System Archives: Also true and false Svchost.exe

√ Understand the features of Svchost.exe
√ Determine the true and false Svchost.exe process
√ Remove the virus disguised as Svchost.exe, Trojan

About the "System Blue File" section

Svchost.exe, Lsass.exe, Wdfmgr.exe, open the process list, you will find a lot of unknown use of the process, whether the system process or http://www.aliyun.com/zixun/aggregation/18960.html "> Trojan virus? If you open the System folder, a lot of strange names of the file, it will make you dizzy. Many friends therefore always have a kind of unknown fear, that Trojan, hackers everywhere, even the master, can not put these unfamiliar system documents speak plainly. To dispel everyone's doubts, from this period began to bring you a new serial column-system blue file for everyone to expose the secret of these hidden documents. Two heroes, now come to know.

Introduction of the protagonist

Side dishes: Just contact the computer soon rookie, but the computer knowledge has a very strong interest in learning, often said a word is "rookie first fly."

Big mouth: Helpful veteran, often dubbed "Big Mouth Master" title, but this does not mean that his mouth is particularly big, but a talk about computer knowledge on the spout.

Emergency situation: The system found a serious virus

The side dishes have just learned the concepts and knowledge of the process, it doesn't matter if you open Task Manager to watch the process in the system, and you actually find a "virus"--svchost.exe, this guy has 5 more in the list of system processes (see Figure 1), so the side dishes end these processes one by one, I did not expect the second process to be regenerated after the end, and the end of the fourth process is even more outrageous, the system prompts "system is about to shut down, 60 seconds away from shutdown", process regeneration, error prompts, these typical virus "symptoms" more let the dishes believe "Svchost.exe" is a virus undoubtedly, but can not end the process, How to remove the virus? The small dish had to come with a big mouth.

Figure 1 A large number of svchost processes

After the big mouth has not looked at the computer, first tells the vegetable dish, The Svchost.exe process in the system is a normal system process, not a virus, not only you, other friends see the system in so many Svchost.exe process, the first reaction also feel it is a virus, although the system has multiple Svchost.exe process is normal, but it is not guaranteed to be normal. Sounds like a little contradictory? This makes the side dishes more confused, the big mouth after sitting down to the small dishes in detail.

Second, a sigh of relief: Svchost.exe is a "CD machine"

1. Service installed in "CD player"

Svchost.exe is a process unique to NT kernel operating systems (Windows 2000/xp/2003 are NT kernel operating systems), and "Svchost" is the abbreviation for service host. Microsoft's official definition is that Svchost.exe is the generic host process name for a service running from a dynamic link library (DLL), which is, in layman's terms, a service loader. You can think of each service as a music CD, and Svchost.exe is the CD player that is used to play the CD.

2. Why use "CD player" to install service

Due to the increasing number of Windows 2000/19803.html ">XP system services, starting all services in the form of a single EXE process can greatly increase the system burden and, to conserve system resources, Microsoft will implement some system services in the form of dynamic link libraries (DLLs), Svchost.exe is the program used to load these DLL files to start the system service. No one will make a CD that is dedicated to the CD, and so does Microsoft.