Disable or stop related services. Reasons why the system is loaded by the svchost process
Article updated 12/09/2011
Symptoms:
Your computer suddenly began to freeze and slow down the system. At the same time, you have an antivirus with the latest antivirus databases. Click Ctrl+Alt+Delete and click on the tab Processes. You will see a list of all processes that are running in this moment; at the same time, you will see that one of the processes is consuming a lot of computer resources (although you are not currently using any programs). Here you will see a certain process svchost(there will be several processes with the same name, but you need exactly the one that loads the system at 100%).
Solution:
1) First of all, try simply restarting your computer.
2) If after a reboot this process continues to load the system, then right-click on the process and, in the list that opens, select End process tree. Then restart your computer.
3) If the first two methods did not help you, then go to the folder Windows and find the folder there Prefetch(C:\WINDOWS\Prefetch). Delete this folder ( delete exactly the folder Prefetch; DO NOT accidentally delete the folder itself Windows!!!)
Next, follow the second point (i.e. delete the svchost process tree). Restart your computer.
How many processes should there be in total?svchost.exe in the "Processes" tab?
The number of processes with this name depends on how many services are running through svchost. The quantity may depend on the version of Windows, the properties of your computer, etc. Therefore, there can be from 4 processes (the absolute minimum) to infinity with the name “svchost.exe”. On my 4-core computer with Windows 7 (including the services being launched), there are 12 svchosts in the “Processes” tab.
How to determine which one is a virus?
You can see in the screenshot above that in the “User” column next to each svchost there is the name of the source that launched this very process. IN normal form next to the svchosts it will be written “system”, or “network service”, or “local service”. Viruses launch themselves as “user” (can be written “user” or “administrator”).
What is a process anyway?svchost.exe?
If we talk in simple language, then the svchost process is an accelerator for the launch and operation of services. svchosts are launched via system process services.exe
What happens if I click on “End process tree” and accidentally end a system process?svchost, and not the virus itself?
Nothing bad will happen. The system will give you an error and restart your computer. After a reboot, everything will fall into place.
What viruses masquerade assvchost.exe?
According to Kaspersky Lab, the following viruses are disguised as svchost.exe: Virus.Win32.Hidrag.d, Trojan-Clicker.Win32.Delf.cn, Net-Worm.Win32.Welchia.a
According to unconfirmed reports, some versions of Trojan.Carberp also disguise themselves as svchost.exe
How do these viruses work?
These viruses enter your website without your knowledge. special servers, from where they either download something else dangerous, or send information to the server (namely your passwords, logs, etc.)
Processsvchost.exe loads the system, but in the “User” column it says “system". What it is?
Most likely, this means that some service is working hard. Wait a little and this process will stop loading the system. Or it won't stop... There are some viruses (for example: Conficker) that use real svchosts to corrupt your system. This is very dangerous viruses, and therefore you should check your computer with an antivirus (or better yet, several at once). For example, you can download Dr Web CureIt– it will find such viruses and remove them.
Why do you need to terminate the process tree and delete the folder?Prefetch?
If you terminate the process tree of your system-slowing svchost, the computer will reboot immediately. And at startup, when the virus tries to start again, the antivirus (which you must have installed) will immediately detect and remove it. Although there are many modifications. For example, the original source of such a virus may be located in the Prefetch folder. This folder is needed to speed up the operation of services. Removing it will not harm your computer.
Your advice didn't help me. Processsvchost.exe continues to load the system.
First of all, check your computer with an antivirus. Better yet, check your computer with several antiviruses.
I can also advise you to clean out the System Volume Information folder. This folder contains restore points for your computer. Viruses register themselves in this folder, since the system does not allow the antivirus to delete anything from this folder. But this is unlikely to be of use to you. I have not yet heard of such modifications of viruses that pretend to be svchost.exe and are located in the System Volume Information folder.
If you have any more questions, I will be happy to answer them.
