Copyright 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

Generic Host Process for Win32 Services has encountered a problem and needs to close
Svchost.exe has generated errors and will be closed by Windows
This shutdown was initiated by NT AUTHORITY/SYSTEM
Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly

Computer reboots over and over


NOTE: The error "svchost.exe has generated errors and will be closed by Windows" can be caused by the Aventail Connect Client and Bearshare:;EN-US;Q259275;EN-US;Q308712;EN-US;Q321024


The svchost.exe error message can also occur if Novell GroupWise is installed on the problem computer, and the gwtps1.dll file is dated earlier than July 2000:;EN-US;Q319161


Or if you do not disconnect from a phone call before you restart your computer:;EN-US;Q278718


NOTE: The error "this shutdown was initiated by NT AUTHORITY/SYSTEM is not unique to Blaster infection:;EN-US;Q318447;EN-US;Q318650


Original "blaster" worm:

Win32.Poza infection... also known as W32.BlasterWorm and W32/Lovsan worm.  More info at the "Internet Storm Centre"


It can be very hard to get rid of... advice can be found at the following links. The owners of the sites are updating as often as they can. Kellys-Korner has a script that is being constantly updated to try and keep with the the new varieties and problems as they appear. (257 = PRC worm; 258 = w32.randex.e worm)


Worm removal scripts:


Microsoft's page (regularly updated):


Microsoft has issued a new patch addressing the original Blaster vulnerability and three newly discovered vulnerabilities. Download and install the new patch as soon as possible, even if you installed the original "Blaster" patch:;en-us;824146


KB Article: Virus Alert about the Blaster Worm and its variants:;EN-US;Q826955

KB Article: Virus Alert about the Nachi work:;EN-US;Q826234


The related Technet article is at the URL below:


Screen shots of the original virus in action are here:

Important Information on Win32.Poza


Do you have a firewall?  If not, why not? ZoneAlarm is free and XP has a built in firewall (not perfect, but better than nothing).



Files created - nstask32.exe; winlogin.exe; win32sockdrv.dll; yuetyutr.dll.  Preliminary information available here:


Stop the rebooting

Start, run - services.msc

Right click RPC (Remote Procedure Call), choose 'properties' (or just double click the entry). Go to Recovery tab.

Change to 'restart SERVICE'.


[penis32.exe; teekids.exe; win32.poza; w32.blasterworm; w32/Lovsan; ntask32.exe; winlogin.exe; win32sockdrv.dll; yuetyutr.dll; nstask32.exe; winlogin.exe; irc-bbot; worm_rpcsdbot.a; w32.randex.e; dcom rpc vulnerability; lovesan; msblast.exe; root32.exe; wuaumgr.exe (w32.spybot.worm) sometimes loaded; can't run task manager;