is a generic host process name for services that are run from dynamic-link libraries called DLLs. This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time
. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.
One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However it then places itself in a different location on your computer. In XP, the legitimate Svchost.exe file is located in your system folder: C:\WINDOWS\system32\
Other legitimate copies can be found in the following folders:
and a prefetch file located here: C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
If svchost.exe is running as a startup/shows in msconfig, this can be bad. See here
Also make sure of the spelling
. If its scvhost.exe
this a trojan. See here
In addition to the other scans in the Prep Guide, download and scan with AVG Anti-Spyware 7.5
in "SAFE MODE
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware). Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.