SVCHOST.EXE buffer overflow

Discussion in 'other anti-trojan software' started by WilliamP, Sep 12, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Twice I have returned to my computer and Prevx had a winow popped up saying SVCHOST-EXE caused a buffer overflow. The parent path services.exe. The first time this happened Process Guard was messed up also. Had to reinstall PG. This time the sound was gone and the color of the task bar was changed. Rebooted and now it is ok. Both times the computer was on but wasn't being used. Anyone have any ideas?
     

    Attached Files:

  2. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    hi William, did you send the alert details to prevx and see what they have to say.
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Yes I did . Also I E Mailed support. Hopefully I will hear something from them. The first time I thought PG may have caused the problem. Today PG was fine. I'm glad of that. I sent the first incident to Prevx and didn't hear anything.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Still haven't heard from Prevx.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi William, take a look here

    I had the same and similar errors, with me it ended up being a conflict between Nod32 and System Safety Monitor...

    Hope this helps...

    Cheers :D
     
  6. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How can I determine what is causing this? What doesn't make sense to me is that both times it happened no one was using the computer.
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Still haven't heard from Prevx . I'm not running SSM. Not since PG.
     
  8. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    Are we any closer to knowing why this might have happened? I got the same alert from Prevx a couple of days ago, happened the moment I went online. XP Home with SP1, ZA free 4.5.594, other resident protection NOD32 2.12.2 and TeaTimer.
     
    Last edited: Oct 2, 2004
  9. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    the problem with svchost is that you nearly always have several instances of it (for several services it's "hosting") and you don't know what you're dealing with. Maybe you could use dcs' cmdline to have a list of which svchost.exe (then identifiable by its PID) is associated with which service. Then, when you get the PrevX msg again, you can use the specified PID and your list to find out which service has caused the msg. (Of course you'd have to take a new list in every session, since there'll be new PIDs. And then wait for it to crash.)

    Just an idea,
    Andreas
     
  10. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    The next time it happens I'm going to Process Explorer to try to find out why. When it does happen it starts using up all the CPU and slows the computer to a crawl .I can reboot and then it's ok. Never heard anything from Prevx.
     
Thread Status:
Not open for further replies.