"Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. This process manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry and constructs a list of services that it needs to load.
Under normal conditions, multiple instances of Svchost.exe will be running simultaneously. Each Svchost.exe session can contain a grouping of services, so that many services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
Each value under this key represents a separate Svchost group and appears as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
To view the list of services those are running in Svchost:
- Click Start on the Windows taskbar, and then click Run.
- In the Open box, type CMD, and then press ENTER.
- Type Tasklist /SVC, and then press ENTER.
The svchost.exe file is physically located in the folder C:\Windows\System32. However, one of the most important services organizers can also be used as a driving vehicle and a hiding mechanism for viruses, spyware, Trojans, or worms.
The possible symptoms of the infections are:
- Your system becomes sluggish and you find that something called svchost or dllhost is taking nearly 100% of your CPU.
- Your system reports that svchost has performed an illegal operation and will be terminated. After that, various things fail to work properly, if at all.
- After you log in, your system automatically reboots in one minute.
The approach of hiding dangerous content in svchost is understandable, since you need to have pretty advanced computer skills for its troubleshooting. The free Svchost Process Analyzer free utility is letting anybody analyze and troubleshoot the system in terms of the presence of the dangerous files and processes. The software lists all svchost instances and checks the services they contain. This makes it easy to uncover Svchost worms like the infamous Conficker worm.
- 100% freeware.
- Doesn't require runtimes.
- Doesn't require installation (absolutely portable).
- Doesn't write to the registry.
- Doesn't modify files outside of its own directories.
- Does not contain adware / malware / spyware.
- Small, single executable file, does not require significant computer resources.