Latest tips section "Computers & Internet":
Council comments:
Thank you very much! Everything is clear and without water. Everything unnecessary processes disappeared. Thank you!
Windows6.1-KB3102810 x86 (x64) - for 7, whose updater eats up a lot of RAM.
In short, I figured out why svchost loaded percent by 30%, the Spyware Process Detector utility helped to uncover this mysterious process (you can find it on the Internet with a crack), and it turned out not to be some kind of malware, but an ordinary system process Defrag exe, and it was rattling around. In short, I disabled the Disk Defragmentation service, svchost is no longer arises. The problem is solved.
I tried everything, and the center disabled updates and Prefetch was deleted, and the process tree was completed, nothing helps, svchost still loads 30%.
Ilya, thank you very much! It helped! I did everything as written. Only on my XP the service is called Automatic Update. After disabling autorun, as soon as I managed to stop the service, this process disappeared and the CPU load subsided. For those who don't care about XP or updates, I recommend this method.
Ivan, thank you very much for your comment) It helped. I denied access and everything returned to normal. Nothing helped before!
Demolished Prefetch folder but after a reboot it appears again just like the problem with the RAM.
on Win XP I solved the problem simply - by disabling system updates. Probably the soft ones are in this way unobtrusively pushing users to leave XP and 7.
Rustam, the article clearly states that this folder is not for system files(which lie in windows folder). Here is a quote from the article "Removing it will not harm your computer." READ THE ARTICLE CAREFULLY, cykablyat!
I looked into the svchost folder, but found there only the root folders of all programs running on the computer. when deleting, a catastrophe could occur, but the main thing is: a complete shutdown of all life-supporting programs, which ultimately would lead to the fact that after a reboot the computer would stop working altogether, and I would have to reinstall Windows. So, I did not risk deleting the entire host folder . I will look for other solutions to problems. And for those who think that disabling the update solves the problem, I’ll say: I did this once, and the virus that got into the computer ate the entire motherboard and the hard drive stopped working. in fact, it starts the laptop, but immediately freezes and does not even respond to ctrl-alt-del. And on the start and shutdown button of the computer. I have to take out the battery... since then the laptop has been retired... not a single workshop will undertake to repair it. some kind of nonsense.....
I demolished this folder - it helped. Thank you!
who can help with svchot? my contact details WhatsApp Viber +7 999 171 60 74 Skype West00073 I will be grateful. I tested the computer with everyone possible ways Does not help
who can help this SWSHOT is just tormenting me, tried everything. Is there anyone who can solve this issue?
All the methods indicated in the article did not help me, I decided to read the comments and they most often said that it was not a virus but updates and I turned off these updates and everything went away
Thank you!! took down the folder. corrected ;)
I apologize, my mistake. other processes in Sestem32
What if the process that consumes the CPU is located not like all other svchosts in Win32, but in AppDataRoaming?
Thanks, I deleted the folder and everything is fine.
The advice from the comments from Roman on 08/30/2016 helped me, namely the second (additional) method, through Administration!
Thank you everything fell into place!
Can I contact you on Skype?
Users of the seventh modification of Windows very often encounter a problem when a certain Windows process 7 Svchost.exe loads the processor. The solution to fix the problem, as it turns out, lies on the surface. However, in order to determine exactly what technique to use to correct the situation, you first need to understand what it is this process and related service components, since disabling some of them can provoke not only incorrect operation OS, but also the appearance of more unpleasant symptoms (even a blue screen is not excluded).
Svchost: what is this process?
Since problems with increased load by this service are most often observed in Windows 7, and are almost never encountered in systems of later releases, when considering all aspects we will start from the seventh modification.
What kind of component is it that it consumes such an incredible amount of system resources? This is a specialized tool for launching system and user programs, which, according to developers from Microsoft, should, in theory, reduce the load on the system when programs and their executable components are launched, for example, presented in the form dynamic libraries, loaded at the start of the executable component as additional objects in RAM.
