Arcade File Downloads Support Forum
Email
Confirm email
Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!
Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

Svchost.exe


Click here to Run a Free Scan for Svchost.exe Related Errors

What is it?
Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:
http://support.microsoft.com/?kbid=314056

More Info
More Info

Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. Fix Svchost.exe Errors: Free Scan

Recommendation: Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings


Svchost.exe is a Windows System File and should be in a system directory. If it is then this application is safe.

Startup DB Entries:
( 1 ) "Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a ""Syswm1i"" directory"
( 2 ) "Added by the BANCBAN-JC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a ""config"" subfolder of the Winnt or Windows folder"
( 3 ) "Added by the BANCBAN-CI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
( 4 ) "Added by the STARTPA-BD TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Common Files folder"
( 5 ) "Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
( 6 ) "Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
( 7 ) "Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"
( 8 ) "Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
( 9 ) "BrowserAid/CashToolbar adware! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
( 10 ) "Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
( 11 ) "Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
( 12 ) "Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
( 13 ) "Added by the JUEGO-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
( 14 ) "Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!"
( 15 ) "Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder"

Disclaimer

Every attempt has been made to ensure the information about Svchost.exe is accurate but alot of malware applications try to pose as valid applications. If it is something other than what was posted above please leave some feedback in the forum.
Printer Friendly

User Comments
AranjayIt's very good for system administartor. Can i get details about complet windows services.

Submit your comment Comments ARE moderated! Please only submit once!

Windows Files
lsass.exe | alg.exe | csrss.exe | Svchost.exe | Spoolsv.exe | wowexec.exe | dwwin.exe | ctfmon.exe | wuauclt.exe | wmiprvse.exe | Winlogon.exe | Smss.exe | msmsgs.exe | cidaemon.exe | rundll32.exe | mdm.exe | ntvdm.exe | ntdll.dll | explorer.exe | msdxm.ocx | wisptis.exe | iexplore.exe | wdfmgr.exe | PDVDServ.exe | gcasdtserv.exe | wscntfy.exe | DLLhost.exe | shdoclc.dll | Winmgmt.exe | cisvc.exe |
Copyright 2003-2009 I Am Not A Geek Inc.
Table 'iamnotageek.files' doesn't exist