svchost.exe error

[blaz]

Hi,

I have a problem with my network.

This is the situattion, I got 3 computers running in w2k. I used them for network rendering, eventhought sometimes my collagues used them for printing jobs.

 

the problem is when I switch the second computer is always encountered "svchost.exe" error and closed by windows, so this will effected my windows, for example i cannot do copy and paste or even move my files, the only way to do it is open the file and save in another directory.

and also effected my outlook, i cannot send any email, saying that not enought memory to do that.

 

 

I'm not sure what's going on here, i'm not really familiar with computer system , i only know how to use it, really bad excuse

 

So, i hope anybode can understand and help me to solve this problems.

thanks in advance.

[William Alexander]

Blaz,

 

I had a similar problem a while ago. Turned out to be the welchia worm virus. Evil little bug. It actually creates a second svchost.exe and caused problems similar to yours.

 

Anti-Virus up to date and running on your systems? If yes ignore this message. If not or you want to make sure I can look up the info or send you the cleaner file.

 

Currently Virus Free

WDA

[blaz]

Hi WDA,

thanks for your quick reply, wow virus,

glad to hear you can solved the problems, other wise i got to reinstall everything inside.

 

, I don't use any anti virus in my computer, so i am very thankful if you can give some info for the cleaner.

 

thank you, you are a fireman like your avatar.

[William Alexander]

Blaz,

 

I will try to send you some info by e-mail shortly.

 

I was a firefighter. Thats a photoshop enhancement. Believe it or not I was in that building about 15 minutes before the picture was taken. Definition of HOT !!!! 90 degrees outside was COLD!

 

Now living an adrenaline reduced life.

WDA

[blaz]

Hi WDA,

cool job, fire fighter.

at least, you still hang around the building though its just a CG.

 

I receive your email, but i can only receive in a text format, how to convert that text to application?

thanks,

[blaz]

I got the file from symantec website, downloaded already now trying whether it can works in my machine.

 

thanks for your helps.

[blaz]

i have try the fixworm from symnatec but they cannot find any worm in my machine, then i read in the symantec website, they said there are no solution yet fro this one

here

 

so, maybe i need to reinstall my os or sit and wait until symantec can solve this problems,

or any body else have a solution for this :ngeupset:

[Greg Hess]

blaz,

 

Do you have the exact error code that causes the SVCHOST.EXE to close?

 

Here's something that should be able to kill the worm.

 

http://vil.nai.com/vil/stinger/

 

Most svchost errors are solved by microsoft hotfixes and service packs. Do you have a machine you could download the latest service pack to and burn on a cd?

[blaz]

Hi Greg,

I'll try your link,

actually I intent to upgrade my service pack to SP4, curently is SP3. but cause of the problem with SP4 i don't dare to upgrade ( i'm not sure whether this SP4 issue has been solved or not)

 

anyway i will try your suggestion, and let you know what happened,since i have the time now

 

just curious, why do i have to burn to cd? i thought i just can download and run from the internet and run the SP, or is it saver that way (run from the cd)?

Is this error issue a virus or just a bug, from the windows? cause i have back up all my data into separate harddisk,but if it is a virus then i got problem :|

 

thanks Greg, i'll let you know soon.

[Greg Hess]

Blaz,

 

I just figured you might have connectivity problems with the infected machines, and sp4 is a pretty big file, so you'd have to put it on cd or a zip to transfer it over.

[blaz]

Greg,

so correct me if i'm wrong,all my machine must upgrade to SP4,is that right?

cause this svchost error in all my machine, either one switched on the last one.

Thanks

[blaz]

Hi greg,

I have run the link (stinger).

got this msg :

 

c:\\WINNT\System32\msblast.exe

Found the W32/Lovsan.worm.a virus !!!

c:\\WINNT\System32\msblast.exe has been deleted

 

is this the one cause the problems?

[blaz]

Hi Greg,

I think the stinger you gave to me is working.

so far i on and off from the network with my other machine, i don't get the svchost error msg again, and i download and install the SP4 as well.so far only my microsoft keyboard got some crash, but after i uninstall the keyboard software, there's no more problem anymore. hopefully

 

Thanks for sharing the info.

[Greg Hess]

Blaz,

 

Make sure to do all the critical updates on the machines.

 

Ya thats the worm, stinger got it .

 

After you update, I'd run stinger again...depending on where the infection is coming from, it can take as little as 15 seconds to be reinfected.

[blaz]

thanks buddy

:ebiggrin: so happy to get rid of this worm

[Wojciech Klepacki]

Hi friends,

Blaz: according to Greg opinion its is the blaster worm problem. Download free firewall eg: Kerio or Sygate and permanently block this local ports 135,136,137,445 TCP and UDP against incomming traffic. It should help. But if u want to share Your internet connection u need commercial firewall. Personally I recomend U Sygate PRO.

rgds,

Wojciech Klepacki

[blaz]

thanks, i'll check the firewall that you recommend, i used the norton firewall before but cause me problem wuth my network.

thanks for your info

[Greg Hess]

Or just pick up a hardware router.

 

I'm a big opponent of software firewalls. I feel they do far more harm then good.

 

Its like a bouncer in your bedroom as opposed to your front door...the threat is already inside the house.

[blaz]

Hi

I think my network guy have this hardware router, but not sure it's working well or not.cause i not familiar with my office network yet, cause I prefer not to use the firewall softwares too, they just too disturbing to me.

[Wojciech Klepacki]

Hi,

Generally U right Greg, but good hardware router is more than expensive. Why not to try a linux based machine? Give it a chance and lot of RAM :-D. But seriously speaking: hardware solution is often better than the software one, however it costs more. Personally I prefer Linux but the way u choose is up to u. Greg what do u mean:

 

Its like a bouncer in your bedroom as opposed to your front door...the threat is already inside the house

Can u explain, please? IMHO properly setup software router or firewall works well in most cases except DDoS attacks, some exploits, etc.

rgds,

Wojciech Klepacki

[garethace]

I got this worm in mine too. Sure as s****.

 

What AV do you think is best at the moment Greg, and Firewall. It looks like a might get a pair as a present for someone this xmas.

 

There is a couple of ones out there, which are doing better than Norton sometimes.

[Greg Hess]

Its like a bouncer in your bedroom as opposed to your front door...the threat is already inside the house Can u explain, please? IMHO properly setup software router or firewall works well in most cases except DDoS attacks, some exploits, etc.

I fortuantly/unfortuantly know some individuals who have some experience with "network security" or at least "violating the hell outta network security."

 

Almost all consumer software firewalls have backdoors. From what I've seen in practice, the only thing they serve as is something to provide some level of "comfort" security.

 

I won't get into more then that.

 

I stick to hardware routers, at least then it carries some level of annoyance to would be hackers.