 How to determine what services are running under a SVCHOST.EXE process |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Nov 15 2006, 09:11 PM
Post
#1
|
|
 Member  Group: Members Posts: 36 Joined: 28-June 05 Member No.: 25,123  |
A brief excerpt of the tutorial can be found here: A very common question we see here at Bleeping Computer involves people concerned that there are too many SVCHOST.EXE processes running on their computer. The confusion typically stem from a lack of knowledge about SVCHOST.EXE, its purpose, and Windows services in general. This tutorial will clear up this confusion and provide information as to what these processes are how to find out more information about them. Before we continue learning about SVCHOST, lets get a small primer on Windows services. Services are Windows programs that start when Windows loads and that continue to run in the background without interaction from the user. For those familiar with Unix/Linux operating systems, Windows servers are similar to *nix daemons. For the most part Windows services are executable (.EXE) files, but some services are DLL files as well. As Windows has no direct way of executing a DLL file it needs a program that can act as a launcher for these types of programs. In this situation, the launcher for DLL services is SVCHOST.EXE, otherwise known as the Generic Host Process for Win32 Services. Each time you see a SVCHOST process, it is actually a process that is managing one or more distinct Windows DLL services. Below I have outlined three methods, depending on your Windows version, to see what services a SVCHOST.EXE process is controlling on your computer. I have also included some advanced technical knowledge about svchost for those who are interested. We hope you find this tutorial helpful. The Bleeping Computer Staff |
 |
 
|
|
Nov 15 2006, 09:31 PM
Post
#2
|
|
 Forum Addict  Group: Banned Posts: 1,327 Joined: 18-October 06 From: Planet Earth Member No.: 90,873 |
I thank you Bleeping Computer for this tutorial. I've been trying to figure out EXACTLY which program was running the svchost.exe process, and now I know. I've been using Process Explorer, but I still couldn't pin-point exactly which program was responsible for each given process of the svchost.exe.
I'll never forget you guys/gals here because of this info. It's well documented and it has made me that much more informative of computers and how they operate. Everyone needs this tutorial. It's a gold mine. It's very informative. You've taken my guesswork out of this mystery, which haunted me for the longest time. I'll always remember where I learned the real deal about the svchost.exe process. I love you all for this. I'm like a child right now with a new toy. This information means that much to me, and if you know what I know, you'll want to know about it too. Keep up the excellent work Bleeping Computer. -------------------- Walkman
One Man's Opinion "What I didn't know yesterday, I know today, and I'll remember it tomorrow" by Walkman |
|
|
|
|
Feb 29 2008, 05:33 AM
Post
#3
|
|
|
New Member Group: Members Posts: 2 Joined: 29-February 08 Member No.: 193,287 |
i have a question,,wat if i have deleted the svchost.exe file?,,how can i retrieved that svchost,,
|
|
|
|
|
Mar 14 2008, 10:23 PM
Post
#4
|
|
 Member Group: Members Posts: 49 Joined: 19-November 07 Member No.: 171,038 |
lol thank you for explaining what an svhost is because one time i ended one and i was like raar
This post has been edited by Thelastleap: Mar 14 2008, 10:32 PM --------------------  Bleeping Computer ROCKS!!! Helped me get rid of Rogue software Anti-virus and taught me about virtualization I am grateful. :) |
|
|
|
|
May 1 2008, 12:36 AM
Post
#5
|
|
|
New Member Group: Members Posts: 8 Joined: 30-April 08 Member No.: 206,397 |
Great tutorial. I enjoyed the read.
*Cheers* Curry = New Member 
|
|
|
|
|
May 2 2008, 03:22 PM
Post
#6
|
|
|
Member Group: Members Posts: 36 Joined: 31-March 08 Member No.: 200,104 |
I have a question.
svchost.exe has 8 attributes: -k LocalService, -k netsvc, -k DComLaunch, -k NetworkService, k- rpcss, -kbdx, -k imgsvc, -k wudfServiceGroup. I`d assume there`s only 8 possible groups. Which attribute runs the 9th group?  Or, have I missed the point? Istra -------------------- Sometimes I think I understand everything... then I regain consciousness.
|
|
|
|
|
Jun 14 2008, 11:24 AM
Post
#7
|
|
 New Member Group: Members Posts: 4 Joined: 9-June 08 From: Murfreesboro, TN Member No.: 215,129 |
Very nice tutorial. I have always seen the SVCHOST.exe processes running in the background, but never knew what they were or how to check what services they were running. Thanks BC!
-------------------- Brandon A. Babb | Murfreesboro, TN | MTSU
Geek Squad Counter Intelligence Agent A+ Certified | Network+ Certified |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 11:23 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.