To put it more simply and in clear language, in Windows 7, the system itself does not need to run each application as a separate process, since for this only one main component is used, due to which all programs start, being, as it were, tied to it. And the Svchost process is a kind of intermediary bridge between the launched program and the main system component responsible for its start. That is, all starting programs and processes through this component are connected to a single launch service.
Why do I see too many processes of the same name in the Task Manager?
But the main start service is not displayed in the same “Task Manager”. In it you can see just the Svchost processes of the same name, which in normal condition inaction can be about four, and in the presence of working programs - even more.
So, if Svchost is hogging the CPU and memory, Windows 7 is simply processing too many active background (system) and custom applications. But many of them can be quite resource-intensive (take at least AutoCAD or programs for real-time video processing). In such situations, usually in Windows 7 Svchost loads the processor by 50% (maybe a little more). If peak loads are noticed, when the operating system freezes and stops responding to any user actions, you will have to find out the reasons why this is happening.
Windows 7: Svchost loads the processor at 100%. Why?
As for the reasons themselves, there can be quite a lot of them, and such situations cannot always be provoked system failures(although, unfortunately, it cannot be done without them).
But let's return to the situation when in Windows 7 Svchost.exe loads the processor too much. Most probable reasons This phenomenon is called the following:
- short-term failures of system processes;
- viral infection;
- problems with the system update service;
- too much a large number of or failures of related services and system components;
- incorrect operation of the tunnel adapter;
- problems with the SuperFetch component;
- a large amount of computer garbage.
The list shows only the main aspects, which will be discussed further. And for situations where in Windows 7 Svchost.exe loads the processor, a solution for each specific case will be proposed precisely based on what was the root cause of such an unpleasant situation. But first things first.
Windows 7: Svchost (netsvcs) loads the processor: a solution to quickly reduce the load
Many users quite rightly believe that reducing the load is the most simple case You can do this by ending all Svchost processes in the Task Manager. Yes, indeed, this can be done. But in in this case This is just a temporary measure (and in the presence of viruses, it does not help at all).
The same goes for a normal reboot. operating system. After the restart, of course, there will be no increased resource consumption, but the process itself in the form of four (at least) executable files will still be present in the Task Manager. This system component boots with the system automatically, and disable it standard methods, say, using the startup menu is not possible.
Checking the system for viruses
But there are worse situations. Suppose in Windows 7 Svchost loads the processor. What to do if the user sees a dozen and a half lines in the “Task Manager” with a link to the same executable file, and the CPU load reaches its maximum peak values?
Apparently, this is the first sign of a virus attack, since many threats are disguised as just a system process and are capable of simultaneously launching several copies of themselves. This will require manual user intervention by launching some powerful portable utility to deeply scan your computer for viruses.
It is best to use a Dr. scanner. Web CureIt!, but the best option will boot from removable media with the utility recorded on it Kaspersky Rescue Disk. This program is the undisputed leader, since it starts even before the OS boots and can identify and neutralize threats that are deeply embedded not only in the operating system, but also in RAM.
Determine that the selected process relates specifically to virus threat, you can by additional attribute username. There can only be two of them: either NETWORK SERVICE or LOCAL. If the user observes any other description, the conclusion is obvious: this is a virus disguised as the original process. In principle, before using anti-virus utilities, you can use RMB to access the directory where the accompanying process file is located and, if possible, delete it manually.
Troubleshooting system update problems
But viruses are not always the reason why Svchost (netsvcs) loads the processor in Windows 7. Very often this is due to failures offline installer updates (“Update Center”).
For example, some package was under-downloaded during download. So it turns out that the system service is trying to load it (at the same time the Svchost process corresponding to it is launched), but there is no result. On the other hand, the Update Center itself may, for some reason, not work correctly. It may require a restart.
In this case, the services section (services.msc) is first called, in which you need to find the corresponding component, enter the editing section, stop the service and set its startup type to disabled. After this, the system must be rebooted and the service reactivated with automatic type start.
