multiple instance or services of svchost.exe

  • Thread starter Thread starter Atul Verma
  • Start date Start date
A

Atul Verma

Today under Windows Task Manager/ Processes/ I saw too many svchost.exe
listed although I m aware of the fact that it is an integral part of Windows
OS and in normal conditions multiple instances of Svchost.exe run at the same
time.
On the other hand svchost.exe is also a virus, spyware, trojan or worm.

But today I found more than 7 instance of this service and that too I
noticed after a removal of autorun.inf worm. I am bit little worried about it
.. Can somebody explain and help me in finding out which is the genuine one…
Plz Help?

Thanx
atul
 
How do you know you have too many instances of svchost.exe? How many do
you think you should have?

Either your machine is 100% clean of infection or it is not. If your
machine is 100% clean then you should be enjoying your computer instead
of counting how many instances of svchost.exe you have. If you're not
sure whether your machine is 100% clean, then as Captain Picard would
say, "make it so"
---
Leonard Grey
Errare humanum est

"A Day in the Life of a Web 2.0 Hacker" - PC Magazine
http://www.pcmag.com/article2/0,2817,2330952,00.asp
 
Atul Verma said:
Today under Windows Task Manager/ Processes/ I saw too many svchost.exe
listed although I m aware of the fact that it is an integral part of
Windows
OS and in normal conditions multiple instances of Svchost.exe run at the
same
time.
On the other hand svchost.exe is also a virus, spyware, trojan or worm.

But today I found more than 7 instance of this service and that too I
noticed after a removal of autorun.inf worm. I am bit little worried about
it
. Can somebody explain and help me in finding out which is the genuine
one.
Plz Help?

Thanx
atul
Click to expand...
Use Process Explorer to get the location of each instance of svchost.exe.
If the location is \windows\system32, then the svchost.exe is probably
genuine. Anywhere else, it is probably malware.
It is rather common to have multiple instances of this program. I. E.,
multiple processes are invoking svshost.exe to perform separate tasks. My
systems usually have 6 instances, but this is by no means an indication that
your system is out of the ordinary,

But, rather than speculate, what sort of AV scans, etc., have you done?

Jim
 
Atul Verma said:
Today under Windows Task Manager/ Processes/ I saw too many svchost.exe
listed although I m aware of the fact that it is an integral part of Windows
OS and in normal conditions multiple instances of Svchost.exe run at the same
time.
On the other hand svchost.exe is also a virus, spyware, trojan or worm.

But today I found more than 7 instance of this service and that too I
noticed after a removal of autorun.inf worm. I am bit little worried about it
. Can somebody explain and help me in finding out which is the genuine one…
Plz Help?

Thanx
atul
Click to expand...

run a thorough scan by doing the
following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Monitor file system, Registry, process, thread and DLL activity in real-time.
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
List all the DLLs that are currently loaded, including where they are loaded
and their version numbers.
http://technet.microsoft.com/en-us/sysinternals/bb896656.aspx

HTH,
nass
 
My friendly, fellow posters. I am very, very sorry for all the problems that
my stupidity has been causing here. I have been outing, you say?, a dirty,
lying REAL TROLL Mick Murphy <RT>, and his brother, Fake PaulShit, Paul
(Shite) Montgomery, also TROLL.
I help people here, not arguing, with the swill of the garbage bins!!!
Please, please forgive me for being so silly. Look at the record here. I am
up to nearly 500 correct answers for GOLD, then MVP. We still friends, yes?
 
My friendly, fellow posters. I am very, very sorry for all the problems that
my stupidity has been causing here. I have been outing, you say?, a dirty,
lying REAL TROLL Mick Murphy <RT>, and his brother, Fake PaulShit, Paul
(Shite) Montgomery, also TROLL.
I help people here, not arguing, with the swill of the garbage bins!!!
Please, please forgive me for being so silly. Look at the record here. I am
up to nearly 500 correct answers for GOLD, then MVP. We still friends, yes?
 
Back
Top