We had the "svchost generated errors" messages regulary but when doing a scan using the fixblast tool from symantec, it finds NO virus. Yet after applying win2k sp4 and the patch from Microsoft the problem has gone away. So why was I getting the error even though the tool did not pick up any virus? I did not find any msblast.exe files, nor any registry entries that the virus creates. Also, its interesting that Symantec don't say that the w32.blaster virus causes svchost to crash. So how come everyone is relating this to the virus? How is svchost and the virus linked?? ss

Hi, i too have simalar problem. I have 2 win2k pc networked and this problem started on both the pcs the 3 days ago. I reinstalled 2000 on one of the pc, but of no use. The error occurs after i connect to the internet.It show 'scvhost caused an error and will be shut down', after that some functionality of windows is not available and i cannot disconnect from the internet. Any solution ?

I have exactly the same prob too!An my qn was exactly the same as Allen. I formated my pc and reinstall win2k but the prob still exist. Any help available up to this date?

I don't know all the technical details, but I can say that the company I work for has had multiple infections of remote users who didn't get the Microsoft patch that was pushed out with SMS. Allen, you should definitely download the MSblaster fix tool from Symantec and run it; after it's done scanning (which may or may not find the infection), it will take you to Microsoft's webpage where you can download the patch for the RPC vulnerability that caused the problem in the first place. Good luck! This worm has certainly kept me busy the last couple of days. (Why can't users follow simple instructions to protect themselves?!?!?!?!?!?!)

I have rectified the problem, but my question was that why is the svchost problem linked with the virus when no symptons overlap, i.e. i had the problem bit NO virus on the system. To cure, idealy do the following: 1. Install win2k sp4 2. Apply patch 823980, available from the Microsoft website 3. Download the tool from www.symantec.com and run it to search for the virus and clean it from your system. ss

The worm uses the svchost to send a RPC out to it's parent server, (or someone who's infected), to download via tftp the exe file for the worm it'self. It comes in first through tcp port 139 and calls out through udp port 69, (tftp) to download the actual exe file. You may have only gotten the part that calls out with the rpc, (svchost) and not the downloaded exe, which may explain why the removale tool did not show the worm there. But I could be wrong, the main thing is to fix it and put up a firewall to block all un-used ports, (and I mean ALL unused ports).

I recieve an error message that said svchost perform error and will be shut down by windows and i must restart my computer. When i scan for a virus no virus could be found.What is this please help me.