Disable or stop related services
If none of the suggestions helped, and in Windows 7 Svchost loads the processor, the solution may come down to looking at exactly which processes are associated with the executable file and, if possible, disabling them.
To do this, use the same “Task Manager”, in which, through RMB on each process, you need to look at the corresponding service, go to the main section and temporarily disable all processes, as was shown just above.
Fixing tunnel adapter problems
Not often, but sometimes there can be non-standard situations related to the operation of the so-called It is because of its incorrect operation in Windows 7 that Svchost loads the processor. The solution is to adjust its parameters or even turn it off completely.
The best way to do this is to use command console, called through the “Run” menu with the cmd command. Next, the lines shown in the image above are written in the console, and after they are executed, full reboot computer system.
from garbage
There are more simple problem, but just as intrusive. If in Windows 7 Svchost loads the processor, the solution may have something to do with computer garbage, for example, due to the lack of free disk space For normal functioning the operating system itself (usually in system partition It is recommended to keep approximately 10% of the total volume free).
First you can do a disk cleanup standard tool, if you access the partition properties through the RMB menu in Explorer. On the other hand, some residual files After uninstallation, programs are not deleted in this way. But finding them yourself is quite problematic. Alternatively, you can use special cleaning programs or optimizers (CCleaner, Advanced System Care, Glary Utilities or something similar).
SuperFetch problems
Many experts call problems with the SuperFetch service another of the most common situations. To disable it, you can use the methods suggested above by entering the services section, stopping the process and changing the startup type.
However, most often the problem is not even this, but the overflow of the corresponding Prefetch directory, which is located in the root of the system. It is because of this that Svchost loads the processor in Windows 7. The solution is the simplest: delete the directory yourself, end all Svchost.exe processes in the Task Manager and reboot. After the restart, there is no need to reactivate the disabled service. Most users, in general, do not need it at all, and among other things, it is quite “voracious” in terms of consumption of system resources, which leads to dire consequences on weak computer configurations.
If in the “Task Manager” you observe the activation of a process with the name of the executable file wuauclt.exe, you need to find the SoftwareDistribution directory (the root directory of the OS) and delete all subfolders and files from it, and then, as usual, restart the computer. You can also rename the original directory itself, giving it a name with the addition “.old” and reboot immediately, even without deleting it.
Brief summary
That's all for the main reasons for the appearance increased loads on the central processor and RAM, as well as the main methods for eliminating them. True, in a certain sense, it is very difficult to say immediately what provoked such a phenomenon. This can only be done with confidence if viral infection or in the case when the “Update Center” does not even work manual check updates or their installation. In all other situations, you will have to perform each action separately. Apart from possible failures or damage to the hardware (in particular, this applies to RAM strips), at least one technique will give a positive effect in any case.
Just in case, many experts recommend clearing the system event log, which stores LOG files. It can be called through the “Run” console using the eventvwr line, after which use the cleanup items for the application, system, security and installation sections via RMB. After completing all actions, the system must be rebooted.
If the proposed methods do not work for some reason, identical actions can be performed in Safe mode Mode by pressing F8 at startup.
Today I would like to talk about one process that is most likely familiar to every more or less advanced computer user, namely, about the Svchost.exe process. Surely experienced computer scientists are now remembering those times when a lot of viruses with similar names circulated across the network. And the process itself, for certain reasons, can load system processor your computer or laptop to critical 100%. Let's try to figure out why Svchost.exe loads the processor or system and which processes with a similar name are guaranteed to be malicious, as well as how to solve this problem.
What is Svchost?
I’ll start, perhaps, by explaining what kind of process this is and how important it is for the operating room. Windows systems? So, Svchost.exe is one of the system processes loaded from dynamic DLLs, of which several can be launched simultaneously. You can verify this by opening the task manager - simultaneously pressing the “Ctrl” + “Alt” + “Del” keys and then selecting “Task Manager”. There is also another way to open - click right click mouse on the taskbar and select “Start task manager”:
To see running processes, go to the “Processes” tab and click on the “Display processes of all users” button. If you do not do this, you will not see svchost.exe processes.
