V
Vladesch
Control panel somewhere?
Thanks in avance.
Thanks in avance.
D
Duane Arnold
No, and for me, I have never hindered Svchost from doing anything,
because it is the messenger for the O/S. Svchost has many tasks one of
them being communications on the LAN and WAN for the O/S and other
programs running on the machine, which could be malware as well. If
Svchost is communicating to unknown remote IP(s) then one should be
concerned and find out what is using Svchost (the messenger) on its
behalf and kill it instead of the messenger.
If Svchost.exe is not running out of the Winnt/System32 or
Windows/system32, then it is a Trojan.
One should not kill the messenger.
Duane
A
Alec
Vladesch said:
It's not quite that simple. Svchost.exe is a generic wrapper that Microsoft
uses to host various background Services. Many Microsoft supplied services
run in one svchost.exe process, while some others run in their own
svchost.exe process. It is not uncommon for most computers to have two or
more svchost.exe processes running at one time (for example, check out the
process tab on Task Manager). Some of these services do not function as
servers and are not actively listening for inbound traffic, but a few do.
The primary ones that do are the Server service, which is required for file
and printer sharing as well named pipe functionality, and the other is the
Remote Procedure Call (RPC) service.
You can disable the Server service using the Services snap-in in Microsoft
Management Console (MMC). You can get there by typing "services.msc" in the
run box (Start | Run). You will need to have Administrator privileges for
the system you are configuring in order to make a change.
Unfortunately, however, you will not be able to disable the RPC service. It
simply is used by too many other underlying functions, including the
following representative functions: COM+ Event System, Cryptographic
Services, DHCP Server, Distributed Link Tracking, Error Reporting Service,
Fax, File Replication, IPSEC Services, Logical Disk Manager, Messenger,
Print Spooler, Security Accounts Manager, Shell Hardware Detection, Task
Scheduler, Terminal Services, Windows Installer, Windows Management
Instrumentation (WMI), and Wireless Configuration. There are lots more, but
you get the idea. The MMC Services snap-in will not, in fact, even let you
disable RPC. If you found out how to disable RPC in the registry or
otherwise, the operating system would end up not loading.
If you need a tool to discover what Services is actually lurking in any
given svchost.exe process. I HIGHLY recommend Sysinternals Process Explorer
freeware utility (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml).
You can right click on a process, select properties, and then click on the
Services tab.
Alec
R
Rick M.
Alec said:
Some excellent advice - thanks for link too. Handy program...
Another good site to learn about the generic SVCHOST.EXE processes is
http://wwww.blackviper.com .
-Rick