Re: Constant svchost.exe application errors
From: Chuck (none_at_example.net)
Date: 09/26/04
- Next message: Lou Ramsey: "Re: Bunjee Love"
- Previous message: pjay: "RPC Server Not Going -"
- In reply to: Cyndee Meystel: "Constant svchost.exe application errors"
- Next in thread: Cyndee Meystel: "Re: Constant svchost.exe application errors"
- Reply: Cyndee Meystel: "Re: Constant svchost.exe application errors"
- Messages sorted by: [ date ] [ thread ]
Date: 26 Sep 2004 13:41:06 -0500
On Sun, 26 Sep 2004 17:31:44 GMT, "Cyndee Meystel" <*email_address_deleted*>
wrote:
>I have 2 computers network through a NetGear router with Earthlink DSL.
>Every time I loaded IE (or anything else that access the web) both computers
>get constant SVCHOST.Exe application errors. The text of the message on one
>system is:
>"The instruction at "0x009a96bc" referenced memory at "0x0000000". The
>memory could not be "written".
>
>On the other system it is:
>"The instruction at "0x00ab96bc" referenced memory at "0x0000000". The
>memory could not be "written".
>
>Someone suggest that:
>"With IE closed, right click the IE icon on the desktop and select
>Properties. In the window that opens, click the Advanced tab and scroll down
>to where it shows "Enable third party browser extensions (requires
>restart)". Is that checked. if so, uncheck it and click Ok to close the
>window."
>
>After unchecking "enable third party browser extensions" the problem is
>better and I am not getting the error when accessing the web using a link or
>a favorite, but I get it when typing in an address in the address bar, and I
>also see that I get this error when not accessing the web in any way, but
>accessing a network place (from one computer to the other) or My Computer.
>
>These are WindowsXP systems (one is professional and one is home) fully
>patched through SP2. I just ran Ad-Aware with updated definitions and all it
>found were some tracking cookies (which I've removed). I've got Norton Anti
>Virus 2004 with current virus definitions and ran a full system scan on both
>systems and they were clean. These systems are connected with a router and
>Norton Internet Security with its firewall is also running. I have also
>tried turning all of that off, but it didn't make a difference.
>
>I have done extensive searches looking for solutions to this problem and
>they all point to a worm or virus, but none of my scans show any of those.
>
>Does anyone have any idea what else to look for and how to cure this? I am
>at the end of my rope over this and don't know what to do.
Cyndee,
AdAware and Norton AntiVirus are not the only security tools that you should be
using. Some will say not even the best choices.
Try one or more of these free online virus scans, which should complement your
protection by NAV:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.
Start by downloading each of the following additional free tools:
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.majorgeeks.com/download4113.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.
Next, run AdAware again. First update it ("Check for updates now"), configure
for full scan (<http://www.lavahelp.com/howto/fullscan/>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the other
layers regularly, look for things that don't belong, and take action when
necessary.
And Cyndee, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Lou Ramsey: "Re: Bunjee Love"
- Previous message: pjay: "RPC Server Not Going -"
- In reply to: Cyndee Meystel: "Constant svchost.exe application errors"
- Next in thread: Cyndee Meystel: "Re: Constant svchost.exe application errors"
- Reply: Cyndee Meystel: "Re: Constant svchost.exe application errors"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