It is also worth noting that Svchost.exe is used in all Windows versions, starting from 2000 and up to Windows 10. It was also decided to use one process for several services at once in order to simplify the operation of the system and reduce the load on RAM, and this is quite justified, however, it also has its drawbacks (for example, complicating the search for some viruses “disguised” as this process).
Svchost.exe loads the system. What to do?
So, you noticed that the computer is severely slow, and when you launched the task manager, it was noticed that almost all the processor resources were being taken over by the Svchost.exe process. Most often, the reason here is simple and understandable. Either Svhost.exe is a virus, or the system is under load because you have automatic updates enabled. To begin with, we will use methods that do not interfere with the system’s operation, and below I will talk about viruses that will still need to be identified. Before reading this article, I ask you to reboot your computer now, as Windows may not have started the service correctly on the system. Sometimes, this option helps to get rid of this problem, and of course, if you rebooted before, then now you don’t have to reboot your computer and continue reading the article.
Now go to the task manager, find the process named Svchost.exe, right-click on it and select “End process tree” from the list. If this does not help, then we continue to look into this issue.
One more thing you should do now. Go to “Start” - “Run” or open this window using the “Win” + “R” keys on the keyboard. Then enter “Prefetch” and click “OK”.
Next, a folder will open where you need to delete all the files that are in it. Files with system settings “lie” here, but sometimes they are faulty, so follow this step to be sure that everything is in order with them.
Here you will need to select the item called “Administration”.
Here you should find “Windows Update”, and then disable this service. To do this, click on it 2 times with the left mouse button, then click on the “Stop” button. You will also need to set manual type launch, then save all your changes (click “Apply” - “OK”) and restart your computer.
Did not help? Then you can try one by one to disable services that may be associated with Svchost.exe. To do this, launch the task manager, find the process that uses the CPU the most, right-click on it and click on “Go to services”.
A window will open in front of you with an impressive list of services that use Svchost.exe. In this case, services that use the specific process you selected above in the task manager (the one that loads the system the most) will be highlighted in blue. Now you should disable one of the services one by one, checking the result after each shutdown. To disable a service, left-click on it (to select it), and then right-click on it and select Stop Service. If you are an inexperienced user, then I can assure you that you will not do anything bad to the system and therefore do not have to worry about the further result.
In this case, when a suspicious service is found, you should go to “Computer Management” (above I told you how to enter the services - through the control panel - administration - services) and disable it there, because if you use the "Task Manager" for these purposes, That this service will be restored and turned on again after you restart your computer. Usually this process hangs in services "" Auxiliary service IP" and "Windows Update". When you find a process that loads Svchost.exe at 100% or less (usually 50-100%), then go to services, find the service, click on it 2 times, and in the window that opens do the following: in “Startup type” select “ Disabled" and click the "Stop" button. Then click "Apply" and then "OK".
Well, in addition to the above, I would like to give two more simple ways, which in some cases can help you without unnecessary manipulations with processes:
- The first is to update Windows if it has not been updated before. Windows updates often solve many problems and this type mistakes are no exception.
- Second, restore the system using control point, returning it to the state when the problem was not observed.
What if it's a virus?
As I already said, viruses that actively disguise themselves as the Svchost.exe process can also reduce the performance of your system. This is easily explained by the fact that this process is used by various libraries and it is difficult for the user to figure out which of the Svchost.exe processes shown in the task manager is malicious and which is important and necessary.
How to determine? Remember, if Svchost.exe is a system process, then it will never be launched as a user, but only as NETWORK SERVICE, LOCAL SERVICE or SYSTEM. Besides, this operation launched exclusively through programs system services. If it is launched from the Run section of the registry, it is 100% a virus.
