0

I got the same problem on my very freshly installed Windows 2003.
SVCHOST.EXE crashes, whitch results in a reboot.
I know I can cancel the shutdown by shutdown /a and I know I can disable the reboting by setting it in the RPC service.
The question is not how to prevent the rebooting, but how the hell can I fix this problem?
I've installed Win2k3, and reinstalled it to be sure that it wasn't Win2k3. also tried several virus scanners to be sure it wasn't a virus.
My system is always connected to Internet via a LAN & router.

Event log:

Faulting application svchost.exe, version 5.2.3790.0, faulting module rpcss.dll, version 5.2.3790.0, fault address 0x0002eb3c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

7
Contributors
12
Replies
13
Views
13 Years
Discussion Span
Last Post by MAD_DOG
0

It is probably the blaster or sasser worm. Most likely blaster, because of the rpcss.dll message there.

Try running Stinger-- it detects and removes both viruses, along with about 40 others :)

0

I doubt it is a virus, but I'm willing to scan my system for the 4th time. I don't have anything to lose ;-)

I'm scanning right now!

0

Try running Stinger-- it detects and removes both viruses, along with about 40 others :)

You might also want to check your system for spyware/adware/malware if you haven't already. Read through some of the posts in our Security forum for instructions on downloading and using a few of the useful (and free) detection/removal utilities:

Ad Aware
SpyBot
SpywareBlaster
HijackThis

0

Reply to alc6379: My system was clean, no virus found

Reply to DMR: I don't have any spyware installed, unless by some magical reason it got my system within 10 minutes. I had just installed my computer with Windows 2003 when the SVCHOST started to crash (and the computer started to reboot).

I changed the RPC-service settings for when it crashes. It no longer reboots now. Also I downloaded all updates from the M$ site.

I don't know if the service had crashed today, since I'm not home to log in and look at the event log.

I do know that the system is up and running the whole day now, but that's all I know at the moment.

0

It is definitely the blaster or sasser worm. These are worms, not viruses that you have to download. Worms just run around in the net looking for vulnerable machine then sneak in, no install or download required. I installed Windows in a couple of systems and got the same error after being connected to the internet for only 10 minutes. Now, I always install a firewall and turn on Windows firewall before I put a system on the net. In addition, keep your system updated. If all you did was turn of your RPC then you still could be infected and are hosting the worm to the rest of the world, Thankz.

0

Pat you have a legal copy of Win2K3 Server?

Uhm... :o no...
btw.... I don't have any problems... it seems that the problems stopped after I installed updates.

0

It is definitely the blaster or sasser worm. These are worms, not viruses that you have to download. Worms just run around in the net looking for vulnerable machine then sneak in, no install or download required. I installed Windows in a couple of systems and got the same error after being connected to the internet for only 10 minutes. Now, I always install a firewall and turn on Windows firewall before I put a system on the net. In addition, keep your system updated. If all you did was turn of your RPC then you still could be infected and are hosting the worm to the rest of the world, Thankz.

Sasser is indeed a worm, but I don't think it was a worm. I tried the latest virus removal tools from symantec and mcaffee. Those tools should also kill the sasser worm, if it was on my system, but the tools didn't found anything.

I didn't turn off the RPC, I just configured in a way that it would not reboot when the service crashed.
I still should see an entry in the event-viewer when that service crashes, but my event-log is clean. (read: No wierd things)

Greets
Patrick

0

need help one on one please call me at 586-675-9000 cant get desktop items back or format.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.