svchost.exe errors

Toggle sidebar Toggle sidebar
C

carlos

Distinguished
May 5, 2002
123
0
18,680
Archived from groups: codewarrior.windows,microsoft.public.windows.server.networking,microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general (More info?)

I keep getting these - no firewalls. Once I click send or don't send, apps
will longer launch.

Generic Host Process for Win32 Services encountered a problem and needed to
close.

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 12/21/2004
Time: 8:31:58 PM
User: N/A
Computer: DBZXXZ11
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000
 
Archived from groups: codewarrior.windows,microsoft.public.windows.server.networking,microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general (More info?)

Svchost.exe is a kind of "helper" program that lets DLL files run as
executables when running as a service.

As a first step I would download and run either Spybot S&D or Ad-Aware
(prefeabley both) to scan for and remove Spyware/Malware. Then see how
things run after that. I would also, after you have done that,...make sure
you AV software is fully updated and do a full scan of the machine.

Chances are, once the machine is "clean" the problem will go away.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Carlos" <CJrodriguez@msn.com> wrote in message
news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
> I keep getting these - no firewalls. Once I click send or don't send, apps
> will longer launch.
>
> Generic Host Process for Win32 Services encountered a problem and needed
to
> close.
>
> szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
> szModVer : 0.0.0.0 offset : 00000000
>
> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
>
> Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown,
> version 0.0.0.0, fault address 0x00000000.
> Event Type: Error
> Event Source: Application Error
> Event Category: (100)
> Event ID: 1004
> Date: 12/21/2004
> Time: 8:31:58 PM
> User: N/A
> Computer: DBZXXZ11
> Description:
> Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown,
> version 0.0.0.0, fault address 0x00000000.
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 41 70 70 6c 69 63 61 74 Applicat
> 0008: 69 6f 6e 20 46 61 69 6c ion Fail
> 0010: 75 72 65 20 20 73 76 63 ure svc
> 0018: 68 6f 73 74 2e 65 78 65 host.exe
> 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
> 0028: 20 69 6e 20 75 6e 6b 6e in unkn
> 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
> 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
> 0040: 66 66 73 65 74 20 30 30 ffset 00
> 0048: 30 30 30 30 30 30 000000
>
>
 
Archived from groups: codewarrior.windows,microsoft.public.windows.server.networking,microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general (More info?)

Carlos:

There was NO reason to cross-post to the News Groups; "codewarrior", Networking, Device
Driver Development or Windows Update. Please keep your posting/cross-posting On Topic for
the subject matter of your post.

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) Create a new Restore point

If Stinger indicates nothing, please try several of the following online scanners

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Symantec:
http://security.symantec.com/


* * * Please report your results ! * * *


--
Dave




"Carlos" <CJrodriguez@msn.com> wrote in message
news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
| I keep getting these - no firewalls. Once I click send or don't send, apps
| will longer launch.
|
| Generic Host Process for Win32 Services encountered a problem and needed to
| close.
|
| szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
| szModVer : 0.0.0.0 offset : 00000000
|
| C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
| C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
|
| Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
| version 0.0.0.0, fault address 0x00000000.
| Event Type: Error
| Event Source: Application Error
| Event Category: (100)
| Event ID: 1004
| Date: 12/21/2004
| Time: 8:31:58 PM
| User: N/A
| Computer: DBZXXZ11
| Description:
| Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
| version 0.0.0.0, fault address 0x00000000.
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
| Data:
| 0000: 41 70 70 6c 69 63 61 74 Applicat
| 0008: 69 6f 6e 20 46 61 69 6c ion Fail
| 0010: 75 72 65 20 20 73 76 63 ure svc
| 0018: 68 6f 73 74 2e 65 78 65 host.exe
| 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
| 0028: 20 69 6e 20 75 6e 6b 6e in unkn
| 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
| 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
| 0040: 66 66 73 65 74 20 30 30 ffset 00
| 0048: 30 30 30 30 30 30 000000
|
|
 
Archived from groups: codewarrior.windows,microsoft.public.windows.server.networking,microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general (More info?)

