Announcement

Collapse
No announcement yet.

Svchost crashes twice a day on each win 2003 server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Svchost crashes twice a day on each win 2003 server

    Hi all,

    this is my first post on this forum.
    I'm experiencing strange svchost crashes only on each Win 2003 servers in my farm. Windows 2000 and 2008 seems to not be involved in this issue.
    The event happens almost twice a day in random hours.
    Are somebody of you experiencing the same trouble?

    I tried to shut down Windows Update service in order to exclude this cause (one year ago I remember there was a similar accident due to Windows update).

    I scan my systems with our McAfee antivirus and Doctor Web.
    They didn't find any malware.

    Any help is appreciate.
    Thank you.

  • #2
    Re: Svchost crashes twice a day on each win 2003 server

    Are the servers up to date?
    A while back the svchost crashes could have been caused by other machines on the network infected with a virus (at least my hazy memory tells me). Have you scanned your other hosts and checked they are all up to date.

    Do you have anything in the event logs?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Svchost crashes twice a day on each win 2003 server

      Thanks for your reply.

      The event log report this (sorry is italian!):

      Tipo evento: Errore
      Origine evento: Application Error
      Categoria evento: (100)
      ID evento: 1000
      Data: 18/12/2008
      Ora: 9.46.43
      Utente: N/D
      Computer: ANDROM
      Descrizione:
      Applicazione che ha provocato l'errore svchost.exe, versione 5.2.3790.1830, modulo che ha provocato l'errore kernel32.dll, versione 5.2.3790.2756, indirizzo errore 0x0010568c.

      Do you mean to check all hosts, including personal computers?
      I'll check for infected hosts, also if we use McAfee Policy Orchestrator that seems to work fine...
      Thank you again!

      Comment


      • #4
        Re: Svchost crashes twice a day on each win 2003 server

        Ciao Mining,

        This guys had the same problem as yours and it looks like you'll need to firstly do a thorough Antivirus scan to make sure you are not already infected and update the servers with the latest SP and the suggested patch.
        Anyway have a look at this: - http://thesource.ofallevil.com/commu...&cr=&sloc=&p=1
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Svchost crashes twice a day on each win 2003 server

          Yes, everything should be up to date anyway but it is always worth running a scan against the clients.

          Do they all have the current windows updates installed?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: Svchost crashes twice a day on each win 2003 server

            I probably wasn't very direct in my last post.

            Mining, according to this you MUST apply the latest SP and the following patch ASAP : http://www.microsoft.com/technet/sec.../MS08-067.mspx

            More info on the Worm spread through this excploit: http://isc.sans.org/diary.html?storyid=5275&rss

            Ref: Here

            Ta
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Svchost crashes twice a day on each win 2003 server

              (Just in case, my post was written before L4ndy posted but I didn't actually click submit till today so ignore it as it has already been said!)
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: Svchost crashes twice a day on each win 2003 server

                Thank you to all!

                I just download the http://www.microsoft.com/technet/sec.../MS08-067.mspx patch.

                I'll came back with news asap.

                Comment


                • #9
                  Re: Svchost crashes twice a day on each win 2003 server

                  Hi,

                  I installed the patch on 1 server and it seems to work fine...
                  For three days no crashes of svchost happened!

                  I'm going to distribute the patch on the other servers.

                  Thank you again for you help!

                  I'll update you if something else happens.

                  Bye

                  Comment


                  • #10
                    Re: Svchost crashes twice a day on each win 2003 server

                    You need to find out where the worm is originating too, if that is the cause.
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: Svchost crashes twice a day on each win 2003 server

                      As well as Andy's suggestion, I'd say that applying the patch is the first step.
                      The next and the most important one would be to asses the extent of the damage (If any), A thorough AV and AS scan and assesment of the Security log files and the audits in place, to make sure no backdoors are created.

                      Ciao
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment

                      Working...
                      X