Copyright © 1999 - 2006, Sandra Hardmeier, All
Rights Reserved Worldwide
Last updated 20/08/2006
Generic Host Process for Win32 Services has encountered a
problem and needs to close
Svchost.exe has generated errors and will be closed by Windows
This shutdown was initiated by NT AUTHORITY/SYSTEM
Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly
Computer reboots over and over
error "svchost.exe has generated errors and will be closed by Windows" can be
caused by the Aventail Connect Client and Bearshare:
error message can also occur if Novell GroupWise is installed on the problem
computer, and the gwtps1.dll file is dated earlier than July 2000:
Or if you do not
disconnect from a phone call before you restart your computer:
NOTE: The error "this shutdown was initiated by NT AUTHORITY/SYSTEM is not unique to Blaster infection:
Original "blaster" worm:
Win32.Poza infection... also known as W32.BlasterWorm and W32/Lovsan worm. More info at the "Internet Storm Centre"
It can be very hard to get rid of... advice can be found at the following links. The owners of the sites are updating as often as they can. Kellys-Korner has a script that is being constantly updated to try and keep with the the new varieties and problems as they appear.
http://www.kellys-korner-xp.com/xp_tweaks.htm (257 = PRC worm; 258 = w32.randex.e worm)
Worm removal scripts:
Microsoft's page (regularly updated):
Microsoft has issued a new patch addressing the original Blaster vulnerability and three newly discovered vulnerabilities. Download and install the new patch as soon as possible, even if you installed the original "Blaster" patch:
KB Article: Virus Alert about the Blaster Worm and its variants:
KB Article: Virus Alert about the Nachi work:
The related Technet article is at the URL below:
Screen shots of the original virus in action are here:
Important Information on Win32.Poza
Do you have a firewall? If not, why not? ZoneAlarm is free and XP has a built in firewall (not perfect, but better than nothing).
WARNING - WIN98 AND WIN.ME SYSTEMS NOW AFFECTED BY VARIATION ON THE THEME
Files created - nstask32.exe; winlogin.exe; win32sockdrv.dll; yuetyutr.dll. Preliminary information available here:
Stop the rebooting
Start, run - services.msc
Right click RPC (Remote Procedure Call), choose 'properties' (or just double click the entry). Go to Recovery tab.
Change to 'restart SERVICE'.
[penis32.exe; teekids.exe; win32.poza; w32.blasterworm; w32/Lovsan; ntask32.exe; winlogin.exe; win32sockdrv.dll; yuetyutr.dll; nstask32.exe; winlogin.exe; irc-bbot; worm_rpcsdbot.a; w32.randex.e; dcom rpc vulnerability; lovesan; msblast.exe; root32.exe; wuaumgr.exe (w32.spybot.worm) sometimes loaded; can't run task manager;