SVCHOST error
Thread Starter
Title? What title?
Joined: Dec 2002
Posts: 347
Likes: 0
From: In the dog house
SVCHOST error
I have had a pc given to me for fixing (groan). This time, its a windows 2000 professional machine with Office 2000. The symptoms are
Dial up to BTOPENWORLD and START OUTLOOK.
Then I receive a message
Svchost.exe has generated errors and will be closed by Windows.
You will need to restart the program.
An error log is being generated.
Then, when Excel is opened, it is unable to display OLE objects and it complains bitterly.
Looking around the MS knowledge base, I have found something similar however it mentions the use of the Aventail connect client. As far as I am aware (please prove me wong), BTOPENWORLD does not use any such client (they wont speak to me BTW as its not my account).- and in anycase, this problem developed a couple of weeks ago and there was no problem before. Any suggestions ???
Dial up to BTOPENWORLD and START OUTLOOK.
Then I receive a message
Svchost.exe has generated errors and will be closed by Windows.
You will need to restart the program.
An error log is being generated.
Then, when Excel is opened, it is unable to display OLE objects and it complains bitterly.
Looking around the MS knowledge base, I have found something similar however it mentions the use of the Aventail connect client. As far as I am aware (please prove me wong), BTOPENWORLD does not use any such client (they wont speak to me BTW as its not my account).- and in anycase, this problem developed a couple of weeks ago and there was no problem before. Any suggestions ???
Thread Starter
Title? What title?
Joined: Dec 2002
Posts: 347
Likes: 0
From: In the dog house
Eeeek, sounds scarily like it. I do not like the hard disk option - she apparently has not backed her damned machine up. Still, can forget me connecting it to my network for backup
Is a start anyway. Thanks guys
BTW W2k was apparently installed from new.
Is a start anyway. Thanks guys
BTW W2k was apparently installed from new.
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
ORAC,
I was looking it up and the Svchost.exe is tied to the RPC which is what MSBlaster uses to get in to the systems.
How RPC Works
A Description of Svchost.exe in Windows XP
Take Care,
Richard
I was looking it up and the Svchost.exe is tied to the RPC which is what MSBlaster uses to get in to the systems.
How RPC Works
A Description of Svchost.exe in Windows XP
Take Care,
Richard
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
Sounds more like the graybird trojan/worm. Checkout http://securityresponse.symantec.com....graybird.html
HTH,
RTFM
HTH,
RTFM
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
phnuff,
There is a new variant of the MSBlaster Worm that is destructive.
The new variant also copies the file TFTPD.EXE to the %System%\Wins folder as SVCHOST.EXE and then creates a service for it with the display name "Network Connections Sharing".
TFTPD.EXE or SVCHOST.EXE is a TFTP (Trivial File Transfer Protocol) server that is used by this worm to set the affected system as a download site for its copy. This worm is then able to propagate by instructing remote systems into downloading it using TFTP.
This could be what hit your computer,
Richard
There is a new variant of the MSBlaster Worm that is destructive.
The new variant also copies the file TFTPD.EXE to the %System%\Wins folder as SVCHOST.EXE and then creates a service for it with the display name "Network Connections Sharing".
TFTPD.EXE or SVCHOST.EXE is a TFTP (Trivial File Transfer Protocol) server that is used by this worm to set the affected system as a download site for its copy. This worm is then able to propagate by instructing remote systems into downloading it using TFTP.
This could be what hit your computer,
Richard
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
phnuff,
Many viruses will disable the Anti Virus programs on the computer. Try running this browser based anti virus:
Trend Micro's Housecall
It is free and you do not have to register to use it.
Take Care,
Richard
Many viruses will disable the Anti Virus programs on the computer. Try running this browser based anti virus:
Trend Micro's Housecall
It is free and you do not have to register to use it.
Take Care,
Richard
Thread Starter
Title? What title?
Joined: Dec 2002
Posts: 347
Likes: 0
From: In the dog house
Richard - thanks. I have met Housecall before and in fact once I got a system which would stay connected, I went straight there. Total haul was 8 virus's.
I never cease to be amused at the fact that people (like the owner of this machine), who rely on their pc's to earn their living, can let them now get in such a mess. Still, the owner does the 'dumb blond in distress' so well, and I fall for it every time!!
She does however ever appear to have got away without a h/d format although I will have to wait for her to give it a good test first.
Thanks again
john
I never cease to be amused at the fact that people (like the owner of this machine), who rely on their pc's to earn their living, can let them now get in such a mess. Still, the owner does the 'dumb blond in distress' so well, and I fall for it every time!!
She does however ever appear to have got away without a h/d format although I will have to wait for her to give it a good test first.
Thanks again
john
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
John,
We will never understand women, but they sure understand us!
Take Care,
Richard
P.S. The Blaster Worm can be disabled in the Task Manager Processes. That will stop the countdown so you can download patches, etc.
We will never understand women, but they sure understand us!
Take Care,
Richard
P.S. The Blaster Worm can be disabled in the Task Manager Processes. That will stop the countdown so you can download patches, etc.
