Here are a few links which explain what is svchost and its purposes:
Okay, now to address few concerns:
How easily is it for a hacker to name his .exe to etc svchost.exe?
Just as he creates a new malicious file / executable. The skill lies in how the hacker/malware writer can hide that file from easy detection by user or his tools.
Could there be two svchost.exe in the same folder?
No, its a OS restriction to have only a single file with a given name or its slight modifications. (svchost.exe, SVCHOST.exe etc)
But the malware writer can do something tricky to human eyes like scvhost.exe, svchst.exe etc or create a fake folder similar to the original path.
could a hacker edit the svchost.exe to do what it's supposed to do but also add his malicious code additionaly and let it work for him?
Since a lot of Windows dlls and functions depends on svchost.exe for working, improper tampering can make target machine to behave unexpectedly, throwing errors. That will make user suspecious.
DLL injection or its variations can be an option.
Recently i got some svchost.exe popups from my firewall this time it was when i was viewing my private pictures and videoclips... So i found it weird.
Could someone help me out with this?
If you're suspecting an infection, please use the Am I infected? What do I do? or Virus, Trojan, Spyware, and Malware Removal Logs
would it be easy for a hacker to delete and replace it with his own version of svchost.exe?
It may be possible, but there are better ways.
Edited by Nikhil_CV, 11 November 2015 - 02:47 AM.