Thanks Phil - but I have already run AdAware, Spybot, TrendMicro, and NAV.
In safe mode too.


"Phillip Windell" <@.> wrote in message
news:%23sD53DE6EHA.4004@tk2msftngp13.phx.gbl...
> Svchost.exe is a kind of "helper" program that lets DLL files run as
> executables when running as a service.
>
> As a first step I would download and run either Spybot S&D or Ad-Aware
> (prefeabley both) to scan for and remove Spyware/Malware. Then see how
> things run after that. I would also, after you have done that,...make sure
> you AV software is fully updated and do a full scan of the machine.
>
> Chances are, once the machine is "clean" the problem will go away.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Carlos" <CJrodriguez@msn.com> wrote in message
> news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
>> I keep getting these - no firewalls. Once I click send or don't send,
>> apps
>> will longer launch.
>>
>> Generic Host Process for Win32 Services encountered a problem and needed
> to
>> close.
>>
>> szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
>> szModVer : 0.0.0.0 offset : 00000000
>>
>> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
>> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
>>
>> Faulting application svchost.exe, version 0.0.0.0, faulting module
> unknown,
>> version 0.0.0.0, fault address 0x00000000.
>> Event Type: Error
>> Event Source: Application Error
>> Event Category: (100)
>> Event ID: 1004
>> Date: 12/21/2004
>> Time: 8:31:58 PM
>> User: N/A
>> Computer: DBZXXZ11
>> Description:
>> Faulting application svchost.exe, version 0.0.0.0, faulting module
> unknown,
>> version 0.0.0.0, fault address 0x00000000.
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>> Data:
>> 0000: 41 70 70 6c 69 63 61 74 Applicat
>> 0008: 69 6f 6e 20 46 61 69 6c ion Fail
>> 0010: 75 72 65 20 20 73 76 63 ure svc
>> 0018: 68 6f 73 74 2e 65 78 65 host.exe
>> 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
>> 0028: 20 69 6e 20 75 6e 6b 6e in unkn
>> 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
>> 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
>> 0040: 66 66 73 65 74 20 30 30 ffset 00
>> 0048: 30 30 30 30 30 30 000000
>>
>>
>
>
 
Archived from groups: codewarrior.windows,microsoft.public.windows.server.networking,microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general (More info?)

I can't find anything else on that. Did you click on the link given in the
error?...you have to click on it in the error popup error itself,...clicking
on it in this email won't help.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Carlos" <CJrodriguez@msn.com> wrote in message
news:kAiyd.1142765$Gx4.209593@bgtnsc04-news.ops.worldnet.att.net...
> Thanks Phil - but I have already run AdAware, Spybot, TrendMicro, and NAV.
> In safe mode too.
>
>
> "Phillip Windell" <@.> wrote in message
> news:%23sD53DE6EHA.4004@tk2msftngp13.phx.gbl...
> > Svchost.exe is a kind of "helper" program that lets DLL files run as
> > executables when running as a service.
> >
> > As a first step I would download and run either Spybot S&D or Ad-Aware
> > (prefeabley both) to scan for and remove Spyware/Malware. Then see how
> > things run after that. I would also, after you have done that,...make
sure
> > you AV software is fully updated and do a full scan of the machine.
> >
> > Chances are, once the machine is "clean" the problem will go away.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "Carlos" <CJrodriguez@msn.com> wrote in message
> > news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
> >> I keep getting these - no firewalls. Once I click send or don't send,
> >> apps
> >> will longer launch.
> >>
> >> Generic Host Process for Win32 Services encountered a problem and
needed
> > to
> >> close.
> >>
> >> szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
> >> szModVer : 0.0.0.0 offset : 00000000
> >>
> >> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
> >> C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
> >>
> >> Faulting application svchost.exe, version 0.0.0.0, faulting module
> > unknown,
> >> version 0.0.0.0, fault address 0x00000000.
> >> Event Type: Error
> >> Event Source: Application Error
> >> Event Category: (100)
> >> Event ID: 1004
> >> Date: 12/21/2004
> >> Time: 8:31:58 PM
> >> User: N/A
> >> Computer: DBZXXZ11
> >> Description:
> >> Faulting application svchost.exe, version 0.0.0.0, faulting module
> > unknown,
> >> version 0.0.0.0, fault address 0x00000000.
> >> For more information, see Help and Support Center at
> >> http://go.microsoft.com/fwlink/events.asp.
> >> Data:
> >> 0000: 41 70 70 6c 69 63 61 74 Applicat
> >> 0008: 69 6f 6e 20 46 61 69 6c ion Fail
> >> 0010: 75 72 65 20 20 73 76 63 ure svc
> >> 0018: 68 6f 73 74 2e 65 78 65 host.exe
> >> 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
> >> 0028: 20 69 6e 20 75 6e 6b 6e in unkn
> >> 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
> >> 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
> >> 0040: 66 66 73 65 74 20 30 30 ffset 00
> >> 0048: 30 30 30 30 30 30 000000
> >>
> >>
> >
> >
>
>
 
