We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Server 2003 Error "Faulting application svchost.exe"

Medium Priority
Last Modified: 2012-05-06
We are having some issues with two servers, with some of the services getting stopped automatically, this is the first time when we are facing the this problem, till now we faced this on two servers,  file & print server / Domain controller server,  to avoid it in future we would like to know is there any preventive measures to be taken to solve this issue:

In events log if we see only trace we can find was the below error message:

Application Error

Events ID: 1000

Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address

Awaiting for your quick response.



Watch Question

I am hoping I am not correct on this but you may bee infected with w32.downadup.b.  Check if you have this update: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
I found this on another website;
1. dir *.* /ahs in \System32 folder
2. If you see a .DLL file (not always .dll) then you are probably infected.
3. Using process explorer, search for the name you see, then close the handle of the file. If you do not find it in process explorer then it is not active yet but proceed to 4 anyway.
4. Take ownership of the file
5. Delete file
6. Check \WINDOWS\TASK for any job file that does not belong there
7. Look for Autorun.inf file in root. If there, take ownership and delete
8. Reboot
9. Enable BITS and Auto update services as the worm disables these.
10. Update windows.

Good luck, fm


This are the results which were generated:

C:\WINDOWS\system32>dir *.* /ahs
 Volume in drive C has no label.
 Volume Serial Number is 5804-519E

 Directory of C:\WINDOWS\system32

02/17/2009  11:57 AM    <DIR>          dllcache
               0 File(s)              0 bytes
               1 Dir(s)  11,681,733,632 bytes free

Senior IT Consultant
the most immediate action to check against Event ID 1000 related to SVCHOST.exe would be to make sure your server and hosted applications are patched up to the latest versions.

you can use something Like MBSA to scan for & download any missing updates without going to windows update website.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Any other solutions !!!


As we cant patch all the servers as we are using some old software.

So kindly let me know is there any other solutions for available to solve this issue.

Thanks & Regards,


Mohamed OsamaSenior IT Consultant

Legacy sotware is always an issue .
however , I am pretty sure that this error will be solved if you patch the systems.
the MBSA scan is a good start.
the best way to work around this without disrupting the sotware environment, is to get an image of the system, install it on a test server, then apply the patches on the test server  one Patch at a time, restart the application and the server & check if there is any impact on the environment, untill you can confirm those patches have no negative effect on your sotware, you can apply the patches on your production server only then.
hope this helps.


i think it was related to the updates for the server, after installing the patches the error is not coming.

Thanks For all your support.


Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.