Signature error

JMVCA

New member
I got this error signature on my computer running Windows xp SP2. Does any one know what is it and how to fix it please?

"Generic Host Process for Win 32 Services
Error Signature--------------------------
szAppName: svchost.exe
szAppVer: 5.1.2600.2180
szModName: msxml3.dll
szModVer: 8.70.1113.0
offset: 00005be4
-----------------------
Reporting details:
This error report includes: information regarding the condition of Generic Host Process for Win32 Services when the problem occurred, the operating system version and computer hardware in use, and the IP address of your computer.


Error report contents:
The following files will be in included in this error report
C:\DOCUME~1\HP_ADM~LOCALS~1\Temp\wer7e5a.dir00\svchost.ex.mdmp
C:\DOCUME~1\HP_ADM~LOCALS~1\Temp\wer7e5a.dir00\appcompat.txt


Thanks
 

Rumas

Administrator
Staff member
It looks like you may have been or attempted to be infected with the blaster worm virus.

The WM32 Blaster/Lovsan worm attempts to infect both Windows 2000 and Windows XP systems. One of the functions used by the worm must be different for each of these operating systems, in order for it to infect the operating system.

Since the worm does not know what operating system the target machine is running, it guesses. There is about a 80% chance it will attempt to infect Windows XP, and a 20% chance it will attempt to infect Windows 2000.

If the worm guesses incorrectly and the remote machine is vulnerable, the process svchost.exe on the target machine will crash. The system may become unstable, but the infection will fail.
When svchost.exe crashes, a message like this may appear on Windows XP:

"Generic Host Process for Win32 Services" error report...
When svchost.exe crashes, Windows may create memory dumps of the process. These files are usually called user.dmp, svchost.exe.hdmp, or svchost.exe.mdmp.
Because these files contain the exploit code that caused the crash, they may be detected as DcomRpc.exploit or MS03-026 Exploit.Trojan. These files are harmless, and can safely be deleted.
However, the existence of these files indicates that the system is vulnerable and may still need to be patched.

So the first question would be, have you got all the latest Windows updates and patches from Microsoft?, If not you need to update your system and keep the Automatic Windows Updates turned on.

Run This http://securityresponse.symantec.com/avcenter/FixBlast.exe Blaster removal tool before attempting to delete any temp files otherwise you will be running round in circles. It may or may not detect anything but run it anyway. Then delete all your temp files.

If that fails, try these steps:

1) The first thing I recommend you do is scan adware, spyware and viruses. If you don't have an antivirus I recommend installing a free one, like Avast or AVG, or else scan your computer online with the TrendMicro online scanner.

2) Click start then run and type in %temp% press enter and see if it helps, I doubt it will let you delete the files if it's a virus.

3) Another thing you could try is download a trial version of TuneUp Utilities and fix any errors found.

4) Click start, then run and enter msconfig press enter. Go to the Startup tab and uncheck the entry which has no data, there may not be one.

5) The last more complicated solution is to repair Windows with the Windows setup CD.

Post back and let us know the results so we can advise you further if necessary.
 
Top