Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which One Is A Problem...?


  • Please log in to reply
7 replies to this topic

#1 mypenry

mypenry

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Location:Thailand
  • Local time:09:22 AM

Posted 19 May 2006 - 05:05 AM

HI , sorry if this has been asked before..? I am just starting down the computer learning road, and its very confusing at times , well ive been having trouble with Trojans Etc ... on my startup I have the following ..

SVCHOST.EXE ( not svchost.exe ) ive googled it and see some conflicting advice about this ..?

can some one please tell me if SVCHOST.EXE should be removed , its on my startup list in 6 places ..?



Thanks ............ Mypenry

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:22 PM

Posted 19 May 2006 - 05:17 AM

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries called DLLs. This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. The file is located in the %SystemRoot%\System32 folder.

To view the list of services that are running in Svchost:
1. Click Start on the Windows taskbar, and then click Run.
2. In the Open box, type CMD, and then press ENTER.
3. Type Tasklist /SVC, and then press ENTER.

For information about tasklist.exe, type the following at the XP command prompt: tasklist /?
For more information about a process, type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotes)

You can also download and use Process Explorer by Sysinternals to investigate all processes and gather additional information to identify and resolve problems:
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Having svchost run as a startup is usually a bad sign. There are multiple malware types responsible for this. See here: http://castlecops.com/modules.php?name=Sta...ery=SVCHOST.EXE

Are you sure they are listed in startups or as running processes?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:22 PM

Posted 19 May 2006 - 06:33 AM

Like quiteman7 indicated, it can be a little confusing, and if it is malicious this can be it's intent.

Depending on where you see SVCHOST running, be it in a HiJackThis log or whereever, it is my understanding that SVCHOST is the same as svchost. Windows is not case sensitive. But it depends where and how you are seeing this, so:

Where did you see this SVCHOST running?

Edited by Albert Frankenstein, 19 May 2006 - 06:34 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#4 mypenry

mypenry
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Location:Thailand
  • Local time:09:22 AM

Posted 20 May 2006 - 11:52 AM

Thanks Albert & quietman7,

may be iam overreacting ..? ( newbie jitters ) the SVCHOST.EXE I found running in ..Windows Task manager > Processes...

when I first looked it showed ... SVCHOST.EXE but to day when I look it shows ... svchost.exe


? ............. Thanks ............. Mypenry

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:22 PM

Posted 20 May 2006 - 03:15 PM

Your welcome mypenry.

BTW I have five svchost.exe processes running. Tis normal but its good that your asking such questions. Its part of the learning process and you will get over the newbie jitters.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 mypenry

mypenry
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Location:Thailand
  • Local time:09:22 AM

Posted 21 May 2006 - 03:49 AM

Hi quietman7, thanks for the reassurance , At this is my first new computer the learning curve seem's more like a hill !!, and my friends Mr Trojan and Mrs Virus will not leave me alone but I am determined to try and win the battle !!!, I was advised to buy an Apple Mac computer as Mr Trojan and friends dont like the taste of Apples very much ..? but I made my choice and that's that ... so back into the bunkers heads down and on with the war ...

Thanks again Mypenry

#7 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:22 PM

Posted 22 May 2006 - 07:30 AM

Just another thought: Think of svchost as an envelope. An envelope which contains small programs, or services. When one envelope is full, Windows creates another one to host other services that need to run. This is why there can be several instances of svchost running on a clean computer.

Sometimes malware can install itself as a service, and can be running from inside of one of the instances of svchost. It takes extra effort to see exactly what is running inside of svchost, so this is a good place for malware to hide as it is just that much harder to see.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#8 mypenry

mypenry
  • Topic Starter

  • Members
  • 211 posts
  • OFFLINE
  •  
  • Location:Thailand
  • Local time:09:22 AM

Posted 22 May 2006 - 09:54 AM

Thanks Albert

I think its going to take me some time to get to grips with the world of computers, but with your help and the many people on this forum I know where to come to find my teachers...

Thanks again ................ mypenry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users