svchost.exe?

[Ari]

My Outlook Express just came up with

[ QUOTE ]

svchorst.exe has generated errors and will be closed by windows. You will need to restart program

[/ QUOTE ]

Did it earlier too...

WTF does that mean, should I be worried....???

[Riz]

Oh dear you might have been hacked too..... see IT forum

[A3ndy]

It happened to me yesterday too. This is caused by a recent RPC exploit that microsoft has actually owned up to.. This problem can be solved by a quick patch and reboot.. THIS EXPLOIT AFFECTS ALL MICROSOFT OPERATING SYSTEMS THAT CAME OUT AFTER WINDOWS ME. (and windows 2000, even tho it came out prior to ME) so.. that includes, some versions of NT, win2K, winXP home and pro and gold and 2003..

You might wish to get yourself a firewall too.

The fix for this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;823980

[Ari]

Getting other error messages now, error opening message, can't reply to a mail cos "insufficient space" etc.

You don't think I've got a virus do you...??

[TonyD]

Yep, you have. See my post "Can any IT bods help with this please"

Sorry dude.

[Hopsta]

Ari, how much free space do you have on your HDD ?

[Ari]

12.3GB (of 19GB total).

Word keeps coming up with "This document could not be registered etc etc" whenever I open a document too...

Getting very worried...

[Ari]

Who the hell creates these viruses, and why...!!???

[Hants_Cruiser_UK]

Because I can

Sorry, couldn't resist

[Gren]

Just got the same error message and the Powerpoint stopped working properly. Switched off laptop and now seems okay but when looking in programs running scvhost.exe is there.

Have reported it to our helpdesk. Will keep you posted.

[MarkW]

Details of the virus and how to remove it can be found here;

http://www.f-secure.com/v-descs/msblast.shtml

Mark

[jem2768]

Much as it's nice to worry people unduly before anyone panics TOO much... svchost is a perfectly normal file to be running on a windows box!

I'm most certainly uninfected (errr or was this morning) and don't have msblast.exe but do have a couple of svchost's running.

See here!

I've noticed that an instance seems to start up alongside every COM+ or DCOM server object that's running on your box... though I'm sure that helps noone

[Gabster]

Yeah had it to today.

Its rampant there is a piece of softwre you can get from www.sophos.com to eliminate the W32 Blaster virus then you need the Microsoft patch listed above. Sorry to say I have now had to put my firewall back in place and my Sophos anti virus.Booooooo!!!!

[Blaa]

This fixed the problem for me...

Download this patch from MS: svchot.exe patch

Hope it helps..

Edit - URL fixed

[Mac]

Don't mean to bore you non - techys, but this security hole was *huge* and its lucky its been exploited with a virus with minimal payload.

To put it into perspective you can put code into a system that runs in privileged mode, I.e. access to bloody everything. If te guy who wrote this code was malicious instead of shutting down your pc he could have quite easily f*cked the data for ya instead.

[s4dreamer]

[ QUOTE ]

To put it into perspective you can put code into a system that runs in privileged mode, I.e. access to bloody everything. If te guy who wrote this code was malicious instead of shutting down your pc he could have quite easily f*cked the data for ya instead.

[/ QUOTE ]

I'm sure it's only a matter of time, and I really wish someone would do this to make more people sit up and notice that security is not something that you can take for granted. By people, I mean manufacturers, techies and non-technical users - all have a role to play in security.

Oh, and besides that it'd give M$FT a fecking big headache too

[Colin M]

Virus writing as well as spam are the scourge of the internet these days. I wish ISP's would club together and go on a witch hunt. I reckon there are probably a maximum of 50-100 people in the world that are up to this and a few high profile beheadings would soon bring it to a halt (look at the Kazaa writs as an example).

If I physically broke into a firm and damaged something cost them the same amount as even spam alone does, I could expect a custodial sentence. About time MS and ISP's got on top of this instead of turning their blind eye.

[Mac]

Yeah too true. One of the problems though with having a very flexible operating system though is lack of restriction isn't it? People don't help themselves!!

Having your normal user as an admin for example on your own machine - a simple thing but if malicious code gets run you run it as an admin and therefore it can do far more damage.

Now the other option is to lock down what users cna do with their machines, I.e. remove items that can prove malicious, but doing this removes some flexibility

[Drillslinger]

Try a Defrag Dude

[s4dreamer]

[ QUOTE ]

Having your normal user as an admin for example on your own machine - a simple thing but if malicious code gets run you run it as an admin and therefore it can do far more damage.

Now the other option is to lock down what users cna do with their machines, I.e. remove items that can prove malicious, but doing this removes some flexibility

[/ QUOTE ]

Or perhaps have more than one level of user on the system - admin that owns all of the binaries etc and normal users who can't change files that aren't owned by them. Obviously this is a bit too complicated for M$FT though, or perhaps they think that it is too complicated an arrangement for non-techies to understand (they may be right, but that shouldn't stop them figuring out a way to fix the issue).

I know Unix (Linux) isn't without its problems, but it does have reasonable protection against stupid virii built in.

[Ari]

[ QUOTE ]

Try a Defrag Dude

[/ QUOTE ]

[Mac]

On most of the systems I implement I use code lock down such as AppSense. Basically this works on the idea of trusted ownership. You decide which groups are allowed to own apps that users can run, and if a user tries to run an app that isn't 'owned' by that trusted owner then they can't run it.

Works well

[s4dreamer]

Is it worth using on XP at home then Mac, or is it only really suitable for commercial PC use ?

Does it prevent users from "accidentally" overwriting system binaries by reading infected mail (for example) ?

[Mac]

I was more talking about the AppSense range of products for commercial use - more often then not in thin client (Ie Citrix/Terminal Services environments).

As to using XP at home, I think there's very few other options except maybe 2000 Professional. Depends on what you use it for though doesn't it? I've heard 98/ME are better for games, but I don't play games on there so I prefer the stability and security of 2k and XP.

XP is vastly more secure than any 9x or ME based system. With a little bit of knowledge you can secure it quite well.

[Mac]

[ QUOTE ]

Does it prevent users from "accidentally" overwriting system binaries by reading infected mail (for example) ?

[/ QUOTE ]

Sorry missed this bit

It does protect against this *a bit* but not very well IMHO. You should protect every entry and exit point on your PC - decent *updated* anti virus and a decent *updated* & *well configured* firewall.

I don't think the default Windows firewall is worth the effort as its not difficult to get around at all - whereas something like Zone alarm or the McAfee products are pretty secure. Ok they're not quite Firewall-1 but they're pretty good for your average user.