Archived from groups: microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windows.server.networking (More info?)

Hi.
I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
could rip and upload personal data such as credit card details to it's
creator. My Registry and running Processes are infested with SVCHOST.EXE. I
have tried many methods to remove it. So I am now going to read others in
this forum and if any help is appropriate, give it a try and post results.
If any one has any other advice on this issue please email:
lloydcodrington@hotmail.com.

Thanks all,
Lloyd.

"David H. Lipman" wrote:

> Carlos:
>
> There was NO reason to cross-post to the News Groups; "codewarrior", Networking, Device
> Driver Development or Windows Update. Please keep your posting/cross-posting On Topic for
> the subject matter of your post.
>
> Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/
>
> 1) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 2) Reboot your PC into Safe Mode
> 3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
> infectors found
> 4) Restart your PC and perform a "final" Full Scan of your platform
> 5) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 6) Reboot your PC.
> 7) Create a new Restore point
>
> If Stinger indicates nothing, please try several of the following online scanners
>
> BitDefender:
> http://www.bitdefender.com/scan/license.php
>
> Computer Associates:
> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
> DialogueScience:
> http://www.antivir.ru/english/www_av/
>
> F-Secure:
> http://support.f-secure.com/enu/home/ols.shtml
>
> Freedom Online scanner:
> http://www.freedom.net/viruscenter/index.html
>
> Kaspersky:
> http://www.kaspersky.com/de/scanforvirus
>
> McAfee:
> http://www.mcafee.com/myapps/mfs/default.asp
>
> Panda:
> http://www.pandasoftware.com/activescan/
>
> Symantec:
> http://security.symantec.com/
>
>
> * * * Please report your results ! * * *
>
>
> --
> Dave
>
>
>
>
> "Carlos" <CJrodriguez@msn.com> wrote in message
> news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
> | I keep getting these - no firewalls. Once I click send or don't send, apps
> | will longer launch.
> |
> | Generic Host Process for Win32 Services encountered a problem and needed to
> | close.
> |
> | szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
> | szModVer : 0.0.0.0 offset : 00000000
> |
> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
> |
> | Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
> | version 0.0.0.0, fault address 0x00000000.
> | Event Type: Error
> | Event Source: Application Error
> | Event Category: (100)
> | Event ID: 1004
> | Date: 12/21/2004
> | Time: 8:31:58 PM
> | User: N/A
> | Computer: DBZXXZ11
> | Description:
> | Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
> | version 0.0.0.0, fault address 0x00000000.
> | For more information, see Help and Support Center at
> | http://go.microsoft.com/fwlink/events.asp.
> | Data:
> | 0000: 41 70 70 6c 69 63 61 74 Applicat
> | 0008: 69 6f 6e 20 46 61 69 6c ion Fail
> | 0010: 75 72 65 20 20 73 76 63 ure svc
> | 0018: 68 6f 73 74 2e 65 78 65 host.exe
> | 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
> | 0028: 20 69 6e 20 75 6e 6b 6e in unkn
> | 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
> | 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
> | 0040: 66 66 73 65 74 20 30 30 ffset 00
> | 0048: 30 30 30 30 30 30 000000
> |
> |
>
>
>
 
