SVCHOST error.... svchost keeps crashing in explorer 5

dpresley · Aug 13, 2003

I'm currently looking in the browser issues for "IT professionals" group for the answer to this as well.
I am on a win2k professional computer and when i am in explorer (v. 5) i get a message that the SVCHOST has crashed... after that i cant open a link in a new window, cant save a webpage... a BUNCH of stuff doesn't work.. cant copy or past into or out of explorer.

The other thread i am reading gave me a ton of helpful hints, but nothing worked. THAT thread has been on for over a year and tons of people have checked it out. I have the exact same symptoms as them but nowhere in that whole thread was SCVHOST mentioned.
I dont have that thread number but it's got 301 postings and is in the above mentioned group...
THANKS IN ADVANCE!!!

ANY HELP would be appreciated!

Dave Presley
Psuedo Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

pwk · Aug 13, 2003

Congratulations! You have the Blaster virus

Summer

dpresley · Aug 13, 2003

i am running "fixblast.exe" right now... BUT i just got done reading that it will show up in the processes in the task manager.... i dont have that...????

any other possibilities??

Dave Presley
Psuedo Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

purpleski · Aug 13, 2003

PWK

Why do you say Dave has the blaster virus? I don't think so. I have the same problem and this is after a complete clean reinstall of W2K from CD.

Please explain. I am still trying to find a solution and if I do I will come back here

lordeos · Aug 14, 2003

Oke to be sure that you dont have the virus look for the following value in youre registry ( hk local machine - sotware-microsoft-currentversion-run) look there for the value "windows update = msbllast.exe" if its there youre infected and delete the value? If not its OK ;

prof1949 · Aug 14, 2003

Search all the svchost.exe files on your pc and delete them. After a restart, W2k installs them again.

Try this link to remove the worm:

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

At my pc, it worked fine.

Next, go to microsoft, download and instell the patch:

http://www.microsoft.com/security/incident/blast.asp

Thats it.

dpresley · Aug 14, 2003

It was the worm... and it did fix the problem.

HOWEVER, i have a bunch more computers at work that are having the same issue and it isn't the virus.

Such is life right?

-

Dave Presley
Psuedo Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

NortonES2 · Aug 14, 2003

dpresley, fyi there are at least 3 variants of this virus:-

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

-------------------------------

If it doesn't leak oil it must be empty!!

purpleski · Aug 14, 2003

PWK was right I had the virus. I did a delete partion, format and reinstall of C drive and the virus was still there. Then I used a small program from Norton I think to remove it.

The upside is that I now have a fabulous clean version of W2k, which runs like lightening. So though it has taken about 24 hours of work I think it will be worth it as it is like having a new machine!!

dpresley · Aug 14, 2003

So does the fixblast.exe take care of all 3 kinds? Or is there a different method of getting rid of type c?

Dave Presley
Psuedo Network & Systems Administrator
Premier, Air Academy & Thomas Jefferson High Schools
dpresley@qwest.net

krinid · Aug 17, 2003

Boy do I feel silly; I've got the same problem, and it didn't even occur to me that it could be a virus. So I reinstalled W2K like some of the others in this thread, and POOF, it came back.
Question is... HOW does it come back after a full reinstall? I mean, I killed the partition and reformatted.
When I get home tonight, I'll try the removal Symantec removal procedure . . .

Mentos · Aug 18, 2003

It's not always the virus. I had the SVCHOST.EXE crashing, did a full system scan, nothing. Downloaded the Blaster QuickRemove from Panda (because I'm a client with them), nothing.

I checked for the MSBLAST.EXE file, I didn't have it. I also check the registry but no reference to the virus there. So I'm pretty sure.

Also, I have a Personal Firewall which currently blocks all ports in stealth mode AND I had the microsoft patch installed shortly after they published it. In short, my system was invulnerable for the virus. But still I got the SVCHOST.EXE error.

As a solution I uninstalled Service Pack 4, then reinstalled it together with all subsequent patches. My problem is gone up till now.

My brother (also using Win2K Pro) had the same thing and no traces of the virus?! Although he didn't had any service packs nor updates installed. After installing service pack 4 and subsequent updates his problem was gone also.

My problem occured on Tuesday 12th August shortly after I connected to the net so the variants of the virus didn't exist then.

Does anybody have any idea what went on here? I can't find any traces on my computer about what happened and all svchost related materials on the net refer to the Blaster virus (including TechNet).

Mentos

mrtoledo · Aug 18, 2003

The SVCHOST errors generally indicate that you are being "blasted" by the virus, and not actually carying the virus. I have seen about 2 dozen machines that were not infected but were gettig these errors. Installing the Microsoft patch closes the hole and the errors.

joergkempe · Aug 18, 2003

thanks for the help. 3 days work for nothing and the answer whas right here

krinid · Aug 19, 2003

mrtoledo,
You rock! I was a little concerned that the virus persisted after my full clean install and the removal tool or a fully upgraded virus scan found nothing. I was being 'blasted' quite well, mind you, but after installing SP4, all is quiet. Cheers and have a star!

FlorisMK · Aug 19, 2003

To support MrToledo's post: I have experienced the exact same problems with all systems in our network that have dial-up Internet connectivity. Svchost.exe would crash shortly after my users dialed in, and after that the whole suite of symptoms would occur on their systems.

Indeed, Blaster was not present on our systems, but neither was the patch. We were being blasted from outside, as was also demonstrated by the occasional reports by Norton Antivirus of infected TFTN scripts on the problematic machines.

After upgrading the systems and applying the patch, all problems disappeared.

So I say with MrToledo that the svchost problem is a symptom not necessarily of infection with Blaster but of the RPC vulnerability not being patched on the problematic machine.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

SVCHOST error.... svchost keeps crashing in explorer 5

dpresley

IS-IT--Management

pwk

Programmer

dpresley

IS-IT--Management

purpleski

IS-IT--Management

lordeos

IS-IT--Management

prof1949

Technical User

dpresley

IS-IT--Management

NortonES2

Technical User

purpleski

IS-IT--Management

dpresley

IS-IT--Management

krinid

Programmer

Mentos

MIS

mrtoledo

Technical User

joergkempe

Technical User

krinid

Programmer

FlorisMK

Instructor

Similar threads

Part and Inventory Search

Sponsor