Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Svchost Error - No Internet Connection

  • Please log in to reply
2 replies to this topic

#1 bacteriaburger


  • Members
  • 1 posts
  • Local time:12:50 AM

Posted 06 January 2008 - 04:04 PM


I'm posting this for my boyfriend... His computer is running incredibly slowly, so as to be unuseable. He uses Windows XP Home Edition. The first thing you get after windows loads is this error message:

svchost error: "The instruction at '0x0002ab4' referenced memory at '0x0002ab64.' The memory could not be 'read.' Click on OK to terminate the program."

Going into Task Manager to see what is using up all the memory reveals nothing... In addition, the computer cannot connect to the internet (we have a wireless router), it doesn't even show that any internet connections are present.

I attempted to do System Restore to an earlier recovery point, but it didn't work. Tried to run AdAware, but got an error almost as soon as it began to scan, and the application shut down.

Think this must be a malware problem...

THANKS SO MUCH (in advance!)

BC AdBot (Login to Remove)


#2 Tomo2


  • Members
  • 402 posts
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:05:50 PM

Posted 06 January 2008 - 04:22 PM

This may or may not be malware. System slowing tends to be malware, but memory errors can just be stupid windows.
Try looking in the event viewer to see which dll on svchost.exe stuffed up or if it was itself. You can look here: Here
It could be something like a corrupt dll handle or incompatible software or, yes possibly malware.
You can try this...
Edit: Removed it, could have harmed your PC if it wasn't the problem you were experiencing.

Hope this helps!

Edited by Tomo2, 06 January 2008 - 05:08 PM.

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,734 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:50 AM

Posted 06 January 2008 - 07:46 PM

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs) and can run other services underneath itself. This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs. It runs from the registry key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost where details of the services running under each instance of svchost.exe can be found. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load.

It is not unusual for multiple instances of Svchost.exe running at the same time in Task manager in order to optimise the running of the various services.

Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) are not static and can change with each logon but generally they stay nearly the same because they are running services all the time. The PID's must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time. Read "How to determine what services are running under a Svchost.exe process".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location on your computer. In XP, the legitimate Svchost.exe file is located in your C:\WINDOWS\system32\ folder.

Other legitimate copies can be found in the following folders:
and a prefetch file located here: C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf

If svchost.exe is running as a startup (shows in msconfig), it can be bad as shown here and here. Make sure of the spelling. If it is scvhost.exe, then that is Trojan.

There are several ways to investigate svchost.exe and related processes.

You can download and use Process Explorer or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file. To get a list of processes shown by Process Explorer, go to file and choose Save as... to create a log named Procexp.txt in the same folder where Process Explorer resides.

The Process Explorer window shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

If you have XP Pro, you can use Tasklist /SVC to view the list of services processes that are running in Svchost. The /SVC switch shows the list of active services in each process.

Go to Start > Run and type: cmd
press Ok
At the command prompt type: tasklist /svc >c:\taskList.txt
press Enter

Go to Start > Run and type: C:\taskList.txt
press Ok to view the list of processes

For help and syntax information, type the following command, and then press ENTER:
tasklist /?
Also see Syntax options and Tasklist Syntax.

You can also use the WMI command-line utility to view and list processes.
Go to Start > Run and type: cmd
press Ok
At the command prompt type:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid
press Enter.

You can also use (type):
WMIC /OUTPUT:C:\ProcessList.txt path win32_process get Caption,Processid,Commandline
press Enter.

Go to Start > Run and type: C:\ProcessList.txt
press Ok to view the details of all the processes.

You can search the process name using Google or BC's File Database.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Most Internet connectivity problems arise out of corrupt Winsock settings due to the installation of a networking software or Malware infestation. Check with your ISP provider first and if they insist that your connection is coming through, the problem must be at your end.

If your using Windows XP SP2, log on as an administrator.
Go to Start > Run and type: cmd
Press OK or Hit Enter. A dos Window will appear.
At the command prompt, type or copy/paste: netsh winsock reset
Hit Enter.
When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset."
Close the command box and reboot your computer.

Go to Start > Run > type: cmd
Press OK or Hit Enter.
At the command prompt, type or copy/paste: ipconfig /flushdns
Hit Enter.
Close the command box.

Configure TCP/IP to use DNS. Go to Start > Control Panel, and choose Network Connections.
Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
Double-click on the Internet Protocol (TCP/IP) item.
Select the radio button that says "Obtain DNS servers automatically".
Click OK twice to get out of the properties screen and restart your computer.

CAUTION: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you make these changes or you may lose your internet connection. If you are sure you do not need a specific DNS address, you may proceed.

If you continue to have connectivity problems, download WinSockFix from another computer, save to a usb stick, and transfer it to your computer.
Be sure to print out and follow the instructions for using this tool provided in the Winsock Repair Tutorial.

If you still continue to have connectivity problems, see "It's not always malware: How to fix the top 10 Internet Explorer issues", "Troubleshoot Internet Connection" and "Troubleshooting Internet Connection Problems".
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users