svchost.exe

  • Thread starter Thread starter Sanjay
  • Start date Start date
S

Sanjay

I have a svchost.exe running that is causing a system
shutdown. I have found a few ways to resolve this but non
of them seem to do the job. When I run regedit, it closes
before I can do anything. msconfig has the same problem.
When in safe mode I all is well. HELP this is getting
worse now I have 4 machines all XP PRO doing the same
thing. I have checked for Blaster that was not found. I
have loaded the patch. I also have a 2000 advanced server
that is doing the same.
 
I suspect that you have applied updates, service packs or install a new
software. On XP you should be able to use System Restore and choose an
earlier System Point when this did not happen. However I am not sure if you
can use this option in Safe Mode.

Other way is to use regedit and connect over the network and see all running
services as svchost - from there you can disable this services to start one
by one (idea is to find which one is causing the problem). I suspect that
that service is disable din Safe Mode.

I know that at MS Technet they tell you a way to find which process is
launched under svchost.exe

Thank you,

Chris Popescu
 
Ok got it. It turned out to be a little EXE in the
windowssystem32 known as syscf.exe and syscfg.exe.pol.
There are 2 reg entries that need to be deleted.

I found that they didnt say API Config I looked for
anything that ran syscfg.exe

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows API Configuration = "syscfg.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows API Configuration = "syscfg.exe"

and remove the two references to 'Windows API
Configuration = "syscfg.exe"'.

Close the registry editor.

You have to delete the 2 file in system32 also.
You may have to start windows in Safe mode as regedit
closes after a few seconds.
Hope it helps someone else.
 
-----Original Message-----
I have a svchost.exe running that is causing a system
shutdown. I have found a few ways to resolve this but non
of them seem to do the job. When I run regedit, it closes
before I can do anything. msconfig has the same problem.
When in safe mode I all is well. HELP this is getting
worse now I have 4 machines all XP PRO doing the same
thing. I have checked for Blaster that was not found. I
have loaded the patch. I also have a 2000 advanced server
that is doing the same.
.
I've seen this,, the svchost.exe is taking over
Click to expand...
completely,, also creates a file called
svchost.poly.exe ,,,, I believe it's a virus or
similar.. I had to format c: to get rid of it.. it also
contaminates the file winhlpp32... it really is a pain...
 
Yes Sanjay, you are correct. It is now January 17, 2004 and there is
little mention of this Virus anywhere on the web. It is a variant of
GAOBOT worm, it exploits the RPC vulnerablilities that BLASTER and
NACHI did. It spreads to all unpatched machines on your network. It
will also disable Antivirus software, and several other things.
 
Back
Top