. On all three drop-down boxes in this window, select take no action. The default is set to reboot. This will give you all the time you need to update. Please note that Control Panel > System > Advanced > Startup and Recovery > uncheck Automatically Restart does not seem to work to prevent system reboot.
3. Run trend micro online virus killer
http://housecall.trendmicro.com/housecall/start_corp.asp
4. Download the following patch and apply it.
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en