SVCHost.exe Buffer Overflow Attack

ok so i formated about a week ago because computer keeps getting hammered by somthing no matter what protection i have up and running. last instal lasted about a month before it became unusable and now im a week into this install and im just about ready to format again.

running XP home SP 3.5
switched too CIS this time round coz i was running zonalarm firewall/avg last time and it failed so trying CIS this time round.

with in 1 hour of instal i was getting warngins of a SVChost buffer underun attack, asking if i wished to skip or terminate. i chose to terminate and after CIS wrning is gone. i start to lose system functionality. start menu wont respond. new programs wont open. cant evan access the task manager through control alt delete,

only thing that that works is hitting the restar button or pulling the plug.

also been haveing another problem that is screwing around with my sound card and forceing me to restart also, generic host controler win32 or somthing haveing an error and haveing to close.

this is beyond annoying that after a format and clean install my system is borderiing on unusable in under a week. tell me what you need to track this sumbitch down and il get it.

had 3 further reports of this file attacking my system since posting and had to restart each time, last one was about 2 mins ago. could really do with some help on this…

Are you using a memory stick??

Please follow the advice in the link jay2007tech gave and let us know what you find. Thanks.

no im not useing a memory stick, and both of those programs report no threats. going to need more then generic dribble to get this one as i do have a good knowledge of computers and the fact im evan here asking means that its going to requier more then a basic “download and scan with this noob” response.

First thing I noticed is that you are using SP3.5 for XP. That sounds like you are using one of these installation CD’s that come with SP3 and subsequent updates slipstreamed. That could contain an adapted svchost.exe.

I am not sure whether svchost.exe is a language independent system file.
The SHA1 hash of svchost.exe of my Dutch XP SP3 with all updates is: C9AEF0E56BFF968EDF21C416D5403E9470951DA3.
See attached image for further details.

Also consider submitting it to Virus Total.

[attachment deleted by admin]

with in 1 hour of instal i was getting warngins of a SVChost buffer underun attack, asking if i wished to skip or terminate
1) What file is getting flagged as buffer attack? Take that file and upload it to and see what comes up.
  1. Do you have a older computer?? If so, are you trying to run a graphic-intense game
lso been haveing another problem that is screwing around with my sound card and forceing me to restart also
Maybe a problem with a driver (possible solution) It'll tell you how to reinstall and update drivers
* Update Drivers * Reinstall Drivers * View a Device's Status * Roll Back a Driver * Enable a Device * Disable a Device * Find a Driver's Version Number

P.S. Please remember, It’s always harder to help someone online then in person. So bear with us :slight_smile:

yeah XP is home version, had to manually update to SP 3.5. no system is not old or underpowered. will post DXdiag and other system info shortly. and yeah i understand its hard, used to work as a computer tech a few years ago before i got sick of all the windows stupidity.

System Information

Time of this report: 10/3/2010, 00:38:00
Machine name: K
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp.080413-2111)
Language: English (Regional Setting: English)
System Manufacturer: XFX
System Model: MG-63MI-7159
BIOS: Default System BIOS
Processor: Intel(R) Core™2 Duo CPU E7300 @ 2.66GHz (2 CPUs)
Memory: 2048MB RAM
Page File: 962MB used, 2977MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode

DxDiag Notes

DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Sound Tab 2: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

2010-09-30 10:43:23

BO Alert

svchost.exe tried to execute shellcode as a result of a possible buffer overflow attack

This is typical of a buffer overflow attack. COMODO Defense+ has already isolated svchost.exe from the rest of the system and will keep it isolated unless you skip this alert. However, it is still strongly recommended to terminate this application and contact its vendor for a fix.

try doing sfc /scannow