Many friends are not familiar with the svchost process, sometimes in the task Manager once see a number of this process (the following figure has 6), they think their computer in the virus or trojan, in fact, not so! Under normal circumstances, You can have multiple Svchost.exe processes running at the same time in Windows, such as Windows 2000 with at least 2 svchost processes, more than 4 in Windows XP, and more in Windows 2003, so when you see multiple svchost processes , is not necessarily the virus!
What is Svchost.exe?
The Svchost.exe file exists in the "%system Root%system32" (for example, c:windowssystem32) directory, which is an important process in Windows NT core (Windows 9X does not have the process) and specifically initiates various services for the system. For example, Svchost.exe invokes the Rpcss.dll file and starts the RPCSS Service (remote procedure Call).
Svchost.exe is actually a service host that does not provide any service to the user, but can be used to run dynamic-link library DLL files to start the corresponding service. The Svchost.exe process can start multiple services at the same time.
Svchost.exe is a core process of a system, not a virus process. However, because of the particularity of the Svchost.exe process, the virus will do everything possible to invade Svchost.exe. By looking at the execution path of the Svchost.exe process, you can confirm if you are poisoning. If you suspect that your computer may be infected with a virus, Svchost.exe services can find anomalies by searching Svchost.exe files. In general, you will find only one Svchost.exe program in the "C:windowssystem32" directory. If you find a Svchost.exe program in another directory, it is likely to be poisoned.
Svchost Virus Removal method
1, with unlocker delete similar to C:sysdayn6 folder: such as C:syswm1i, c:sysad5d, and so on, these folders have a common feature, that is, the name is sys*** (* * * is three to five bits of random letters), so a few of the folder deleted several.
2, Start-run-enter "regedit"-Open the registry, expand the registry to the following location: Hkey_current_ Usersoftwaremicrosoftwindowscurrentversionpoliciesexplorerrun Delete all keys with a pure number name on the right, such as <66> <333> <50> <4>
3, restart the computer, the virus cleared.