Svchost.exe

From Wikipedia, the free encyclopedia

In software Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs) within the Microsoft Windows operating system.

At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging, but it also causes some difficulty for end users wishing to see the memory usage or vendor legitimacy of individual services and processes. End users in Windows XP Professional can run the following command at the system prompt to get a breakdown:

C:\>tasklist /svc /fi "imagename eq svchost.exe"

(NB: This command does not work in Windows XP Home.)

Due to being widespread among running processes, svchost.exe has long been a common disguise used by malware to hide its presence from the user. (One of the common trojan horses deceptively uses scvhost.exe). Users may then run tasklist with no arguments and match the reported PIDs with the previously shown Svchost instances. If memory usage appears abnormal, the user can look up the service names shown by their command on the internet to see if it is a known service or malware.

The Svchost.exe file is located in the %SystemRoot%\System32 folder. The main registry key involved at bootup is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost (values in this key will show the user at least a partial list of the actual processes behind instances of svchost).

The April 30, 2007 release of WSUS 3.0 led to reports of svchost.exe issues, including 100% CPU usage, memory hogging, and excessive laptop fan/power usage.^[1]

[edit] See also

• List of Microsoft Windows components
• Windows NT Startup Process

[edit] References

[edit] External links

• ProcessLibrary.com svchost.exe info
• Microsoft Support Page on svchost.exe
• Process Pedia about svchost.exe

v • d • e Microsoft Windows components Core Aero · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (namespace · Special Folders · File associations) · Search (Saved search · iFilters) · Graphics Device Interface · WIM · Next Generation TCP/IP stack (Server Message Block) · .NET Framework · Audio · Printing (XML Paper Specification) · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · Structured storage · Transaction Server) · Previous Versions · WDDM · UAA · Win32 console Management tools Backup and Restore Center · command.com · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Configuration · Task Manager · System File Checker · System Restore · Windows Installer · Windows PowerShell · Windows Update · WinSAT · Windows Easy Transfer Applications Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Windows Media Player (11) · Windows Speech Recognition · WordPad Games Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire Kernel Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection Services Autorun · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Windows Error Reporting · Multimedia Class Scheduler · CLFS File systems NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS Server Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows SharePoint Services · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Network Access Protection · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · Windows System Resource Manager · Hyper-V Architecture NT series architecture · Object Manager · Startup process (Vista) · I/O request packets · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS Security UAC · BitLocker · Defender · DEP · Protected Media Path · Mandatory Integrity Control · UIPI · Windows Firewall · Security Center Compatibility Unix subsystem (Interix) · Virtual DOS Machine · Windows on Windows · WOW64