I have a process using svchost. Is this a virus?

shedyk · Apr 15, 2018

I have a process that runs high on cpu but has no name.
On checking further details the process is run by svchost.exe and ending the process shuts down my pc.
It started about 3 days ago, it does not run always but I have noticed it runs only when power is connected. It doesn't seem to run when I start my pc on battery only.

The tmp folder it shows on the screenshot is empty.

I have tried a couple of antivirus - anti malware deep scan but all come up clean.

harlan4096 · Apr 15, 2018

Please go here: Malware Removal Assistance For Windows

tim one · Apr 15, 2018

It seems a normal instance of svchost.exe. Service Host hosts services that work in the background even when there are no logged users. But sometimes the problem is to understand which services are running within a given instance.

However if you suspect a malware infection, please follow @harlan4096 suggestion.

donzzi · Apr 15, 2018

Use Process Explorer and Check VirusTotal

mekelek · Apr 15, 2018

tim one said:
It seems a normal instance of svchost.exe. Service Host hosts services that work in the background even when there are no logged users. But sometimes the problem is to understand which services are running within a given instance.

However if you suspect a malware infection, please follow @harlan4096 suggestion.

svchost that has a temp folder file in the command line? that doesn't seem legit at all.
the 2nd one seems clean but the first isnt.

DavidLMO · Apr 15, 2018

Agree that the first looks suspect. Also agree that you need to run Process Explorer (or other app) to find out what is acyually running behind that instance of svchost.

tim one · Apr 16, 2018

mekelek said:
svchost that has a temp folder file in the command line? that doesn't seem legit at all.
the 2nd one seems clean but the first isnt.

Ops... you are right! I don't know why I focused only on the second svchost file.
But at this point yes there is something suspicious about the path of the first one.

Mahesh Sudula · Apr 16, 2018

First one is suspected...believe me most of the av fail in process injections!!
Have a scan with rogue killer..most probably he should fix it
For instance the point is a hidden virus from that temp path executed itself in name of svchost to prevent detection.
Zemana is also very good in these instances.

shedyk · Apr 18, 2018

Mahesh Sudula said:
First one is suspected...believe me most of the av fail in process injections!!
Have a scan with rogue killer..most probably he should fix it
For instance the point is a hidden virus from that temp path executed itself in name of svchost to prevent detection.
Zemana is also very good in these instances.

I think the issue might be related to SlimCleaner Plus. I have just seen your reply now and scanned PC with Rogue Killer and it marked lots of files and registry keys related to it as dangerous.

I had already stopped my PC from running the unnamed svchost processes by booting in safemode and emptying the Temp folder and uninstalling all programs I had install in the week before I noticed this issue.(Coincidentally one of them was SlimCleaner). Emptying Temp and uninstalling it seemed to have stopped the processes from loading but infections were still there. Rogue Killer hopefully delivered the final nail on it.

Hector1 · Apr 19, 2018

In this case a restore from backup or a clean install of windows is the best solution for peace of mind.

Search

I have a process using svchost. Is this a virus?

shedyk

New Member

Attachments

harlan4096

Super Moderator

tim one

Level 21

donzzi

Level 1

mekelek

Level 28

DavidLMO

Level 4

tim one

Level 21

Mahesh Sudula

Level 17

shedyk

New Member

Hector1

Level 4

Similar threads