Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterSvchost.exe
is a generic host
process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple
instances of Svchost.exe running at the same time. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time. To investigate these processes, see "How to determine what services are running under a Svchost.exe process
" using Process Explorer
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click
on the file, Properties
and examine the General and Version tabs.
You can also download and use AnVir TaskManager Free
or System Explorer
to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location
. If you right-click on the file in question and select properties, you will see more details about the file.
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
-- Then post back with the results of the file analysis.