I am sure all of you have noticed the numerous svchost.exe entries in your task manager. Many of you may have wondered exactly what is svchost.exe?
Svchost stands for Service Host. A service is a program that runs in the background and often provides critical functionalities required for functioning of other applications. During the booting of your computer multiple instances of svchost are created by the Service Control Manager and each of them supports different services (which are arranged into logical groups). Svchost is required for running services that are controlled in dynamic linked libraries (DLL files), since DLL files can’t be executed directly (unlike EXE files).
Unfortunately, the familiarity of svchost.exe had led to many malwares exploiting this service. The simpler category of malwares merely create a fake instance of svchost.exe. This is generally easy to detect. Simply open the task manager and click on the Processes tab. Note the username. If there is a svchost.exe running under your username, it is a virus (malware). In Windows Vista and Windows 7 by default processes belonging to other users are hidden. Hence, you would notice svchost.exe only if it is a malware (assuming that “Show processes from all users” is unchecked).
The task manager only shows basic data and doesn’t reveal exactly what is each svchost.exe is being used for. This is where svchost Viewer comes in. Svchost Viewer displays each instance of svchost.exe separately and lists all the services that are being powered by the selected instance. If you wish to know more about each service you can open the windows Services manager by typing services.msc in Windows Start Menu (Run command box in Windows XP). Here you will find all the services installed in your computer along with their brief description.
If your svchost.exe has been infected by a virus or a trojan then disinfection can be a complicated procedure. The best option would be to install a good antivirus (I would recommend Kaspersky Antivirus for disinfection since it’s rollback mechanism does a great job at cleaning all traces of a malware).
Svchost Viewer is a portable software (requires no installation). It allows an inquisitive user to quickly learn exactly what is going on behind each svchost.exe. This utility can come in handy when dealing with svchost errors or virus (malware infected) svchost.exe. You can obtain the same data using Process Explorer, but Svchost Viewer provides a simpler option for someone who is just interested in learning more about Svchost.exe.