The Annoying svchost.exe problem!!!!
I have had a problem in Windows 2000. Every so often svchost.exe will shut down causing errors. Now I have installed service pack 4 and that usually gets rid of the problem every other time, it keeps coming up not allowing me to disconnect. Its not a virus coz i got up to date protection and it didnt find one, Any help?
Originally posted by pirate
I have had a problem in Windows 2000. Every so often svchost.exe will shut down causing errors.
What does the system (event) log report?
Yeah, it would help to know what the exact error message is. Failing that, MS has a pretty decent knowledge base which does a great job of helping the motivated find
answers to a great many problems you might experience.
The problem is months ago before I installed the latest service pack for Windows, it kept coming up in a dialog box that svchost.exe had generated errors had an error log is being created. I installed the service pack and it got rid of it, now, the problem is, something shuts down the same way svchost.exe shuts down, does exactly what svchost.exe does, but it does not bring up a dialog box. So that might be a little bit more info?
So you're no *sure* it has anything to do with svchost.exe? We're gonna need error and event logs.
I found out a little bit of information, it occured the same time erros started to appear. I found the error occured and here it states:
The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.
Every error that I have had that didnt popup with any error messages, this one might be a prime suspect
You are still not providing the so important information in the Event log. Use Window's Help if you don't know what the Event log is.
forgot to add that this stupid messenger window comes up and its not spyware, or a virus, never seen it before
i can get into the event viewer to view the errors, but what wouild you like me to show you, the expanded error, that describes it, or a screenshot?
Messenger Service is a spam recepticle built in to Windows. It's meant for an administrator to be able to send machines on a network, but I think that it's most commonly used for spam. Ignore it. You can disable it by going into the Administrative Tools and disabling that service.
It might be most helpful if you copy the text of the event log and paste it here verbatim.
The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.
Thats what it says
Pirate,
What's happening is that you don't have a firewall, and you're getting HIT with a ton of things designed to cause havoc on your system.
Do not pass go, just download Kerio Personal Firewall or Zone Alarm ASAP. Even better, go out and buy a Linksys Cable/DSL router if you have broadband. You're leaving yourself open for many things that are messing with you.
What's happening is that you're leaving things open on the Internet, which is a bad idea, and those things are crashing certain system services that run under SVCHOST.EXE, like internal Windows code (RPC Service).
You're lucky. Most of these virii cause XP to crash hard. Yours just cause 2000 to give you those errors.
Get a darn firewall ASAP!
Mitch
I do have a firewall
Sygate Personal Firewall 5.5
Is that good enough?
Pirate,
Any decent firewall would block MSRPC traffic, as well as Messenger traffic.
Sygate isn't good enough. Kerio Personal Firewall is. ZoneAlarm is.
Mitch
Errors in svchost.exe on a Win2k system suggest you have a variant of the blaster worm, actually.
*Can* suggest you have the Blaster worm, not categorically prove it.
Its not a virus coz i got up to date protection and it didnt find one,
Now, I've spoken to end-users who think "up-to-date" means "within the past couple months", so I probably shouldn't be operating on assumption here, but I took Pirate's statement to mean that he ran the lastest virus defs and it came up clean. As far as I know the big scanners cannot clean it, only quarantine it, but they're still gonna report it.
So the big question here is, what exactly does Pirate mean when he says "up-to-date" in the context of his virus protection? And for good measure, which application is he using?
[QUOTE]Originally posted by perth
*Can* suggest you have the Blaster worm, not categorically prove it.
Now, I've spoken to end-users who think "up-to-date" means "within the past couple months", so I probably shouldn't be operating on assumption here, but I took Pirate's statement to mean that he ran the lastest virus defs and it came up clean. As far as I know the big scanners cannot clean it, only quarantine it, but they're still gonna report it.
So the big question here is, what exactly does Pirate mean when he says "up-to-date" in the context of his virus protection? And for good measure, which application is he using? [/QUOTE
What I mean is my virus scanning program Norton AntiVirus 2003 updated virus defs every time i access the internet. I have a seperate virus searcher that is tuned to the blaster worm and will exterminate any possible traces of it.
Then it's reasonably safe to say you're not infected. I would start using support.microsoft.com and groups.google.com to start narrowing down possibillities. :)
Either that or get Kerio or ZoneAlarm, as the fact that it's letting MSRPC traffic in is a BAD thing.
Also, avoid BlackICE like the plague. If you use a few different types of nmap scans, nmap 3.5 makes it completely invisible.
Mitch