SVCHOST error
Title? What title?
Thread Starter
Join Date: Dec 2002
Location: In the dog house
Posts: 347
Likes: 0
Received 0 Likes
on
0 Posts
SVCHOST error
I have had a pc given to me for fixing (groan). This time, its a windows 2000 professional machine with Office 2000. The symptoms are
Dial up to BTOPENWORLD and START OUTLOOK.
Then I receive a message
Svchost.exe has generated errors and will be closed by Windows.
You will need to restart the program.
An error log is being generated.
Then, when Excel is opened, it is unable to display OLE objects and it complains bitterly.
Looking around the MS knowledge base, I have found something similar however it mentions the use of the Aventail connect client. As far as I am aware (please prove me wong), BTOPENWORLD does not use any such client (they wont speak to me BTW as its not my account).- and in anycase, this problem developed a couple of weeks ago and there was no problem before. Any suggestions ???
Dial up to BTOPENWORLD and START OUTLOOK.
Then I receive a message
Svchost.exe has generated errors and will be closed by Windows.
You will need to restart the program.
An error log is being generated.
Then, when Excel is opened, it is unable to display OLE objects and it complains bitterly.
Looking around the MS knowledge base, I have found something similar however it mentions the use of the Aventail connect client. As far as I am aware (please prove me wong), BTOPENWORLD does not use any such client (they wont speak to me BTW as its not my account).- and in anycase, this problem developed a couple of weeks ago and there was no problem before. Any suggestions ???
Title? What title?
Thread Starter
Join Date: Dec 2002
Location: In the dog house
Posts: 347
Likes: 0
Received 0 Likes
on
0 Posts
Eeeek, sounds scarily like it. I do not like the hard disk option - she apparently has not backed her damned machine up. Still, can forget me connecting it to my network for backup
Is a start anyway. Thanks guys
BTW W2k was apparently installed from new.
Is a start anyway. Thanks guys
BTW W2k was apparently installed from new.
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
ORAC,
I was looking it up and the Svchost.exe is tied to the RPC which is what MSBlaster uses to get in to the systems.
How RPC Works
A Description of Svchost.exe in Windows XP
Take Care,
Richard
I was looking it up and the Svchost.exe is tied to the RPC which is what MSBlaster uses to get in to the systems.
How RPC Works
A Description of Svchost.exe in Windows XP
Take Care,
Richard
Join Date: Mar 2002
Location: London, UK
Posts: 437
Likes: 0
Received 0 Likes
on
0 Posts
Sounds more like the graybird trojan/worm. Checkout http://securityresponse.symantec.com....graybird.html
HTH,
RTFM
HTH,
RTFM
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
phnuff,
There is a new variant of the MSBlaster Worm that is destructive.
The new variant also copies the file TFTPD.EXE to the %System%\Wins folder as SVCHOST.EXE and then creates a service for it with the display name "Network Connections Sharing".
TFTPD.EXE or SVCHOST.EXE is a TFTP (Trivial File Transfer Protocol) server that is used by this worm to set the affected system as a download site for its copy. This worm is then able to propagate by instructing remote systems into downloading it using TFTP.
This could be what hit your computer,
Richard
There is a new variant of the MSBlaster Worm that is destructive.
The new variant also copies the file TFTPD.EXE to the %System%\Wins folder as SVCHOST.EXE and then creates a service for it with the display name "Network Connections Sharing".
TFTPD.EXE or SVCHOST.EXE is a TFTP (Trivial File Transfer Protocol) server that is used by this worm to set the affected system as a download site for its copy. This worm is then able to propagate by instructing remote systems into downloading it using TFTP.
This could be what hit your computer,
Richard
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
phnuff,
Many viruses will disable the Anti Virus programs on the computer. Try running this browser based anti virus:
Trend Micro's Housecall
It is free and you do not have to register to use it.
Take Care,
Richard
Many viruses will disable the Anti Virus programs on the computer. Try running this browser based anti virus:
Trend Micro's Housecall
It is free and you do not have to register to use it.
Take Care,
Richard
Title? What title?
Thread Starter
Join Date: Dec 2002
Location: In the dog house
Posts: 347
Likes: 0
Received 0 Likes
on
0 Posts
Richard - thanks. I have met Housecall before and in fact once I got a system which would stay connected, I went straight there. Total haul was 8 virus's.
I never cease to be amused at the fact that people (like the owner of this machine), who rely on their pc's to earn their living, can let them now get in such a mess. Still, the owner does the 'dumb blond in distress' so well, and I fall for it every time!!
She does however ever appear to have got away without a h/d format although I will have to wait for her to give it a good test first.
Thanks again
john
I never cease to be amused at the fact that people (like the owner of this machine), who rely on their pc's to earn their living, can let them now get in such a mess. Still, the owner does the 'dumb blond in distress' so well, and I fall for it every time!!
She does however ever appear to have got away without a h/d format although I will have to wait for her to give it a good test first.
Thanks again
john
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
John,
We will never understand women, but they sure understand us!
Take Care,
Richard
P.S. The Blaster Worm can be disabled in the Task Manager Processes. That will stop the countdown so you can download patches, etc.
We will never understand women, but they sure understand us!
Take Care,
Richard
P.S. The Blaster Worm can be disabled in the Task Manager Processes. That will stop the countdown so you can download patches, etc.
