Master revealed Svchost.exe is what process

There are a lot of online about svchost.exe what the process is, svchost.exe is what virus, Svchost.exe occupy cpu100% or occupy a lot of memory, Svchost.exe has more than 10, Svchost.exe secretly network very much like the problem of Trojans, this article provides information on the Svchost.exe process and the use of a variety of professional software to killing the method.

1) What is the process of svchost.exe
Svchost.exe is a system process in the Windows operating system of Microsoft, manages the other process that starts the service through the DLL file, some virus Trojan is disguised as the system DLL file to call it through Svchost, try to hide oneself. Each svchost can call multiple DLL files at the same time, starting multiple services.

This article comes from the billion degree software: www.yiyidu.com

2) Location of svchost.exe files
Svchost.exe is located under the C:\WINDOWS\system32 folder (if your system is installed in the C:\WINDOWS directory) and there is a backup under C:\WINDOWS\system32\dllcache.

3) The Svchost.exe process should have several
Windows 2000 has more than 2 svchost processes, more than 4 Windows XP, and more than 12 Windows Vista systems Svchost processes. So seeing multiple Svchost.exe in Task Manager doesn't mean they are viruses.

4 What kind of svchost.exe is a virus
C:\WINDOWS\system32 folder under the Svchost.exe file, viruses are generally irreplaceable, in addition to this directory and C:\WINDOWS\system32\dllcache directory, Other directories should not exist under the Svchost.exe file, if there is not a virus is a trojan, can be relieved to delete. If it cannot be deleted, use software such as unlocker (http://blog.yiyidu.com/2009_774.html) to forcibly delete it.

In addition, because the middle of the Svchost.exe o easily be 0 (0) impersonate, so there are a lot of worms, viruses posing, their names are: Svch0st.exe, Schvost.exe, Scvhost.exe, should pay attention to carefully distinguish, to prevent slip through the slip.

5) To view the virus initiated via Svchost.exe
There are several ways to view services that are started through Svchost.exe, in Windows 2000, you can run cmd, and then enter the Tlist-s command to view it in Windows XP and Vista, which can be accessed by the TASKLIST/SVC command.

In addition to the above two commands, can also be viewed through the Svchost viewer (click to download), as shown in the figure:
　　

On the left is the Svchost.exe and a list of services that are launched through it, select one to view the details on the right, such as the current Svchost.exe started Audiosrv, BITS, Browser, Cryptsvc, Dhcp, Dmserver, EventSystem, Fastuserswitchingcompatibility, LanManServer, LanmanWorkstation, Netman, Nla, Rasman, Schedule, Seclogon, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, Trkwks, WinMgmt, wzcsvc services, where Browser service is through C:\WINDOWS\system32\ The Svchost.exe-k netsvcs command is started by maintaining an updated list of computers on the network and providing the list to the computer to specify browsing. If the service is stopped, the list is not updated or maintained. If the service is disabled, any services that are directly dependent on this service will not start.

OK, these descriptions are all of this DLL file claiming that any virus can be so written, so how do we know Browser service is svchost.exe called which DLL file started it. The Svchost viewer didn't tell us.

At this time, we can use Process Explorer (click to download) software to detect, START Process Explorer, the main window will list all the running process, the mouse will be moved up to show the process corresponding to the full path of the file, and it started the service (if any), as shown in figure:
　　

We selected the Svchost.exe process with the most service, right-click menu view Attributes (properties), click the Services tab to see the familiar list: Audiosrv, BITS, Browser ... And so on service, browser is the service that C:\windows\system32\browser.dll provides. As shown in figure:
　　

Most of the service DLL files are located in the C:\Windows\System32 directory, if in what C:\Program files or even a D disk E, you should be careful, the nine is a Trojan. If we suspect that a DLL is not normal, you can search through Google or Baidu, there is a special site is used to query EXE and DLL file information: http://www.processlibrary.com/.

6 View the Svchost.exe process with 360 security guards
If you dislike the above method trouble, or have installed 360 security guards (official website: http://www.360.cn/), you can directly in the "Software Management"-> "is running" inside view, as shown:
　　

360 gives the memory of each process, the call DLL file, security and other information, very thoughtful.

7) Svchost.exe occupy cpu100% of the problem treatment method
Normally, Windows Automatic Update service may fail when the network is bad, causing it to retry repeatedly, resulting in extremely high CPU load. The performance is: The system starts a few minutes after the Svchost.exe will occupy 100% CPU resources, but unplug the network cable is good.

Workaround: Remove all files below C:\WINDOWS\SoftwareDistribution reboot machine, if prompted "Automatic Updates service is running" cannot be deleted, open Control Panel-> admin Tools-> Service, find " Automatic Updates (Automatic Updates) ", set to manually update or turn off automatic Updates, and then reboot the machine, delete the files under C:\WINDOWS\SoftwareDistribution, and then restore the automatic Update settings in the Control Panel.

8) forcibly shut down the svchost process
If you suspect that a svchost process is a fake virus or consumes more than 90% CPUs, you can force it to kill it.

After running CMD in the DOS window input ntsd-c q-p 800 can kill the svchost process (assuming the Svchost.exe process PID is 800).

(To view the PID, click the menu "View"-> "select column" in Windows Task Manager, and check the PID (process identifier) to determine it)

NTSD command can kill any one SYSTEM/SMSS. Exe/csrss. EXE process, even if you can't kill with Task manager.
Don't forget to share with friends or reprint oh. Reproduced please copy the following two lines: Original link: Master revealed Svchost.exe is what process original address: http://blog.yiyidu.com/2008_955.html