SVCHost.exe

  • Thread starter Thread starter Amanda
  • Start date Start date
A

Amanda

I understand that svchost.exe is a generic host process
name for services that run from DLLs, but is it necessary
that it acces the Internet?
 
Multiple entries of "svchost.exe" is normal. If you try and disable
some of them, you'll cripple the performance of your computer.

A Description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314056

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-------------------------------------------------------------------------------

:

| I understand that svchost.exe is a generic host process
| name for services that run from DLLs, but is it necessary
| that it acces the Internet?
 
This is a too complicated issue, because one really needs
to be aware of which instance of svchost, and ideally firewalls
should distinguish which thing within the instance.

There are some things, the DNS client resolver comes to mind,
that one definitely has need for in order to function on the network.
 
SVCHost and variations upon that name are targets of infectors.

Just in case...
Please go to one or more of the below online scanners and perform a scan of your platform
then report back your results.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Dave







| I understand that svchost.exe is a generic host process
| name for services that run from DLLs, but is it necessary
| that it acces the Internet?
 
Or, just type in Command Prompt (Start> Run> cmd.exe) "tasklist/svc" (without
symbol:" :), for help: tasklist/?) and copy/paste here.
 
That won't help IF it is a an infector using the legitimate SVCHOST name. It will help if a
variation on the name is found and is not legitimate.

Dave




| Or, just type in Command Prompt (Start> Run> cmd.exe) "tasklist/svc" (without
| symbol:" :), for help: tasklist/?) and copy/paste here.
|
|
| "David H. Lipman" wrote:
|
| > SVCHost and variations upon that name are targets of infectors.
| >
| > Just in case...
| > Please go to one or more of the below online scanners and perform a scan of your
platform
| > then report back your results.
| >
| > Trend:
| > http://housecall.antivirus.com
| > http://housecall.trendmicro.com
| >
| > F-Secure:
| > http://support.f-secure.com/enu/home/ols.shtml
| >
| > McAfee:
| > http://www.mcafee.com/myapps/mfs/default.asp
| >
| > Panda:
| > http://www.pandasoftware.com/activescan/
| >
| > Kaspersky:
| > http://www.kaspersky.com/de/scanforvirus
| >
| > Symantec:
| > http://security.symantec.com/
| >
| > BitDefender
| > http://www.bitdefender.com/scan/license.php
| >
| > Dave
| >
| >
| >
| >
| >
| >
| >
| > | > | I understand that svchost.exe is a generic host process
| > | name for services that run from DLLs, but is it necessary
| > | that it acces the Internet?
| >
| >
| >
 
That's right.... But we know some other places:

1. Start> Run> Edit C:\Windows\System.ini -> System.ini
2. Start> Run> Edit C:\Windows\Win.ini -> Win.ini
3. Start> Run> msconfig -> System Configuration Utility (Startup; Services)
4. IE6 SP2 Tools > Manage Add-ons
.....

Is there something new and suspicious? Something with familiar name, but
without clear developer?

- Yes! Well... Kill them.
- No?! Ask help from more expierenced friend.

The antivirus software is the last line of defence, human is the first.
 
That's right. We all must practice Safe Hex first !

Dave



| That's right.... But we know some other places:
|
| 1. Start> Run> Edit C:\Windows\System.ini -> System.ini
| 2. Start> Run> Edit C:\Windows\Win.ini -> Win.ini
| 3. Start> Run> msconfig -> System Configuration Utility (Startup; Services)
| 4. IE6 SP2 Tools > Manage Add-ons
| ....
|
| Is there something new and suspicious? Something with familiar name, but
| without clear developer?
|
| - Yes! Well... Kill them.
| - No?! Ask help from more expierenced friend.
|
| The antivirus software is the last line of defence, human is the first.
|
|
| "David H. Lipman" wrote:
|
| > That won't help IF it is a an infector using the legitimate SVCHOST name. It will help
if a
| > variation on the name is found and is not legitimate.
| >
| > Dave
| >
| >
| >
| >
| > | > | Or, just type in Command Prompt (Start> Run> cmd.exe) "tasklist/svc" (without
| > | symbol:" :), for help: tasklist/?) and copy/paste here.
| > |
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > SVCHost and variations upon that name are targets of infectors.
| > | >
| > | > Just in case...
| > | > Please go to one or more of the below online scanners and perform a scan of your
| > platform
| > | > then report back your results.
| > | >
| > | > Trend:
| > | > http://housecall.antivirus.com
| > | > http://housecall.trendmicro.com
| > | >
| > | > F-Secure:
| > | > http://support.f-secure.com/enu/home/ols.shtml
| > | >
| > | > McAfee:
| > | > http://www.mcafee.com/myapps/mfs/default.asp
| > | >
| > | > Panda:
| > | > http://www.pandasoftware.com/activescan/
| > | >
| > | > Kaspersky:
| > | > http://www.kaspersky.com/de/scanforvirus
| > | >
| > | > Symantec:
| > | > http://security.symantec.com/
| > | >
| > | > BitDefender
| > | > http://www.bitdefender.com/scan/license.php
| > | >
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | I understand that svchost.exe is a generic host process
| > | > | name for services that run from DLLs, but is it necessary
| > | > | that it acces the Internet?
| > | >
| > | >
| > | >
| >
| >
| >
 
Back
Top