Server 2003 Error "Faulting application svchost.exe"
We are having some issues with two servers, with some of the services getting stopped automatically, this is the first time when we are facing the this problem, till now we faced this on two servers, file & print server / Domain controller server, to avoid it in future we would like to know is there any preventive measures to be taken to solve this issue:
In events log if we see only trace we can find was the below error message:
Application Error
Events ID: 1000
Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address
0x0014e84e.
Awaiting for your quick response.
Regards,
Tanveer.
In events log if we see only trace we can find was the below error message:
Application Error
Events ID: 1000
Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address
0x0014e84e.
Awaiting for your quick response.
Regards,
Tanveer.
ASKER
This are the results which were generated:
C:\WINDOWS\system32>dir *.* /ahs
Volume in drive C has no label.
Volume Serial Number is 5804-519E
Directory of C:\WINDOWS\system32
02/17/2009 11:57 AM <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 11,681,733,632 bytes free
Thanks.
C:\WINDOWS\system32>dir *.* /ahs
Volume in drive C has no label.
Volume Serial Number is 5804-519E
Directory of C:\WINDOWS\system32
02/17/2009 11:57 AM <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 11,681,733,632 bytes free
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Any other solutions !!!
ASKER
As we cant patch all the servers as we are using some old software.
So kindly let me know is there any other solutions for available to solve this issue.
Thanks & Regards,
Tanveer.
So kindly let me know is there any other solutions for available to solve this issue.
Thanks & Regards,
Tanveer.
Legacy sotware is always an issue .
however , I am pretty sure that this error will be solved if you patch the systems.
the MBSA scan is a good start.
the best way to work around this without disrupting the sotware environment, is to get an image of the system, install it on a test server, then apply the patches on the test server one Patch at a time, restart the application and the server & check if there is any impact on the environment, untill you can confirm those patches have no negative effect on your sotware, you can apply the patches on your production server only then.
hope this helps.
however , I am pretty sure that this error will be solved if you patch the systems.
the MBSA scan is a good start.
the best way to work around this without disrupting the sotware environment, is to get an image of the system, install it on a test server, then apply the patches on the test server one Patch at a time, restart the application and the server & check if there is any impact on the environment, untill you can confirm those patches have no negative effect on your sotware, you can apply the patches on your production server only then.
hope this helps.
ASKER
i think it was related to the updates for the server, after installing the patches the error is not coming.
Thanks For all your support.
Regards,
Tanveer.
Thanks For all your support.
Regards,
Tanveer.
I found this on another website;
1. dir *.* /ahs in \System32 folder
2. If you see a .DLL file (not always .dll) then you are probably infected.
3. Using process explorer, search for the name you see, then close the handle of the file. If you do not find it in process explorer then it is not active yet but proceed to 4 anyway.
4. Take ownership of the file
5. Delete file
6. Check \WINDOWS\TASK for any job file that does not belong there
7. Look for Autorun.inf file in root. If there, take ownership and delete
8. Reboot
9. Enable BITS and Auto update services as the worm disables these.
10. Update windows.
Good luck, fm