Too many svchost.exe plz help

  • Thread starter Thread starter Atul Verma
  • Start date Start date
A

Atul Verma

I m using windows xp sp2rtm ,today I noticed that my PC has six svchost.exe
services running in task manager. Recently I had an encounter with
autorun.inf virus at my work place . I used antivirus tool for removing this
worm. Although I removed this worm from infected systems but during the
system scan I found this name coming again and again.
I wanted to know is it a genuine service or any kind of virus and worm that
might be harmful.
Is there any way I can check the ones that are NOT needed and can be removed
please?

- Thanks -
 
There's nothing unusual about having a number of svchost entries in task
manager, so that in itself is nothing to worry about. You can read a basic
explanation here:
http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

The time to worry would be if one of those were being detected as malware by
one of your security programs. If you don't have the excellent
Superantispyware already, you can get it free here:
http://www.superantispyware.com/
A clear scan with that would be reassuring. Another useful free, excellent
scanner (you can install several of these) is a-squared, which you can get
here:
http://www.emsisoft.com/en/software/free/

Be careful, though, if one of these (particularly a-squared which is
excellent at detection but seems a little more prone to false positives than
some) picks up something. Anything detected needs investigating thoroughly
before you remove or even quarantine it.

Cheers.
 
The legitimate svchost.exe is a windows process which hosts other processes
which need to be running continuously.

The reason there are so many of them is that they separate processes that
may run in different security contexts in the system--this is a Good
Thing--it helps make Windows safer.

So--the number you've quoted is not a number I would find unexpected or
alarming.

It is important to determine whether the actual svchost executable is the
one which comes with Windows, or a different file by the same name which
would be malware.

(I'm looking at a vista desktop right now, and I see 15 svchost.exe
processes!--all of which I'm quite sure are legitimate)

I don't have an XP machine give exact steps, I'm afraid, at the moment. In
Vista, you can run taskmgr, and tell it to show processes for all users, and
right click a given process, and choose "open file location" That location
should be %windir%\system32 (where %windir% is the location in which the
running instance of Windows is installed.
You can also choose properties, and it will show the location.

As long as all your instances of svchost.exe are in (for example)
c:\windows\system32 --I'd not worry further about it.
 
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
Back
Top