Svchost.exe – a brief description

Svchost comes from the term “service host”.  It is an essential and required component for Windows 2000, 2003, and XP.  When you start your system, the Svchost application performs like a host in that it checks the registry and creates a list of services that are to be loaded.  This program is integral in that it handles processes that are executed from dynamic link libraries, also referred to as “DLLs”, as well as other services.

Frequently users will see that there are several instances of Svchost.exe running and listed in the Task Manager.  It is common for several instances of Svchost to run simultaneously.  Each instance can be composed of several services grouped together.  This can be beneficial as there is an efficient management of services compared to running each individual service in its own memory space.  However, it can also be problematic.  For example, the user can no longer examine the individual process or service in order to verify its authenticity and its affect on systems performance.

Issues

There has been considerable confusion and frustration related to Svchost especially in the sense that there are a number of instances running at once.  First of all, if you are running Windows 95, 98, or ME and you find an Svchost.exe running on your machine then you most likely have a virus and need to scan and remove it using the proper tools (as mentioned below).

If you want to identify the Svchost process running on your system, you can do the following:

1. Right-click an area on the taskbar and select Task Manager.
2. Select the Process tab.

To display the process identifier number of the process, you can do the following:

1. Select View | View Columns from the toolbar menu.
2. Check the PID (Process Identifier) checkbox.
3. Click OK.

With the process and corresponding PID displayed you can check that there is only one instance of the Svchost running at a time, you can search on a particular process with a corresponding PID, and you can check to see if there are any variations on spelling.  There are harmful “malware” (malicious software”) items that use similar names such as: scvhost.exe, Svchosts.exe, Svchostc.exe, Svchost.exe.bak, and other such variations.  There are at least three known malware items that simulate the Svchost file: W32/Jeefo, W32.Welchia.Worm, and W32.Assarm@mm. In other instances, there could be Svchost files registered by a Trojan that enables access to your computer.  This could result in loss of confidential and personal information including passwords, financial data, and more.

In some situations users will experience performance degradation as these can take up nearly 100% of system resources, application failure, your system rebooting without provocation, and messages relating to the svchost performing an illegal operation.  In these situations, it is likely that your system is infected with malware.

Repairs and solutions

There are a number of best practices that you should follow to prevent malware attacks and to protect normal functioning of your computer.  These include:

1. Registry Cleaning: Perform regular scanning and cleaning of your registry to remove failed & incomplete installations and un-installations, corrupt and obsolete drivers, and remnants remaining from Spyware. We recommend using RegCure Registry Cleaner since it has the highest detection rate and scanning speed in the industry.
2. Anti-spyware protection: install and periodically run anti-spyware software to detect and remove malicious and unwanted items. XoftSpySE AntiSpyware comes highly recommended.
3. Firewall protection: you can prevent hackers from downloading malicious software content by setting up firewall protection.  This will leave you less vulnerable to attacks and prevent you from some items that can re-infect your system.
4. System updates: make sure that you are running the latest service pack and additional patches from Microsoft.
5. Configure your security settings: you can adjust your Internet browsing settings to determine how much web content you are willing to accept when surfing the Internet.
6. Safe surfing: by downloading content from sites that you trust, you can prevent malware form being downloaded in the first place.  Review license agreements, security warnings, and privacy statements before decided to download content.

You can manually remove malware, however many malware items are sophisticated and have either propagated throughout your system or are designed to be evasive and difficult to remove.  Having the proper tools to address malware infections will likely save time and be less risky.  A good anti-spyware tool will have scheduling, quarantine, and backup capabilities.  We recommend an anti-spyware utility such as XoftSpySE that does frequent updates and is capable of thorough scans.