Archived from groups: microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windows.server.networking (More info?)

http://www.google.com/search?hl=en&q=SVCHOST.EXE&btnG=Google+Search

--
Happy Mardi Gras,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


"Lloyd Codrington" <Lloyd Codrington@discussions.microsoft.com> wrote in
message news:09EE2BAA-8781-4A04-959C-1C4EDB00BE13@microsoft.com...
> Hi.
> I was led to believe that SVCHOST.EXE was a backdoor for hackers and that
> it
> could rip and upload personal data such as credit card details to it's
> creator. My Registry and running Processes are infested with SVCHOST.EXE.
> I
> have tried many methods to remove it. So I am now going to read others in
> this forum and if any help is appropriate, give it a try and post results.
> If any one has any other advice on this issue please email:
> lloydcodrington@hotmail.com.
>
> Thanks all,
> Lloyd.
>
> "David H. Lipman" wrote:
>
>> Carlos:
>>
>> There was NO reason to cross-post to the News Groups; "codewarrior",
>> Networking, Device
>> Driver Development or Windows Update. Please keep your
>> posting/cross-posting On Topic for
>> the subject matter of your post.
>>
>> Obtain McAfee's virus and worm removal tool, Stinger:
>> http://vil.nai.com/vil/stinger/
>>
>> 1) Disable System Restore
>> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>> 2) Reboot your PC into Safe Mode
>> 3) Using McAfee Stinger, perform a Full Scan of your platform and
>> clean/delete any
>> infectors found
>> 4) Restart your PC and perform a "final" Full Scan of your platform
>> 5) Re-enable System Restore and re-apply any System Restore
>> preferences,
>> (e.g. HD space to use suggested 400 ~ 600MB),
>> 6) Reboot your PC.
>> 7) Create a new Restore point
>>
>> If Stinger indicates nothing, please try several of the following online
>> scanners
>>
>> BitDefender:
>> http://www.bitdefender.com/scan/license.php
>>
>> Computer Associates:
>> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>>
>> DialogueScience:
>> http://www.antivir.ru/english/www_av/
>>
>> F-Secure:
>> http://support.f-secure.com/enu/home/ols.shtml
>>
>> Freedom Online scanner:
>> http://www.freedom.net/viruscenter/index.html
>>
>> Kaspersky:
>> http://www.kaspersky.com/de/scanforvirus
>>
>> McAfee:
>> http://www.mcafee.com/myapps/mfs/default.asp
>>
>> Panda:
>> http://www.pandasoftware.com/activescan/
>>
>> Symantec:
>> http://security.symantec.com/
>>
>>
>> * * * Please report your results ! * * *
>>
>>
>> --
>> Dave
>>
>>
>>
>>
>> "Carlos" <CJrodriguez@msn.com> wrote in message
>> news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
>> | I keep getting these - no firewalls. Once I click send or don't send,
>> apps
>> | will longer launch.
>> |
>> | Generic Host Process for Win32 Services encountered a problem and
>> needed to
>> | close.
>> |
>> | szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
>> | szModVer : 0.0.0.0 offset : 00000000
>> |
>> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
>> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
>> |
>> | Faulting application svchost.exe, version 0.0.0.0, faulting module
>> unknown,
>> | version 0.0.0.0, fault address 0x00000000.
>> | Event Type: Error
>> | Event Source: Application Error
>> | Event Category: (100)
>> | Event ID: 1004
>> | Date: 12/21/2004
>> | Time: 8:31:58 PM
>> | User: N/A
>> | Computer: DBZXXZ11
>> | Description:
>> | Faulting application svchost.exe, version 0.0.0.0, faulting module
>> unknown,
>> | version 0.0.0.0, fault address 0x00000000.
>> | For more information, see Help and Support Center at
>> | http://go.microsoft.com/fwlink/events.asp.
>> | Data:
>> | 0000: 41 70 70 6c 69 63 61 74 Applicat
>> | 0008: 69 6f 6e 20 46 61 69 6c ion Fail
>> | 0010: 75 72 65 20 20 73 76 63 ure svc
>> | 0018: 68 6f 73 74 2e 65 78 65 host.exe
>> | 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
>> | 0028: 20 69 6e 20 75 6e 6b 6e in unkn
>> | 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
>> | 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
>> | 0040: 66 66 73 65 74 20 30 30 ffset 00
>> | 0048: 30 30 30 30 30 30 000000
>> |
>> |
>>
>>
>>
 
