know the svchost.exe file in windows

Posted by cikul | Posted in Technology | Posted on 28-10-2011-05-2008

0

When our windows operating system was slow, sometimes we assume it is a virus, especially when we check in task manager there are process that appears many times with high resource consuming.

One of the files that we often suspect as the virus is svchost.exe file, this file sometimes appears very much in the process of our PC’s memory, and many viruses disguise themselves by giving its name svchost.exe, but what is svchost.exe process? and how to distinguish a genuine svchost.exe process or a virus?

In the Windows NT family of operating systems (Windows XP, Windows 2003, Windows Vista, etc.) svchost.exe (Service Host) is a system process that hosts some services in windows. File %SystemRoot%\System32\svchost.exe can run in multiple processes at once, and each process handles one or more processes.

SvcHost Security
Because the process svchost.exe is used in general, then some malware exploit making the process named svchost.exe to disguise the process. Some malware also inject dll into the svchost original, for example Win32/Conflicker worm.

To distinguish between the svchost.exe is a virus or not able to use the following ways:

  • Download svchost viewer freeware (Indonesian) from: http://filecheck.web.id/freeware/svchostviewer.html
  • The program can be run directly without installing and running the automatic scan (completed in a few seconds)
  • Check the scan results carefully, click the svchost.exe to see the service / service contained in the svchost.exe in question that appear in the table below
  • Double-click to view the properties of the svchost.exe in question
  • Look on the General tab for the Location and Size. Look for suspicious program based on the information provided.

svchost.exe is located in the folder C: \ Windows \ System32. File sizes on Windows XP is known to 14.336 bytes (87% of all occurrence) …
If svchost.exe is located in the folder C:\Windows then the security rating is 70% dangerous …

See also the Details tab if there are any suspicious information.

SUSPICIOUS SVCHOST.EXE

  • Match the ID svchost.exe with ID found on the Windows Task Manager -> Services (see the PID column)
  • Right-click on the relevant service in the Task Manager and select Stop Service
  • To disable it permanently, click the Services button … (can also be accessed through Run -> services.msc)
  • Find a Name Service Description Service is the same as in Task Manager earlier.
  • Double click the service, the contents of the field “Startup type” to “Disabled”
  • Apply and Restart
  • If there is a suspicious service (in the table below), you can immediately perform step 2 by matching the name and description of its service

 

 

Share and Enjoy

Write a comment

*