Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3047
  • Last Modified:

Server 2003 Error "Faulting application svchost.exe"

We are having some issues with two servers, with some of the services getting stopped automatically, this is the first time when we are facing the this problem, till now we faced this on two servers,  file & print server / Domain controller server,  to avoid it in future we would like to know is there any preventive measures to be taken to solve this issue:

In events log if we see only trace we can find was the below error message:


Application Error

Events ID: 1000

Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address
0x0014e84e.


Awaiting for your quick response.

Regards,

Tanveer.

0
tanveer_hussain
Asked:
tanveer_hussain
  • 4
  • 2
1 Solution
 
_etoptasCommented:
I am hoping I am not correct on this but you may bee infected with w32.downadup.b.  Check if you have this update: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
I found this on another website;
1. dir *.* /ahs in \System32 folder
2. If you see a .DLL file (not always .dll) then you are probably infected.
3. Using process explorer, search for the name you see, then close the handle of the file. If you do not find it in process explorer then it is not active yet but proceed to 4 anyway.
4. Take ownership of the file
5. Delete file
6. Check \WINDOWS\TASK for any job file that does not belong there
7. Look for Autorun.inf file in root. If there, take ownership and delete
8. Reboot
9. Enable BITS and Auto update services as the worm disables these.
10. Update windows.

Good luck, fm
0
 
tanveer_hussainAuthor Commented:
This are the results which were generated:



C:\WINDOWS\system32>dir *.* /ahs
 Volume in drive C has no label.
 Volume Serial Number is 5804-519E

 Directory of C:\WINDOWS\system32

02/17/2009  11:57 AM    <DIR>          dllcache
               0 File(s)              0 bytes
               1 Dir(s)  11,681,733,632 bytes free


Thanks.
0
 
Mohamed OsamaSenior IT ConsultantCommented:
the most immediate action to check against Event ID 1000 related to SVCHOST.exe would be to make sure your server and hosted applications are patched up to the latest versions.

you can use something Like MBSA to scan for & download any missing updates without going to windows update website.


0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
tanveer_hussainAuthor Commented:
Any other solutions !!!
0
 
tanveer_hussainAuthor Commented:
As we cant patch all the servers as we are using some old software.

So kindly let me know is there any other solutions for available to solve this issue.

Thanks & Regards,


Tanveer.

0
 
Mohamed OsamaSenior IT ConsultantCommented:
Legacy sotware is always an issue .
however , I am pretty sure that this error will be solved if you patch the systems.
the MBSA scan is a good start.
the best way to work around this without disrupting the sotware environment, is to get an image of the system, install it on a test server, then apply the patches on the test serverĀ  one Patch at a time, restart the application and the server & check if there is any impact on the environment, untill you can confirm those patches have no negative effect on your sotware, you can apply the patches on your production server only then.
hope this helps.

0
 
tanveer_hussainAuthor Commented:
i think it was related to the updates for the server, after installing the patches the error is not coming.

Thanks For all your support.


Regards,


Tanveer.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now