Archived from groups: microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windows.server.networking (More info?)

Lloyd:

SVCHOST.EXE is a legitimate component of WinXP. However, it is the target of many viral and
non-viral malware. In addition, many viral and non-viral malware may variations of that
name such as SCVHOST.EXE.

--
Dave




"Lloyd Codrington" <Lloyd Codrington@discussions.microsoft.com> wrote in message
news:09EE2BAA-8781-4A04-959C-1C4EDB00BE13@microsoft.com...
| Hi.
| I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
| could rip and upload personal data such as credit card details to it's
| creator. My Registry and running Processes are infested with SVCHOST.EXE. I
| have tried many methods to remove it. So I am now going to read others in
| this forum and if any help is appropriate, give it a try and post results.
| If any one has any other advice on this issue please email:
| lloydcodrington@hotmail.com.
|
| Thanks all,
| Lloyd.
 
Archived from groups: microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windows.server.networking (More info?)

Kelly

It is still gives me "nightmares" trying to figure out which application
/ service is using it <g>.

One is currently not closing down and being booted off by uphclean. I
can't figure out what is starting it! I have tried Process Explorer.


--

~~~~~~

Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~

"Kelly" <kelly@mvps.org> wrote in message
news:e2x3aHdCFHA.444@TK2MSFTNGP09.phx.gbl...
> http://www.google.com/search?hl=en&q=SVCHOST.EXE&btnG=Google+Search
>
> --
> Happy Mardi Gras,
> Kelly (MS-MVP)
>
> Troubleshooting Windows XP
> http://www.kellys-korner-xp.com
>
>
> "Lloyd Codrington" <Lloyd Codrington@discussions.microsoft.com> wrote
> in message news:09EE2BAA-8781-4A04-959C-1C4EDB00BE13@microsoft.com...
>> Hi.
>> I was led to believe that SVCHOST.EXE was a backdoor for hackers and
>> that it
>> could rip and upload personal data such as credit card details to
>> it's
>> creator. My Registry and running Processes are infested with
>> SVCHOST.EXE. I
>> have tried many methods to remove it. So I am now going to read
>> others in
>> this forum and if any help is appropriate, give it a try and post
>> results.
>> If any one has any other advice on this issue please email:
>> lloydcodrington@hotmail.com.
>>
>> Thanks all,
>> Lloyd.
>>
>> "David H. Lipman" wrote:
>>
>>> Carlos:
>>>
>>> There was NO reason to cross-post to the News Groups;
>>> "codewarrior", Networking, Device
>>> Driver Development or Windows Update. Please keep your
>>> posting/cross-posting On Topic for
>>> the subject matter of your post.
>>>
>>> Obtain McAfee's virus and worm removal tool, Stinger:
>>> http://vil.nai.com/vil/stinger/
>>>
>>> 1) Disable System Restore
>>> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>>> 2) Reboot your PC into Safe Mode
>>> 3) Using McAfee Stinger, perform a Full Scan of your platform
>>> and clean/delete any
>>> infectors found
>>> 4) Restart your PC and perform a "final" Full Scan of your
>>> platform
>>> 5) Re-enable System Restore and re-apply any System Restore
>>> preferences,
>>> (e.g. HD space to use suggested 400 ~ 600MB),
>>> 6) Reboot your PC.
>>> 7) Create a new Restore point
>>>
>>> If Stinger indicates nothing, please try several of the following