It’s also a good idea to pay attention to the process name. It happens that in the name of Svchost.exe some letters are replaced with others or there is a number instead of a letter, and letters can also be swapped (very often, attackers use this type of visual deception). If so, then most likely it is a virus masquerading as a process.
It often happens that a virus is embedded in the Svchost.exe process itself, changing it and leading to frequent system crashes. In any case, if you suspect an infection, start your PC in safe mode(immediately after turning on the computer, press F8 and select the required option) and scan your computer for viruses. I already talked on the site about login methods for different versions Windows:
Sometimes it’s easier to reinstall the OS than to waste your own time searching for the problem, so if you don’t have any specific programs or important data on your computer, then use this advice and don’t bother. After all, a novice user can spend a lot of time (5-6 hours) searching for a problem, and reinstalling Windows takes about 2 hours.
If you have never reinstalled the system yourself, you can watch the video: "". This procedure is not complicated, the main thing is to understand the logical chain, what needs to be done and in what step. You can also read articles about how to reinstall a particular version of Windows:
I hope my article was useful to you and now you will not only be able to find the “root of the problem”, but also adequately eliminate it without harm to your system and your own nerves.
What is svchost.exe in Windows and why does this process load the processor so much, often up to 100%. Let's deal with process svchost.exe on Windows!
It would hardly have aroused much interest among computer users if its reputation in the heyday of versions XP, Vista and 7 had not been spoiled by viruses masquerading as this system process. However, a genuine process often brings problems: it can load the processor by 100% and, accordingly, cause terrible slowdown of the computer. Below we will talk about svchost.exe: what it serves, in which cases it can cause the processor to be 100% loaded, and in which cases, being a virus, it can also pose a threat to the computer.
1. Genuine svchost.exe
Genuine svchost.exe, Windows host process is vital necessary component operating system, through which important system services are loaded from dynamic link libraries (DLLs). For most of these services, svchost.exe runs as a separate process. Therefore, in the “Details” tab of the dispatcher Windows tasks 8.1 and 10, you can detect the activity of several processes at once.
In Windows 7, all active processes can be seen in the Processes tab of the task manager.
Svchost.exe works with updates, Windows Defender, power management, network connections, various devices connected to the computer and others. In Windows 7 and 8.1 systems, svchost.exe processes are launched under the names “System”, “LOCAL SERVICE” or “Network Service”, and in Windows 10 they can also be launched under the name current user. Launched on behalf of the user, it ensures the operation of services responsible for synchronizing mail, calendar, contacts and other owner data account.
2. Why does svchost.exe load the processor at 100%
If we're talking about not about constant processor load at 100%, but about individual periods when such a problem occurs; the reason for this may be the execution of background Windows operations. This is, in particular, system updates, automatic maintenance, indexing of disk contents after system reinstallation. Low-power processors found in budget or older processors are especially vulnerable in this regard. computer devices. The problem with processor load is solved on its own, respectively, upon completion of the operations. In some cases, you may need to resolve an issue caused by an installation error Windows updates.
Other possible reason svchost.exe activity with load on system resources– processor overheating, problems with hard drive or with network card. The computer needs to be cleaned of dust and checked HDD for mistakes. Eliminate or confirm the possibility of damage network card possible by monitoring svchost.exe activity when disconnected network cable.
The reason for the processor load to be 100% may be the incorrect operation of one of the services of the svchost.exe process. This, by the way, often occurs on devices where pirated modified Windows builds. To figure out which of them is causal, you need to track it.
3. Service tracking
3.1. Task Manager
You can find out which service is using the CPU in the task manager. Call the context menu on the problematic process and select “Go to services”.
The manager window will switch to the “Services” tab, where they will be highlighted in a block.
