Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host Process Error


  • Please log in to reply
6 replies to this topic

#1 bobo81

bobo81

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 31 October 2007 - 11:15 AM

OKay...before I get flamed I want to say YES I have searched for a solution abundantly on this site as well as the net. Absolutley nothing hase worked for me.

Basically the problem, for those who don't know from the title, is suddenly when working on the net an error comes up svchost.exe - Application Error. This is followed by a Generic Host Process for Win32 Services Error. When I close these windows from time to time it will give a message which gives me 59? secs until it restarts.

Here are screenshots:

1 Posted Image

2 Posted Image

3 Posted Image

I have done the following:

- Used Spybot, Ad-Aware, Spy Bot, Avast!, & True Sword with latest updates.
- Closed ports with Windows Worms Door Cleaner
- Updated with the Microsoft patches suggested from other forums/sites
- Uninstalled HP printer driver (dont use the printer so havnt reinstalled yet)

I understand that:

- Spyware can mirror as svchost.exe (I have 7 running in the task management but this is normal)
- It could be a RAM or Video Card issue, but I highly doubt it and want another alternative
- I work on a D-Link Router in my home however I have a firewall/NAT on as well as Windows Firewall and sheilds from antivirus so I cannot understand how worms get through...


PLEAAAAAAAAAAAAAAAAAAAASEEEEE HELP ME!!!! I cannot find any further help on the net and this is actually the first time I say this!!! :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:14 AM

Posted 31 October 2007 - 01:05 PM

http://support.microsoft.com/kb/821690

Soooo...did you uninstall all the other HP crapware that goes along with installation of their printers, scanners, etc.?

There's probably something in the registry triggering this whole thing.

What makes you think that you have an operative worm?

And do you have System Restore enabled when you do your malware scans?

http://antivirus.about.com/od/windowsbasic...stemrestore.htm

Louis

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:14 AM

Posted 01 November 2007 - 08:04 AM

FWIW - We don't flame here. It's against the rules and it's strictly enforced. BC is a nice family sorta place - and that's why I'm here! :thumbsup:

svchost.exe is the filename for Generic Host Process for Win32 Services. Essentially, it is a process that can run other services underneath itself - so it may not be svchost.exe that's the issue, but rather one of the processes running underneath it.

The most definitive way to figure this out is to identify which svchost.exe process this is and then using the free program Process Explorer (available here: http://www.microsoft.com/technet/sysintern...ssExplorer.mspx ) to see what's running underneath it.

If you experiment with stopping the svchost.exe processes in Task Manager - you'll find that you can stop some, but others will shutdown the system due to Windows requirements. This leaves you 59 seconds to go to Start...Run...and type in "shutdown -a" (without the quotes) and press Enter. This will abort the shutdown process (but may leave you with strange system behavior).

You haven't mentioned the results of your malware scans - but it's possible that something is still left, or it can be that the "cure" for removing the malware caused this. The "szModName: Unknown" in your last screenshot could also indicate that this was malware related.

Most commonly viruses get through because they're unwittingly allowed onto the system (which bypasses all the protection). At work the most common reasons we see are:
1) Opening an email without scanning it first
2) Opening a download without scanning it first
3) Clicking on the wrong thing on the internet (the bad guys will deliberately make this as confusing as possible in order to get you to click).

Finally, probably the easiest place to check for additional information on this error is your Event Viewer. Go to Start...Run...and type in "eventvwr.msc" (without the quotes) and press Enter. Check in both the System and Application logs for errors - double click on the errors to get more info.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 bobo81

bobo81
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 November 2007 - 05:58 AM

Thank you for the quick replies guys...I didnt wanna reply too fast since I did some things and wanted to weigh the results out...

I basically reupdated my HP Printer driver, and disabled some services (Control Panels > Admin Tools > Services) such as Windows Update (which I dont use anymore since my XP is a crack I think) and Symantec (since I uninstalled it) and so far so good. :thumbsup:

I download Windows Process Window (by Sysinternals.com) and it was showing that the service running under the "unknown" svchost.exe was Windows Update, I think.

How this just came out of no where is a mysetry to me ???? I have not updated in a long time and made no significant changes lately, but what to do.

Anyways unless something comes up or the problem pops up I won't be here anymore just writing my feedback for those who find this post in the future.

@hamluis - I did made some system restore points before making some serious changes but that's about it.

@usasma - Thank you for the "shutdown -a" trick that is really cool and never knew that!

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:14 AM

Posted 02 November 2007 - 10:12 AM

The point about System Restore is...if a system has malware operative and SR is operating, the malware can be brought back (after it has been removed) because there is a saved version in SR.

I don't run SR.

For those who do and who are confronted with malware issues, it's best to temporarily turn off SR when attempting to eliminate known malware. Then, re-enable it after you are sure that the malware has been removed totally.

Louis

#6 bobo81

bobo81
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 November 2007 - 11:00 AM

Hamluis yeah you are right. I kinda realized it might not be a malware issue though. Oh well, anyways still going good... :thumbsup:

#7 bobo81

bobo81
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 03 November 2007 - 04:49 AM

Its back!! :thumbsup:

I decided to restart the computer (with the network cable still plugged in) and sure enough on start up the messages popped up again. If I start up with the network cable pulled out and then plug it back in the messages take a while to pop up, maybe 5 or more minutes into my internet activity.

I noticed that after I close these messages not only does my computer act weird - task manager wont open, opening My Computer will show the flashlight searching and freeze, and the websites won't come when I press CTRL + O (they have been cleared) which makes me believe this could be a memory problem, as shown in the svchost error box.

I am not sure whether to buy new RAM or what.

It obviously has something to do with the internet cause as long as it is on the messages will pop up unless they already did and were closed.

Any ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users