Next Generation Emulation banner
1 - 10 of 10 Posts

·
The Hunter
Joined
·
15,879 Posts
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. Note: svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a registered security risk and should be removed immediately. Please see additional details regarding this process
If you want to know more, you can just enter ' svchost.exe ' in google and check the results :)
(that's how I got this information ;))
 

·
Premium Member
Joined
·
3,093 Posts
And this would never belong in open discussion, it's more like software you know.
 

·
Registered
Joined
·
209 Posts
It depends on the amount of services you have started, those set as automatic usually is started automatically with windows, some might also start when performing various tasks such as changing network settings, messing with disk management etc..

Each copy of svchost actually handles multiple services.
If you check the properties of for example Workstation (c.panel->admin.tools->services) you can see that it runs:
svchost.exe -k netsvcs

But also Server runs with the same parameter. Now if you run> regedit.exe

and go here:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\

You'll find an entry for netsvcs listing all the services it handles. If you have a better task manager you could see the full path to svchost.exe and the parameter it's running with, like with this one: http://www.lentoman.net/temp/tasks.gif

The conclusion is that it's okay to have multiple svchost.exe running as long as the path is the same and it resides in the system32 folder, if its not located in the system32 folder it could be a virus. Of course the original svchost.exe could be infected or replaced aswell, but it's less likely as it's a complicated task to do.

Also there are other services that doesn't use svchost.exe but that's another story...
 
1 - 10 of 10 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top