Link to home
Start Free TrialLog in
Avatar of syking
syking

asked on

Windows 2000 - SVCHOST.EXE Error

Hi guys,

I read some thread on this SVCHOST.EXE error. I also did some research on the Internet, it seems to be some kind of a virus (Trojan). Well, my brother downloaded something funny and after he installed it, these problems arised. Many windows functions were invalid to me. I'm sure most of you all know about this. I tried uninstalling whatever it is, even reformatting my HDD several times, but the problem still persist. How do I get rid of this problem?

FYI, I have 2 HDD, I reformated the main HDD, the other was left untouched because it is a backup (many important files there).
Anyone who supply me the correct remedy, will get the points. I really need to get rid of this problem. I tried following the instructions from www.sophos.com but it doesn't work.

Thanks.
SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of syking
syking

ASKER

Also, FYI I tried other remedies like downloading the tool to seek msblast.exe, but that file is not found in my system.
The svchost.exe still gives me errors. I alread downloaded the security patch from microsoft. However, each time I format my HDD and re-install the Windows 2000, it still gives the same problem. Is the virus still in my system or something?? But I can't seem to find any virus.
If you are happy with formatting again, I would remove all partitions on the HDD and then create the partition again.

Then try setting up windows without having the other HDD attached and see how you go.

I know how you are feeling, we just had a bugbear worm and our AV couldn't fix it for about 2 weeks and any other utility wouldn't work.
Avatar of syking

ASKER

Stoner79,

Oh man, I hoped that it didn't have to turn this way. Removing partitions and all. (I'm just lazy ^_^).
But I guess I have no other choices but to explore myself. Thanks for the advice.
Avatar of syking

ASKER

Just out of curiousity, after my system got infected by the virus (or at least attempting to download the msblast.exe virus),
I formatted my drive on both partitions. Then, I installed Win2k again, the problem arised soon after. How is this possible?
Even if the virus mess with my registry, but I formatted the drive. Is it hiding in my backup drive??

Some virus's can hide in the MBR or boot sector.

Wiping all partition won't wipe the boot sector so its best to remove partitions and try again.

you could also try using FDISK /MBR or from the recovery console there is a FIXMBR option.  That may help.
Avatar of syking

ASKER

Actually, after I reboot from patching the file (microsoft security patches), the problem seized to arise.
But for safety sake, I'm just gonna reformat, remove partitions like you said. Might as well ^_^.
Thanks for the help.
ThanQ
to pete long:
                  hey, u don't know me;but I just solved a problem w/messenger service that was posted on google!!
so, i would like to award u 100 pts!!It will be well worth it if those annoyin popup ads are gone!!
                  have a good one!!
                                                       trukker  
I think that some of this thread has been a bit alarmist. Svchost.exe is a standard Microsoft file. See http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1 

Sure, it is used by programs that might exploit Internet access to a system, but that isn't necessarily the case. I think that if syking reformats his/her drive, that the file may re-appear again (even before accessing the internet). Services can be set to reboot the machine if they fail (usually after the second restart attempt) and this is probably just a standard shutdown, maybe nothing malicious to it.

I agree that it could be a virus or trojan, but in higher probablity it isn't. I have 6 sessions of svchost running on my computer and I know if I reformat and reinstall all my app's that they'll be there next time again. I might do this as an exercise in the next week or two and post my results here. I am confident that most or all people who run VB6 or installed a VB applicaiton (which has some form of IP functionality) will have this file in their processes list. I will keep an eye on this file and report my findings here.

Basically svchost.exe is a large library which includes things like FTP access, internet access and many other useful functions.

I came to this site because I was having major problems on a machine I was rebuilding for a friend with svchost crashes every time it accessed the web.  I knew that the machine had a virus, and had originally tried to install Mcafee Virus Scan 8.0 from CD but that installation kept crashing out as well.  I then decided to reformat that disk and do a new install of W2K, this worked fine and I then installed the virus software and W2K SP4.  All well so far.  I put office back on the machine and the first time I dialled up to check the Outlook and web settings I got an svchost error within minutes.  At this stage I assumed that the disk had a virus buried deep inside and as it was an old and rather slow disk I decided to put in a faster disk.  Repeated the whole process again and got the same problem.  I had been able to get all the latest patches from Mcafee before the svchost error showed up.

My solution was to download Mcafee personal firewall plus (took five attempts) then I could go to the MS site and download the patch and removal tool for the Blaster worm and then download all of the other security patches that are not on the SP4 CD.  The machine has been AOK ever since.

Hope someone finds this useful.
I had the same problem with svchost.exe causing errors in Win 2000 when I dialled up to the internet. I reformatted my hard disk and still had the same problem. After reading the above I tried the following and it appears to have worked...

Step 1. Download and install free personal firewall software from Sygate (http://smb.sygate.com/buy/download_buy.htm)
Step 2. Reboot machine
Step 3. Download Microsoft win 2000 service pack 4 and install (http://v4.windowsupdate.microsoft.com/en/default.asp).
Step 4. Download all other Microsoft critical security patches and install (http://v4.windowsupdate.microsoft.com/en/default.asp).
Step 5. Reboot machine

Problems fixed!
Important to remember when reinstalling Windows to fix this bug.  Do not connect to the Internet until the system is patched.  If you are on a local shared LAN with other machines that may be infected, pull the network cable out of your machine, you will be reinfected before you can patch otherwise.  Also, SP4 does not fix this problem, it is a post SP4 patch that you need, AND SP4 will overwrite it rendering you vulnerable again if you install the RPC patch first then SP4.  So download SP4, then the RPC patch and either put them on a separate partition, or burn them to CD before you go to do your reinstall, then install SP4 first, RPC patch second after reinstalling.  
Just a hint: There are some worms with same name "svchost.exe" like the M$ file. See ( http://www.neuber.com/taskmanager/process/svchost.exe.html )

The originale Svchost.exe (Generic Host Process for Win32 Services) is an integral part of Windows OS and is located in system32 folder.