Re: SVCHost keeps crashing
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Sat, 9 Feb 2008 14:24:58 -0500
You'd never stated that you had an anti-virus application installed before now, hence my persistence.
ZA Internet Security includes an anti-virus application: Do you have any other anti-virus applications also installed?
The above (and the ability of ZA Internet Security to protect the machine from any/all hijackware) notwithstanding, is the machine currently fully patched at Windows Update? A minimum of 70 critical security updates have been released to-date since SP2 was released. If haven't already gotten all of them installed, you may as well "wipe & reload".
--
~PA Bear
Andrew Faust wrote:
Do you have an anti-virus application installed and running with up-to-date
definitions? What have you done to conclude the behavior is not due to "a
virus [or] spyware issue"?
Yes. I'd mentioned previously that I had run virus scanning and anit-spyware
software. I guess I should have made it clear that it's the first thing I
installed after device drivers and windows patches. And before you ask, all
the drivers were proper WHQL certified drivers and the Windows patches were
direct from Microsoft's Windows Update site. Additionally, I run ZoneAlarm
Internet Security Suite which includes Firewall (in addition to my hardware
firewall), anti-virus & anti-spyware. I let it keep itself up to date and
leave it's active defense on all the time.
I suppose it's techically possible that a virus got in somewhere during that
tme period and was able to evade ZoneAlarm this entire time. However, if
there are any that can do that then the tenacious little bugger deserves to
win.
Doesn't really matter, though. Splitting the services in to two processes
has stopped the crashing. While I know this isn't recommended it hasn't
caused any noticable problems. I'm switching back to Vista after SP1 so it's
not really woth any more effort than I've already done.
*<Devil's Advocate>*
So the machine is not fully patched at Windows Update?
This definitely isn't a virus of spyware issue.
Do you have an anti-virus application installed and running with up-to-date
definitions? What have you done to conclude the behavior is not due to "a
virus [or] spyware issue"?
Have you done what http://support.microsoft.com/kb/943144 recommends?
I didn't do a repair install. I only ever install fresh with a full format
of the drive.
Ignore the title. Chances are you'll need the fix in KB943144 before you
will be able to get the machine fully patched at Windows Update.
*</Devil's Advocate>*
--
~PA Bear, working offline
Andrew Faust wrote:Did you take care of EVERYTHING on the above webpage
Except for the Windows Update webpage, yes. I have a good hardware
firewall
with SPI and installed XP SP2 which has the software firewall on by
default.
This definitely isn't a virus of spyware issue.
Have you done what http://support.microsoft.com/kb/943144 recommends?
I didn't do a repair install. I only ever install fresh with a full format
of the drive.
I had mentioned previously I was going to start splitting out the services
in the netsvcs host process to find the offender. I decided to do a sort
of
binary search by splitting the services in half and finding which host
crashed, then split that one until I found the issue. However, after
making
the first split the crash stopped occuring.
I split Themes, AudioSrv, Lanmanserver & Lanmanworkstation to a new
netsvcs2
host and haven't had the crash since. Apparently, the interaction of one
of
these with one of the services I left in netsvcs is causing the problem.
I'm
going to start moving services back until the crash shows up again.
BTW, for anyone reading this.
Splitting out the services from svchost is strongly discouraged. Larry
Osterman
(http://blogs.msdn.com/larryosterman/archive/2004/08/16/215328.aspx) makes
it very clear that the services are meant to run under the same process
and
this should only ever be done for debugging purposes. He doesn't explain
how to do it nor will I. If you can't figure out how to do it, you
probably
shouldn't be doing it.
You have the equivalent of a new computer:
Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html
Did you take care of EVERYTHING on the above webpage before otherwise
connecting the machine to the internet (e.g., to browse, check email,
chat,
download other stuff)?
Have you done what http://support.microsoft.com/kb/943144 recommends?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Andrew Faust wrote:Thanks for the reply. I have a high degree of confidence that this isn't
a
virus or spyware related issue. My belief at this point is that it's a
driver issue. Unfortunately, the instance of svchost (netsvcs) hosts
about
20 different processes so it's difficult to figure out which one it is.
I contacted MS tech support, but they weren't very helpful. I spent
hours
on
the phone with the front line tech support people having them
painstakingly
try everything I've already tried. I didn't have the energy to continue
this
process for the additional hours it would take to get passed to the
higher
level of tech support.
At this point I'm going to ensure I have all my important stuff backed
up.
I'll then start splitting out services to separate svchost processes one
at
a time until I find the offendng one. Hopefully that will give me the
info
I
need to find out what's wrong.
You have the equivalent of a new computer:
Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html
Security FAQ & Checklist
http://www.dslreports.com/faq/8463
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Andrew Faust wrote:I reformatted and installed fresh. I have automatic updates turned on
for
critical items and then use Windows Update Website for optional
updates.
Currently Windows Update says there are 0 High, 0 Software and 0
Hardware
updates available to me, so my system is up to date.
Did you do a Repair Install or a format & reinstall?
Is Automatic Updates enabled and is the machine now fully patched at
Windows Update?...
Updates are not installed successfully from Windows Update, from
Microsoft
Update, or by using Automatic Updates after you repair a Windows XP
installation:
http://support.microsoft.com/kb/943144
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Andrew Faust wrote:I recently did a reinstall of Windows XP Pro and ever since svchost
crashes
about 4 times a day. Specifically, it's the netsvcs instance of
svchost.
After the process terminates, I lose all the functionality provided
by
those
services such as audio mixers, themes, network browsing, etc.
However,
I
can
restart all the services manually to get functionality again (or
reboot).
I've tried everything I can think of. I've run Microsoft's Memory
Diagnostic
to ensure my RAM was good. I've installed all the latest windows
updates.
I've virus and spyware scanned my system.
I never had any of these crashes on my previous install of windows.
At this point the only idea I have left is to modify my registry to
make
all
the services run under separate instances of svchost to narrow down
the
specific service that's crashing. However, I've heard that this
causes
all
sorts of other problems so didn't want to pursue this option just
yet.
Any ideas?
Thanks,
Andrew Faust
.
- References:
- Re: SVCHost keeps crashing
- From: PA Bear [MS MVP]
- Re: SVCHost keeps crashing
- From: Andrew Faust
- Re: SVCHost keeps crashing
- From: PA Bear [MS MVP]
- Re: SVCHost keeps crashing
- From: Andrew Faust
- Re: SVCHost keeps crashing
- From: PA Bear [MS MVP]
- Re: SVCHost keeps crashing
- From: Andrew Faust
- Re: SVCHost keeps crashing
- From: PA Bear [MS MVP]
- Re: SVCHost keeps crashing
- From: Andrew Faust
- Re: SVCHost keeps crashing
- Prev by Date: Re: Windows Update Problem
- Next by Date: Re: Ghost in the Machine Greyed out features in Display
- Previous by thread: Re: SVCHost keeps crashing
- Next by thread: Cant login after repair install
- Index(es):
Relevant Pages
|