>>> online scanners
>>>
>>> BitDefender:
>>> http://www.bitdefender.com/scan/license.php
>>>
>>> Computer Associates:
>>> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>>>
>>> DialogueScience:
>>> http://www.antivir.ru/english/www_av/
>>>
>>> F-Secure:
>>> http://support.f-secure.com/enu/home/ols.shtml
>>>
>>> Freedom Online scanner:
>>> http://www.freedom.net/viruscenter/index.html
>>>
>>> Kaspersky:
>>> http://www.kaspersky.com/de/scanforvirus
>>>
>>> McAfee:
>>> http://www.mcafee.com/myapps/mfs/default.asp
>>>
>>> Panda:
>>> http://www.pandasoftware.com/activescan/
>>>
>>> Symantec:
>>> http://security.symantec.com/
>>>
>>>
>>> * * * Please report your results ! * * *
>>>
>>>
>>> --
>>> Dave
>>>
>>>
>>>
>>>
>>> "Carlos" <CJrodriguez@msn.com> wrote in message
>>> news:_egyd.1142097$Gx4.526849@bgtnsc04-news.ops.worldnet.att.net...
>>> | I keep getting these - no firewalls. Once I click send or don't
>>> send, apps
>>> | will longer launch.
>>> |
>>> | Generic Host Process for Win32 Services encountered a problem and
>>> needed to
>>> | close.
>>> |
>>> | szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
>>> | szModVer : 0.0.0.0 offset : 00000000
>>> |
>>> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
>>> | C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
>>> |
>>> | Faulting application svchost.exe, version 0.0.0.0, faulting module
>>> unknown,
>>> | version 0.0.0.0, fault address 0x00000000.
>>> | Event Type: Error
>>> | Event Source: Application Error
>>> | Event Category: (100)
>>> | Event ID: 1004
>>> | Date: 12/21/2004
>>> | Time: 8:31:58 PM
>>> | User: N/A
>>> | Computer: DBZXXZ11
>>> | Description:
>>> | Faulting application svchost.exe, version 0.0.0.0, faulting module
>>> unknown,
>>> | version 0.0.0.0, fault address 0x00000000.
>>> | For more information, see Help and Support Center at
>>> | http://go.microsoft.com/fwlink/events.asp.
>>> | Data:
>>> | 0000: 41 70 70 6c 69 63 61 74 Applicat
>>> | 0008: 69 6f 6e 20 46 61 69 6c ion Fail
>>> | 0010: 75 72 65 20 20 73 76 63 ure svc
>>> | 0018: 68 6f 73 74 2e 65 78 65 host.exe
>>> | 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
>>> | 0028: 20 69 6e 20 75 6e 6b 6e in unkn
>>> | 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
>>> | 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
>>> | 0040: 66 66 73 65 74 20 30 30 ffset 00
>>> | 0048: 30 30 30 30 30 30 000000
>>> |
>>> |
>>>
>>>
>>>
>
>
 
Archived from groups: microsoft.public.windowsupdate,microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windows.server.networking (More info?)

"Gerry Cornell" <gcjc@tenretnitb.com> wrote in message news:OYO1KceCFHA.2380@tk2msftngp13.phx.gbl...
> Kelly
>
> It is still gives me "nightmares" trying to figure out which application / service is using it <g>.


Do you have tasklist? (Part of XP Pro but also I think available
for XP Home users too, perhaps in their Support Tools package.)

Open a command window and enter:

tasklist /svc /fi "Imagename eq svchost.exe"

or, for a particular task, get its PID (represented by xxxx below)
and enter:

tasklist /svc /fi "PID eq xxxx"

You can also get more clues from the list of modules that task is using:

tasklist /M /fi "PID eq xxxx"


HTH

Robert Aldwinckle
---
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom