Endpoint Protection

 View Only
  • 1.  Services failing, server issue, error messages

    Posted Jul 03, 2014 08:35 AM

    Everything I am coming across is point to infected files. About 12 services up and stop, making user shares inaccessible. I keep coming across this in the event log. I am running a full SEP scan at the moment. This machine was once infected with DownAdup and I have cleaned that in the past.

    The more I research online the more I see things like run this patch and that patch, but they are already installed  "MS08-067" is installed. As are others.

    Not sure if this is related but every time I attempt to install any Windows updates It starts but then never completes.

     

    Event Type: Error
    Event Source: Application Error
    Event Category: (100)
    Event ID: 1000
    Date:  7/3/2014
    Time:  7:25:20 AM
    User:  N/A
    Computer: errr
    Description:


    Faulting application svchost.exe, version 5.2.3790.3959, faulting module shell32.dll, version 6.0.3790.4184, fault address 0x0014e84e.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. <-- This offered NO help!!!
    Data:
    0000: 41 70 70 6c 69 63 61 74   Applicat
    0008: 69 6f 6e 20 46 61 69 6c   ion Fail
    0010: 75 72 65 20 20 73 76 63   ure  svc
    0018: 68 6f 73 74 2e 65 78 65   host.exe
    0020: 20 35 2e 32 2e 33 37 39    5.2.379
    0028: 30 2e 33 39 35 39 20 69   0.3959 i
    0030: 6e 20 73 68 65 6c 6c 33   n shell3
    0038: 32 2e 64 6c 6c 20 36 2e   2.dll 6.
    0040: 30 2e 33 37 39 30 2e 34   0.3790.4
    0048: 31 38 34 20 61 74 20 6f   184 at o
    0050: 66 66 73 65 74 20 30 30   ffset 00
    0058: 31 34 65 38 34 65         14e84e 



  • 2.  RE: Services failing, server issue, error messages

    Posted Jul 03, 2014 08:40 AM

    NPE won't work because I cannot update my .Net on this server. I am of the mind the Internet Explorer is compromised and that is why the updates continue to fail.



  • 3.  RE: Services failing, server issue, error messages
    Best Answer

    Posted Jul 03, 2014 08:54 AM

    You can run Symhelp tool without.net

    Running SymHelp Without .NET

    Article:TECH207646 | Created: 2013-06-25 | Updated: 2014-04-18 | Article URL http://www.symantec.com/docs/TECH207646


  • 4.  RE: Services failing, server issue, error messages

    Posted Jul 03, 2014 09:01 AM

    I did try that but it says to run with reduced functionality. I will give it another whirl...



  • 5.  RE: Services failing, server issue, error messages

    Posted Jul 03, 2014 09:49 AM
      |   view attached

    Here is what the scan yielded.



  • 6.  RE: Services failing, server issue, error messages



  • 7.  RE: Services failing, server issue, error messages

    Posted Jul 03, 2014 10:49 AM

    I did, as well as opened a case. Thank you. I will tell Jaws to back off. :-)



  • 8.  RE: Services failing, server issue, error messages

    Posted Jul 03, 2014 01:40 PM

    All the listed files are legitimate as well.