View the "svchost" Process

View the "svchost" Process

Svchost.exe is a core process of Windows XP. Svchost.exe not only appears in Windows XP, but also exists in the Windows System Using ntinner. Generally, in Windows 2000, the number of svchost.exe processes is 2, while in Windows XP, the number of svchost.exe processes has increased to 4 and more.

For example, how can we identify normal svchost.exe processes and what are virus processes?

The key value of svchost.exe is in the "HKEY_LOCAL_MACHINE/software/Microsoft/Windows NT/CurrentVersion/svchost.exe. Each key value is assigned to an independent svchost.exe group.

Microsoft also provided a method to check that the system is running in the svchost.exe list. Take Windows XP as an example: Enter cmd in "run", and then enter tasklist/SVC in command line mode. The system lists the services. If Windows 2000 is used, replace the previous "tasklist/svc" command with "tlist-s.

If you suspect that the computer may be infected by viruses, svchost.exe's service may find exceptions by searching the svchost.exe file. Generally, only the svchost.exe program under "C:/Windows/system32.pdf" is found. If you find the svchost.exe program in another directory, it is probably poisoned.

Another way to check whether svchost.exe is poisoned is to view the process execution path in the task manager. However, because the job manager in Windows cannot view the process path, you must use a third-party process inspection tool.

Describes the process of svchost.exe. In summary, svchost.exe is a core process of the system, not a virus process. However, because of the special nature of the svchost.exeprocess, the unique svchost.exe virus is also widely used. Check whether the execution path of the svchost.exe process is toxic.

Tip: the services and processes loaded by the supervisor. Unauthenticated services are displayed in red, which is very practical!