Next Generation Emulation banner

1 - 10 of 10 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter #1
What is svchost.exe used for?
What's that?
Is it a trojan?
If it is, how to remove it?

How about scvhost.exe?
 

·
The Hunter
Joined
·
15,879 Posts
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a registered security risk and should be removed immediately. Please see additional details regarding this process
If you want to know more, you can just enter ' svchost.exe ' in google and check the results :)
(that's how I got this information ;))
 

·
Premium Member
Joined
·
3,093 Posts
And this would never belong in open discussion, it's more like software you know.
 

·
Registered
Joined
·
84 Posts
I would say bloodveins of yer desktop performance myself ;)

try that " Name that task " site for all other proccesses you ain't familiar with.
 

·
Registered
Joined
·
209 Posts
It depends on the amount of services you have started, those set as automatic usually is started automatically with windows, some might also start when performing various tasks such as changing network settings, messing with disk management etc..

Each copy of svchost actually handles multiple services.
If you check the properties of for example Workstation (c.panel->admin.tools->services) you can see that it runs:
svchost.exe -k netsvcs

But also Server runs with the same parameter. Now if you run> regedit.exe

and go here:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\

You'll find an entry for netsvcs listing all the services it handles. If you have a better task manager you could see the full path to svchost.exe and the parameter it's running with, like with this one: http://www.lentoman.net/temp/tasks.gif

The conclusion is that it's okay to have multiple svchost.exe running as long as the path is the same and it resides in the system32 folder, if its not located in the system32 folder it could be a virus. Of course the original svchost.exe could be infected or replaced aswell, but it's less likely as it's a complicated task to do.

Also there are other services that doesn't use svchost.exe but that's another story...
 

·
Registered
Joined
·
1,447 Posts
as many as need to run the programs your running, usually I have between 4-8 running at one time, so you should be good. Always ALWAYS have a virus scanner running just in case :)
 

·
Registered
Joined
·
17 Posts
Discussion Starter #9
svchost.exe is not the same with the scvhost.exe (see how the spelling)
which one is worm?
now in my desktop, it's several svchost.exe running, it's not scvhost.exe.
 
1 - 10 of 10 Posts
Top