Server 2003 Error "Faulting application svchost.exe"

Posted on 2009-02-17
Last Modified: 2012-05-06
We are having some issues with two servers, with some of the services getting stopped automatically, this is the first time when we are facing the this problem, till now we faced this on two servers,  file & print server / Domain controller server,  to avoid it in future we would like to know is there any preventive measures to be taken to solve this issue:

In events log if we see only trace we can find was the below error message:

Application Error

Events ID: 1000

Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address

Awaiting for your quick response.



Question by:tanveer_hussain
    LVL 6

    Expert Comment

    I am hoping I am not correct on this but you may bee infected with w32.downadup.b.  Check if you have this update:
    I found this on another website;
    1. dir *.* /ahs in \System32 folder
    2. If you see a .DLL file (not always .dll) then you are probably infected.
    3. Using process explorer, search for the name you see, then close the handle of the file. If you do not find it in process explorer then it is not active yet but proceed to 4 anyway.
    4. Take ownership of the file
    5. Delete file
    6. Check \WINDOWS\TASK for any job file that does not belong there
    7. Look for Autorun.inf file in root. If there, take ownership and delete
    8. Reboot
    9. Enable BITS and Auto update services as the worm disables these.
    10. Update windows.

    Good luck, fm

    Author Comment

    This are the results which were generated:

    C:\WINDOWS\system32>dir *.* /ahs
     Volume in drive C has no label.
     Volume Serial Number is 5804-519E

     Directory of C:\WINDOWS\system32

    02/17/2009  11:57 AM    <DIR>          dllcache
                   0 File(s)              0 bytes
                   1 Dir(s)  11,681,733,632 bytes free

    LVL 23

    Accepted Solution

    the most immediate action to check against Event ID 1000 related to SVCHOST.exe would be to make sure your server and hosted applications are patched up to the latest versions.

    you can use something Like MBSA to scan for & download any missing updates without going to windows update website.


    Author Comment

    Any other solutions !!!

    Author Comment

    As we cant patch all the servers as we are using some old software.

    So kindly let me know is there any other solutions for available to solve this issue.

    Thanks & Regards,


    LVL 23

    Expert Comment

    Legacy sotware is always an issue .
    however , I am pretty sure that this error will be solved if you patch the systems.
    the MBSA scan is a good start.
    the best way to work around this without disrupting the sotware environment, is to get an image of the system, install it on a test server, then apply the patches on the test server  one Patch at a time, restart the application and the server & check if there is any impact on the environment, untill you can confirm those patches have no negative effect on your sotware, you can apply the patches on your production server only then.
    hope this helps.


    Author Comment

    i think it was related to the updates for the server, after installing the patches the error is not coming.

    Thanks For all your support.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now