Guide | How To Svchost. EXE, program to understand what processes start

The associated guide may contain user-generated or external content.
L

LabZero

Thread author
Hello,

Often we notice that our computer slows down and doing Ctrl + ALT + DELETE, the allocated memory is high, with many svchost.exe processes open, behind which may be hidden useful services to the computer or even viruses and trojans. Now we will see how to understand what services and what exactly is svchost.exe.

Cattura.PNG


Svchost.exe

Svchost.exe is a Windows process that it contains other individual services used for different functions. On your pc can be several svchost.exe processes running, and each instance can have different services.

Let's see now what services there are inside each svchost.exe process.

To do this we will use this tool: https://svchostviewer.codeplex.com/

Cattura1.PNG



This program gives us a lot of useful information (run as administrator)

- The number of open processes Svchost.exe
- The services contained within each Svchost.exe process
- The memory used by each process and each content service
- Process ID
- Description of each service started
- The Path (location) of the process

everything what we need, in addition, this program does not require any installation, just launch it!

Finally, once you've seen the services started, just use Google to find out what they are and what services are suspected behind which you can hide viruses or trojans.
 
  • Like
Reactions: conceptualclarity, SecureRoutine, Venustus and 6 others
L

LongTimeUserZA

New Member
Aug 15, 2015
3
I have Windows 7, and normally I try to avoid installing software that will show me the same information that I can get using Windows own tools. To know what services are running under Svchost.exe, I use the Resource monitor (Task Manager-->Performance, and then Resource Monitor). Under CPU tab I can see any services and Apps that are running. And using services.msc, I can change any service.

I know there is a way to get the same info using commands under DOS
 
H

hjlbx

Thread author
Command Line Interface: tasklist OR wmic process get description,executablepath

Powershell: get-process

Not sure if this will work for you as it seems you want a process-tree that links parent-child processes...
 
H

hjlbx

Thread author
Vipersd said:
Sysinternals Process Explorer does good job in this case for me. Only problem I have with svchost is sometimes when Windows Update service gets cranky and hogs CPU to 100%.
Click to expand...

wuauclt.exe hogging up to 100 % CPU at times is normal Windows behavior...
 

Similar threads

M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
490
Windows Malware Removal Help & Support
icotonev
icotonev
upnorth
    • Like
    • +Reputation
    • Thanks
Security News New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
Replies
0
Views
1,069
Security News
upnorth
upnorth
Ink
    • Like
    • Applause
Serious Discussion Cost of Running Privacy Companies
Replies
1
Views
446
General Privacy Discussions
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top