I am sure all of you have noticed the numerous svchost.exe entries in your task manager. Many of you may have wondered exactly what is svchost.exe?
Svchost stands for Service Host. A service is a program that runs in the background and often provides critical functionalities required for functioning of other applications. During the booting of your computer multiple instances of svchost are created by the Service Control Manager and each of them supports different services (which are arranged into logical groups). Svchost is required for running services that are controlled in dynamic linked libraries (DLL files), since DLL files can’t be executed directly (unlike EXE files).
Unfortunately, the familiarity of svchost.exe had led to many malwares exploiting this service. The simpler category of malwares merely create a fake instance of svchost.exe. This is generally easy to detect. Simply open the task manager and click on the Processes tab. Note the username. If there is a svchost.exe running under your username, it is a virus (malware). In Windows Vista and Windows 7 by default processes belonging to other users are hidden. Hence, you would notice svchost.exe only if it is a malware (assuming that “Show processes from all users” is unchecked).
The task manager only shows basic data and doesn’t reveal exactly what is each svchost.exe is being used for. This is where svchost Viewer comes in. Svchost Viewer displays each instance of svchost.exe separately and lists all the services that are being powered by the selected instance. If you wish to know more about each service you can open the windows Services manager by typing services.msc in Windows Start Menu (Run command box in Windows XP). Here you will find all the services installed in your computer along with their brief description.
If your svchost.exe has been infected by a virus or a trojan then disinfection can be a complicated procedure. The best option would be to install a good antivirus (I would recommend Kaspersky Antivirus for disinfection since it’s rollback mechanism does a great job at cleaning all traces of a malware).
Svchost Viewer is a portable software (requires no installation). It allows an inquisitive user to quickly learn exactly what is going on behind each svchost.exe. This utility can come in handy when dealing with svchost errors or virus (malware infected) svchost.exe. You can obtain the same data using Process Explorer, but Svchost Viewer provides a simpler option for someone who is just interested in learning more about Svchost.exe.
Download Svchost Viewer (14 KB)
Svchost Viewer Website
Platforms Supported : Windows XP/Vista/Seven
License : Free and OpenSource
Version Reviewed : 0.3.0 (beta)
This looks like a nice tool. In the past I have used Process Explorer to look at svchost files. Somewhere in the properties you can see which services or processess are calling svchost I think.
.-= Jonny´s last blog ..Run Ccleaner then Shutdown your Computer Automatically =-.
Yes. It is possible to find out the services that are currently affecting a process using Process Explorer also.
Really nice app.IN my office computer ,a virus keeps creating instances of “svchost” (i think the virus is NewFolder.exe) .IN order to kill it,it’s good to see which process is actually created by the virus. I was earlier used to Process Explorer but that’s overkill for this simple task.
Yeah. Process Explorer is an excellent tool, but if you just want to monitor the svchost.exe this is a simpler solution.
Good post… I for one didn’t really know what these svchost.exe guys were upto… but now I know… well at least sort of.
.-= Animesh´s last blog ..Just a bad day =-.
I am glad that you found it useful 🙂
Svchost is different that scvhost.. I notice there is a difference upon closer examination. The vc or cv in “svchost” is switched. Had this about a year ago. My anti virus or spyware tool did n’t pick it up. CPU shot to 100% so I used process explorer to may be find the leak. But as I looked, I noticed the switch. And low and behold, it was the svchost process causing the CPU memory leak spike. Found Svchost guide helpful too.
.-= Bart´s last undefined ..Response cached until Sun 4 @ 11:52 GMT (Refreshes in 23.93 Hours) =-.
I would also add, there is a great tool to help uncover sneaky little trojan like conflicker. It is free, no cost at ALL. It doesn’t fix the problem it finds, it just lets you know there is one. It’s called svchost process anaylzer.