In the context menu called on each individual service, Windows 8.1 and 10 systems, in addition to the stop and start commands that Windows 7 is limited to, offer, in particular, a search for information about it on the Internet. On the Internet you can find out what this service is, how problems with it are solved, and if the solution is to disable it, then whether Windows will then be able to function fully. If you need a computer urgently, and there is no time to understand the essence of the problem, you can try to stop the problematic service using the appropriate command in the context menu. If there are several of them, you will have to investigate disabling each one in turn.
Force termination the svchost.exe process itself in the task manager is fraught with the appearance blue screen of death. When stopping services, the situation is a little simpler: services that are important for the functioning of the system will not be able to be disabled - either access will be denied, or the service will then start again on its own. Stopped services can then be started using the appropriate command in the context menu, and after rebooting the computer they will start themselves. Some of them, if they do not directly affect the performance of the system, but stopping them in the task manager is impossible, you can try to stop them in the Services snap-in (services.msc). In Windows 8.1 and 10 Task Manager, this snap-in is quickly accessible.
Double click For required service its properties window is called up, in which it is stopped with the button, respectively, “Stop”.
If it is impossible to stop the causative service, you can try to reduce the load on the processor by setting the problematic svchost.exe process to a lower priority in the task manager. In its context menu, you must select “Set priority”, then “Below average” or “Low”. However, such a solution will not be effective in every case.
3.2. AnVir Task Manager program
Some may find it more convenient to monitor the services of problematic processes through alternatives to the standard Windows Task Manager. For example, in the AnVir program Task Manager in the same column of the table with processes their services are displayed. The description of the service of the selected svchost.exe can be found in the block with detailed information, which will appear after double-clicking on the graph of the selected process.
You can go directly to the svchost.exe process services using context menu program by clicking “Go”, then “Go to service”.
And already in the context menu for Windows services you can select either the stopping command “Stop” or “Change startup type”, then “Disabled (Quarantine)” if stopping is not possible. Here, in the context menu for each individual service, you can get online help.
Any kind of experiments with disabling services - even through regular Windows functionality, at least with the help third party programs– it is better to do this by first creating a system restore point.
4. Universal Windows Troubleshooters
If you do not treat the symptoms, but deal with the problem itself, universal means of eliminating errors in Windows work something like: disk cleanup, cleanup system registry, checking the integrity of system files (sfc/scannow). And the clean mode Windows boot will help identify whether svchost.exe activity that is loading the CPU is actually related to system services. Third party software services may be causing the problem.
5. Viruses masquerading as svchost.exe
Today, false svchost.exe processes are much less common than when Windows XP, Vista and 7 were relevant. malware virus writers can disguise themselves as it by replacing, for example, the letter “o” with a zero in the process name, the letter “t” with a one, playing with combinations of replacing the Latin alphabet with Cyrillic, adding some extra characters to the original version of the name. It may be that svchost.exe itself is a genuine process, but its activity, which loads system resources, is associated with a virus that has entered the system. Viruses masquerading as svchost.exe can load not only the processor, but also the disk and RAM, actively consume Internet traffic, periodically shut down the Internet and local network connections. False svchost.exe processes have other signs of the presence of malware in the system - advertising on websites, opening unsolicited web pages in the browser, changing Windows settings etc. The falsity of svchost.exe may be indicated by the location of the process executable file in a path other than C:\Windows\System32 and C:\Windows\SysWOW64. You can find out the location of the process file in the Windows task manager, in the context menu of each instance of svchost.exe.
In the AnVir Task Manager program, the path to the location of the svchost.exe files is indicated in the table column “ Executable file" In addition, AnVir Task Manager contains a separate column with an indicator of the so-called risk level - the verdict of the program creators, based on behavioral analysis processes.
AnVir Task Manager works in conjunction with a web service Google Virustotal.Com, where everyone active process can be checked directly from the program interface using the “Check on website” context menu option.
The problem with the false process svchost.exe is solved in a universal way for all types of malware - scanning the computer with an antivirus with regularly updated databases and additional scanning with the participation of antivirus utility from another developer (with excellent bases).
Have a great day!