svchost.exe information

Information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Microsoft Corporation to which they should belong. svchost.exe security and file info Generic Host Process for Win32 Services - Microsoft® Windows® Operating System - Microsoft Corporation Filetype : executable An executable file is a program that can be executed in your windows environment. Why is svchost.exe running on my computer? You are probably on this page because you noticed that there are multiple svchost.exe processes running on your computer and you can't remember installing or starting them. The screenshot below is a typical example of a taskmanager opened on a Windows XP computer (the other running processes are stripped out in this image) As you can see the process is running under the user name SYSTEM, NETWORK SERVICE or LOCAL SERVICE Where do all these processes come from? This is the Microsoft definition: Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). Microsoft decided instead of creating a separate executable file for each service that start in windows they will create different .dll files and let the process svchost.exe host them all. Basicly this means that svchost starts and it loads all the needed dll files from the services needed. So now we know that the legit svchost.exe hosts services, but how do we see them? Open the command prompt and type the command : Tasklist /SVC and press enter (not available in windows XP home edition) Tasklist will show a list of all running programs (much like taskmanager) but the /svc will also show the loaded services for this task. In the screenshot below you can see which services are active on a typical Windows XP machine (DcomLaunch, TermService, RpcSs, AudioSrv, CryptSvc, Dhcp, ERSvc, EventSystem, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, seclogon, SENS, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, winmgmt, WZCSVC, Dnscache, LmHosts, SSDPSRV, upnphost, WebClient) Notice that the service "Alerter" is not running. An example service from the registry : Alerter service. Alerter : Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. As you can see in the imagepath the file loaded is actually %systemroot%\system32\svchost.exe with an additional parameter : "-k LocalService" The start value of "4" means that this service is disabled (that's why it didn't show up in the services list using tasklist.exe) Dangers of svchost Because svchost is running on all windows computers it's an easy target for malware and virus writers to "mimic" their malware as a legitimate version of svchost.exe. These fake files can be recognised because there are mostly not located in the %SystemRoot%\System32 folder (or they have typo's in them such as svch0st.exe, scvhost.exe,...) Possible error for this file: Application error, the application has generated errors and will be closed by windows Our recommendation:  Click here to run a FREE Scan for SVCHOST.EXE related errors

MD5 File security rating

A MD5 hash is a unique fingerprint of a file. Different files/versions can have the same filenames. The MD5 hash verifies that the legitimate file is not altered. Runscanner (Freeware) can help you checking the file's MD5 hashes Svchost.exe files in Runscanner database   528 different item(s) in database   1 different item(s) in database   3 different item(s) in database   163 different item(s) in database Green items are verified safe to use Unrated items are not yet checked for safety. Red items are not safe (typically virusses, spyware or other malware) This file is digitally signed by it's publisher. This means that the file is from the company claiming to created it, this does not mean by default that the file is safe

General file info

Product name:  Microsoft® Windows® Operating System Description:  Generic Host Process for Win32 Services Company:  Microsoft Corporation Fix SVCHOST.EXE errors:  Free registry scan

Pacman startup database

Very often added by spyware and virusses: 007 Spy Software - stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP ElfSpy keystroke logger/monitoring program InlookExpress logs keystrokes and captures screenshots Realtime-Spy keystroke logger/monitoring program StingKeyLogger keystroke logger/monitoring program Added by a variant of the SDBOT WORM! ! This file is located in the "temp" folder Added by a variant of the WORM_SOCKS.D WORM! This file is located in a "driver" sub-folder Added by a variant of the LOVGATE WORM! Added by a variant of the DELF.IT TROJAN, IRCBOT TROJAN,MORB, TARNO, ADCLICK-AG, AGENT.H, AGENT-FPL, ... and many many others Note - this should not be confused with the svchost.exe system process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder! info provided by sysinfo.org