Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Instance of svchost.exe since MS April updates


  • Please log in to reply
No replies to this topic

#1 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:06:19 PM

Posted 18 April 2009 - 01:20 PM

I virtually always open Task Manager when I boot up my machine (don't leave it running all the time). In addition, I always reboot after monthly Windows security updates, whether prompted to or not by WU. This week when I did the regular monthly patches, immediately afterwards I saw a new instance of svchost.exe in my Task Mgr process list. I usually have 5 and all of a sudden after updates, I had 6 running! There has been a discussion of this on BBR DSL forums on the occurrence.

http://www.dslreports.com/forum/r22243137-New-svchostexe

But even checking with Process Explorer (which I am quite new to), I can't really see which handle for svchost.exe is the new one, as I have never listed what was normal before on paper (I think I shall today just so I'll know in future what is new). All handles appear to be legitimate Windows and security apps. One responder in the BBR forum thread (Noah Vail's post) thinks it is the HTTP SSL service. But my w3ssl.dll file properties shows it was created August 2004 & last modified on 4/14/2008 (not 2009). FWIW, my HTTP SSL service isn't even in Started status and is set to manual start type, and I have had no problems on-line on 3 different bank sites I use. So I'm not convinced this is what is causing the new instance of svchost.exe after updates.

FYI these are the items listed by Process Explorer for the now 6 instances of svchost.exe:

DCOM Server Process Launcher
Remote Procedurre Call
SSDP Discovery Service
TCP/IP NetBios Helper
WebClient
Windows Image Acquisition
COM+ Event System
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
Help & Support
Network Connections
Network Location Awareness
Remote Access Connection
Secondary Logon
Shell Hardware Detection
System Event Notification
System Restore Service
Task Scheduler
Telephony
Themes
Windows Audio
Windows Management Instrumentation
Windows Time
Workstation

All look like legitimate WinXP services I have set on manual or auto. Anyone have any thoughts on this?

Edited by buttoni, 19 April 2009 - 10:25 AM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users