Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to determine what services are running under a SVCHOST.EXE process


  • Please log in to reply
8 replies to this topic

#1 TutorialBot

TutorialBot

    Bleeping Teacher


  • Bots
  • 180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 15 November 2006 - 09:11 PM

A new tutorial titled How to determine what services are running under a SVCHOST.EXE process was added by Bleeping Computer. Please use this topic to discuss any aspect of this tutorial.

A brief excerpt of the tutorial can be found here:


A very common question we see here at Bleeping Computer involves people concerned
that there are too many SVCHOST.EXE processes running on their computer. The
confusion typically stem from a lack of knowledge about SVCHOST.EXE, its purpose,
and Windows services in general. This tutorial will clear up this confusion
and provide information as to what these processes are how to find out more
information about them. Before we continue learning about SVCHOST, lets get
a small primer on Windows services.
Services are Windows programs that start when Windows loads and that continue
to run in the background without interaction from the user. For those familiar
with Unix/Linux operating systems, Windows servers are similar to *nix daemons.
For the most part Windows services are executable (.EXE) files, but some services
are DLL files as well. As Windows has no direct way of executing a DLL file
it needs a program that can act as a launcher for these types of programs. In
this situation, the launcher for DLL services is SVCHOST.EXE, otherwise known
as the Generic Host Process for Win32 Services. Each time you
see a SVCHOST process, it is actually a process that is managing one or more
distinct Windows DLL services.
Below I have outlined three methods, depending on your Windows version, to
see what services a SVCHOST.EXE process is controlling on your computer. I have
also included some advanced technical knowledge about svchost for those who
are interested.



We hope you find this tutorial helpful.

The Bleeping Computer Staff

Edited by Animal, 16 May 2013 - 01:00 PM.
Fixed URL


BC AdBot (Login to Remove)

 


#2 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 15 November 2006 - 09:31 PM

I thank you Bleeping Computer for this tutorial. I've been trying to figure out EXACTLY which program was running the svchost.exe process, and now I know. I've been using Process Explorer, but I still couldn't pin-point exactly which program was responsible for each given process of the svchost.exe.

I'll never forget you guys/gals here because of this info. It's well documented and it has made me that much more informative of computers and how they operate.

Everyone needs this tutorial. It's a gold mine. It's very informative. You've taken my guesswork out of this mystery, which haunted me for the longest time. I'll always remember where I learned the real deal about the svchost.exe process. I love you all for this. I'm like a child right now with a new toy. This information means that much to me, and if you know what I know, you'll want to know about it too.

Keep up the excellent work Bleeping Computer.

#3 vylet

vylet

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 29 February 2008 - 05:33 AM

i have a question,,wat if i have deleted the svchost.exe file?,,how can i retrieved that svchost,,

#4 Thelastleap

Thelastleap

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 14 March 2008 - 10:23 PM

lol thank you for explaining what an svhost is because one time i ended one and i was like raar :thumbsup:

Edited by Thelastleap, 14 March 2008 - 10:32 PM.

Posted Image

Bleeping
Computer ROCKS!!!

Helped me get rid of Rogue software Anti-virus and taught me about virtualization I am grateful. :)

#5 curryjl

curryjl

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 01 May 2008 - 12:36 AM

Great tutorial. I enjoyed the read.
*Cheers*

Curry = New Member :thumbsup:
Curry ~ CCENT, A+ Information Technician

#6 Istra

Istra

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 02 May 2008 - 03:22 PM

I have a question.
svchost.exe has 8 attributes: -k LocalService, -k netsvc, -k DComLaunch, -k NetworkService, k- rpcss, -kbdx, -k imgsvc, -k wudfServiceGroup.
I`d assume there`s only 8 possible groups. Which attribute runs the 9th group? :thumbsup: Or, have I missed the point?
Istra
Sometimes I think I understand everything... then I regain consciousness.

#7 SH1NRA

SH1NRA

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murfreesboro, TN
  • Local time:09:02 AM

Posted 14 June 2008 - 11:24 AM

Very nice tutorial. I have always seen the SVCHOST.exe processes running in the background, but never knew what they were or how to check what services they were running. Thanks BC!
Brandon A. Babb | Murfreesboro, TN | MTSU
Geek Squad Counter Intelligence Agent
A+ Certified | Network+ Certified

#8 Adam Pollard

Adam Pollard

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:02:02 PM

Posted 16 May 2013 - 03:26 AM

Getting a page not found (404) error when trying to follow the link to the tutorial.



#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,024 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:02 AM

Posted 16 May 2013 - 01:01 PM

Thank you for reporting the URL. It has been fixed.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users