Advertisements

Svchost.exe (Generic Host Process for Win32 Services) has been the core of problems for Windows Operating System. Svchost.exe is an important process for Windows to run correctly as it manages the services that are running from the dynamic link libraries (DLLs). This process is usually exploited by the viruses and trojans to make the system unstable. If you want more information about this, you can head to Microsoft KB314056.

The most usual problem associated with svchost.exe is utilizing 100% CPU usage. This seems to come out of nowhere and the system keeps on running short of resources. This behavior of svchost.exe is due to some malware compromising the computer. So how do malware manage to compromise svchost.exe? It is very simple. We have to look at how this process works. At the system startup, svchost.exe will check the services section of the Windows registry. It will build a list of services that need to load their DLLs when the computer is starting. Most malware will hijack the process from here.

You may also like to read:

[related_posts]

The other possible problem associated with malware is that they try to run the processes by the name of svchost.exe. These processes are not actually legitimate but the user thinks that they are system processes. This can be verified by confirming the location of svchost.exe. The original executable file is located in C:\Windows\System32 and should always be running from there. Any other process by the name of svchost.exe is not legitimate and should be closed. To confirm the location of the file, do the following:

Go to Task Manager –> Processes

Right click svchost.exe and select Properties.

This will show you the location of svchost.exe process.

svchost.exe process properties

If you want to look at which services are using the Svchost right now, you can go to:

Task Manager –> Processes

Right click svchost.exe process and select Go to service(s).

This will highlight all the services that are using Svchost process for loading their DLLs. This only highlights the services. If you want to stop any one of them, you will have to go to the services management control.

Since there are many processes associated with Svchost.exe, checking all the processes if they are running from the legitimate location is a lot of work. Svchost Process Analyzer is a free software which can ease this process of checking the location and seeing what DLLs are loaded by which svchost process.

Svchost Process Analyzer

There is no need of installation. Just download it and run the exe file. It will show all the svchost processes currently running. If you select any process, the list of DLLs loaded by that process will be shown. You can double click any process to get the properties of that process. This will make it easy for you to identify the process which is causing the most problems.

When the root cause is identified, it becomes very easy to fix it. You should always kill the svchost.exe processes that are not running from C:\Windows\System32. After that you will need to stop the services which are causing high CPU usage. It is very easy to identify the culprit services from the above steps.

Advertisements