svchost.exe

[M Guyder]

I looked at the running processes and found 12 svchost.exe running. Can
anyone please explain this?

TX
mary

 

[M Guyder]

Where do I get "procexp" ?

SvcHost.exe is a program that launches specific functions from a .DLL
file. You might use it to startup an FTP Server, a TELNET Server, but skip
a terminal server. That would result in two instances of SvcHost. Get a
copy of procexp (sp?) to examine the service structure.

 

[Malke]

Where do I get "procexp" ?

I think "Stubby" meant Process Explorer (free) from Sysinternals:

http://www.microsoft.com/technet/sysinternals/default.mspx

Malke

 

[M Guyder]

They all read - Host Process for Windows Service

I think "Stubby" meant Process Explorer (free) from Sysinternals:

http://www.microsoft.com/technet/sysinternals/default.mspx

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

 

[Kerry Brown]

Process Explorer is an excellent utility but the built in Task Manager has
this feature in Vista. Right click on the svchost instance you want and pick
Go to service(s). The services loaded in that process will be highlighted.

 

[Mr. Arnold]

They all read - Host Process for Windows Service

Host Process for Windows Service is SVChost.exe.

If SVChost.exe is not running out of the C:\Windows\System32 folder, then
it's a Trojan, which you can tell which folder SVChost.exe is running out of
with Process Explorer.

BTW, I have 13 SVChost.exe(s) running, because that's what SVChost.exe does
is host processes, which can be legit or non-legit (like malware).

<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

 

[Kerry Brown]

You can also see the path in Task Manager. Click on View then Select
columns. Image Path Name shows where the file was loaded from. Command Line
shows the command line that was used to load it.

 

[M Guyder]

They all SEEM to be ligit, but isn't this a bit of OVERKILL. Shouldn't one
instance oft he utility run all the services?

Some of these seem to be unneeded. I just do not like all the memory it is
using

 

[Kerry Brown]

That's the way it's always been with NT based versions of Windows. If you
are looking for performance improvements there are better places to spend
your time. There's some very good performance tips in the following
articles.

http://blogs.zdnet.com/Bott/?p=429

http://blogs.zdnet.com/Bott/?p=436

http://blogs.zdnet.com/Bott/?p=437

http://blogs.zdnet.com/Bott/?p=448

http://blogs.zdnet.com/Bott/?p=466

 

[M Guyder]

I did get Process Explorer aand ran it but It is beyond my scope of
understanding

 

[Nonny]

I did get Process Explorer aand ran it but It is beyond my scope of
understanding

Even if you understood it, you couldn't change how Vista works at that
level.

Did you happen to notice that it was mentioned that you could see
pretty much the same thing as Process Explorer shows just by making
full use of the Task Manager?

Right click any instance of svchost, select Services and all the blue
highlighted items are being handled by that one.

 

[M Guyder]

This was mentioned in a previous reply, tx

Oddly, I anm now at work and there is not one instance of this exe file
running on my computer !!!

 

[Kerry Brown]

In the Vista Task manager click on the button that says "Show processes from
all users". In XP put a check mark in the box.

 

[Nonny]

In the Vista Task manager click on the button that says "Show processes from
all users".

Another reason I have UAC turned off.

 

[M Guyder]

Tx evry1 for your input. I will not belabor this issue.

The reason I was asking is because I can be doing something and my compute
is running in the background a mile a min. I look at the Processess running
and see where svchost.exe is using 64,000 in one instance and 50,000+ in
another. Thought this mite be the reason for the puter running.