svchost.exe error

[TomD]

Got a call from a friend of mine running win 2000. Had
svchoste exe error keep coming up. Aware of it's links
with MSBlast et al, advised run virus scanner (TrendMicro
housecall) - why his own(Panda Platinum) missed it I
don't know . This found and removed natchi and MsBlast.
However things still did't improve and error still
occured. Suspect virus still around or reactivated
or.... Not sure if he had MS03-026 installed. Cut long
story short, advised wipe slate clean, reformat and re-
install. Now here's the rub. Clean install on win2000,
no other applications or programs loaded. Load ADSL
software (new, just arrived from IS provider) from CD to
connect to internet. Connect to internet and
bang....svchost.exe error. I can't explain or fathom out
so any advise of what to do next?????????????

TomD

 

[John John]

Did he apply the latest Service Pack/Security fixes BEFORE going on the
internet? Did he make sure he had a firewall BEFORE going on the
internet? Answer no to both of these questions? He probably got
reinfected with MSBlast... again.

John

 

[Wouter]

Got a call from a friend of mine running win 2000. Had
svchoste exe error keep coming up. Aware of it's links
with MSBlast et al, advised run virus scanner (TrendMicro
housecall) - why his own(Panda Platinum) missed it I
don't know . This found and removed natchi and MsBlast.
However things still did't improve and error still
occured. Suspect virus still around or reactivated
or.... Not sure if he had MS03-026 installed. Cut long
story short, advised wipe slate clean, reformat and re-
install. Now here's the rub. Clean install on win2000,
no other applications or programs loaded. Load ADSL
software (new, just arrived from IS provider) from CD to
connect to internet. Connect to internet and
bang....svchost.exe error. I can't explain or fathom out
so any advise of what to do next?????????????

TomD

Tom,
Todays practise must change.
You should no longer connect a clean installed PC to any network
prior to be protected against virusses and worms.
Todays practise should be:
1-Install the PC from the Windows CD
2-Install the applicable Windows Service Pack and most critical
security Hotfixes from CD or USB drive.
3-Install your virus scanner and latest update from CD or USB
drive
4-Install a firewall from CD or USB drive in case the PC has its
own Internet connection (or acivate the XP firewall)
5-Now connect the PC to the network and run Windows Update.
6-Install any other software.

At this moment no what ever Windows Service Pack protects your
PC from Blaster and similar worms.
Also Blaster and similar worms do NOT need any user
intervention, the sneak in your PC within a split second if they
find your unprotected PC.

 

[TomD]

Wouter/John John,

Thanks for both of your inputs. How true you both were.

Contrary to my explicit instructions, friend didn't
install Av/firewall software before connecting to
internet nor installing relevant updates (which I'd
downloaded and burnt to CD for him). So what could he
expect..

I've printed you replies to show him that I don't say
these things for the sake of it and that there is a
purpose in doing things in some form of logical order.

Hopefully this will be a lesson to him

Many thanks

 

[Ozgirl]

Got a call from a friend of mine running win 2000. Had
svchoste exe error keep coming up. Aware of it's links
with MSBlast et al, advised run virus scanner (TrendMicro
housecall) - why his own(Panda Platinum) missed it I
don't know . This found and removed natchi and MsBlast.
However things still did't improve and error still
occured. Suspect virus still around or reactivated
or.... Not sure if he had MS03-026 installed. Cut long
story short, advised wipe slate clean, reformat and re-
install. Now here's the rub. Clean install on win2000,
no other applications or programs loaded. Load ADSL
software (new, just arrived from IS provider) from CD to
connect to internet. Connect to internet and
bang....svchost.exe error. I can't explain or fathom out
so any advise of what to do next?????????????

Big Hole Left Open. Never connect to the internet
after Blaster WITHOUT having
a good firewall in place, with strict internet access
limitations in place.
Panda didn't find it because the worm disabled the
program. Get a copy of Zone Alarm
onto a cd and when you do the procedure all over - e.g.
reformat (which is advisable as you
will never find the entry in your computer that is
disabling Panda) install ZA first and activate it.
Then download all the critical updates. Enable the
virus scanner after that and never ever allow
any program to act as a server. Run ShieldsUP from
http://grc.com to ensure all ports are in stealthed.

The End.

 

[Ozgirl]

Wouter/John John,

Thanks for both of your inputs. How true you both were.

Contrary to my explicit instructions, friend didn't
install Av/firewall software before connecting to
internet nor installing relevant updates (which I'd
downloaded and burnt to CD for him). So what could he
expect..

You actually need to disable virus software while
installing MS updates but
"never leave the firewall off".

I've printed you replies to show him that I don't say
these things for the sake of it and that there is a
purpose in doing things in some form of logical

order.

It takes less than a nanosecond for a port scanning bot
to find an open or reported "closed"
port. They need to be stealthed.

 

[Torgeir Bakken (MVP)]

You actually need to disable virus software while
installing MS updates but
"never leave the firewall off".

Hi

We install security updates and service packs on thousands of computers without
disabling the virus software and it has never cased any problems (NAV CE 7.x
and SAV CE 8.x).

But of course, it is better to be safe than sorry and disable virus software,
but you should *never* do that when online, even if you have a firewall. If you
want to disable the virus software while doing a upgrade, you should download
(but not install) the updates to your local hard disk, and then take the
computer offline and disable the virus software while installing,

 

[Ozgirl]

Hi

We install security updates and service packs on thousands of computers without
disabling the virus software and it has never cased any problems (NAV CE 7.x
and SAV CE 8.x).

But of course, it is better to be safe than sorry and disable virus software,
but you should *never* do that when online, even if you have a firewall. If you
want to disable the virus software while doing a upgrade, you should download
(but not install) the updates to your local hard disk, and then take the
computer offline and disable the virus software while

installing,

Thanks for pointing that out Torgeir.