random svchost.exe shutdown

  • Thread starter Thread starter Bruce Cavender
  • Start date Start date
B

Bruce Cavender

Over the last couple days svchost has terminated without
any repeatable trigger. Error is "svchost.exe has
generatied errors and will be closed by Windows. You will
need to restart."

System alert has the following error also:
The COM+ Event System detected a bad return code during
its internal processing. HRESULT was 800706BF from line
42 of .\eventsystemobj.cpp. Please contact Microsoft
Product Support Services to report this error.

Running Win2kPro 5.00.2195 SP2

Suggestions?
Tnx!
Bruce
 
I have this problem also, using Windows 2000 SPA. Although my system was
never infected with the blaster/loosen worm, for some reason schist.exe was
crashing multiple times throughout the day. I also discovered through
reading the various newsgroups and forums out there, that many other users
were also experiencing the same problems.

I am starting to wonder if this may have something to do with the large
number of w32.blaster infected systems out there. From what I understand,
the worm exploits a vulnerability in the way RPC handles malformed TCP/IP
messages. By sending malformed messages to it, the RPC service will crash
and all services and functions depending on it will behave abnormally. The
w32.blaster worm tries to scan and attack or spread to systems over port 135
after the RPC service crashes, or something along those lines.

The purpose of the worm is to spread to as many systems as possible. When
run, it scans a random IP range to look for vulnerable systems on TCP port
135. Can the method in which it 'scans' be responsible for this sudden
flurry of svchost.exe errors being reported on 8-12 and 8-11?

I think there is more to this whole problem than just applying the MS03-026
patch (i.e.. the blaster patch).
 
Sorry for the spelling errors in the last message! I pressed the wrong
button on my spell checker....

I have this problem also, using Windows 2000 SP4. Although my system was
never infected with the Blaster/Lovsan worm, for some reason svchost.exe was
crashing multiple times throughout the day. I also discovered through
reading the various newsgroups and forums out there, that many other users
were also experiencing the same problems.

I am starting to wonder if this may have something to do with the large
number of w32.blaster infected systems out there. From what I understand,
the worm exploits a vulnerability in the way RPC handles malformed TCP/IP
messages. By sending malformed messages to it, the RPC service will crash
and all services and functions depending on it will behave abnormally. The
w32.blaster worm tries to scan and attack or spread to systems over port 135
after the RPC service crashes, or something along those lines.

The purpose of the worm is to spread to as many systems as possible. When
run, it scans a random IP range to look for vulnerable systems on TCP port
135. Can the method in which it 'scans' be responsible for this sudden
flurry of svchost.exe errors being reported on 8-12 and 8-11?

I think there is more to this whole problem than just applying the MS03-026
patch (i.e.. the blaster patch).
 
I received svchost error several times on Aug 11 / 12.
After reinstalling Office and reinstalltin Service Pack 2,
error was still appearing and stopping links and embedded
objects etc from working.
Eventually i was able to kill it by renaming my user
profile, and logging back on to have it recreated. I then
copied all of my profile files back, incl my .dat file,
and it seems to be ok now
Deffo seeems like some kinda bug or worm, but not sure how
i got it. Can it come simply from opening web pages?
 
Back
Top