Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

identifying svchost.exe


  • Please log in to reply

#1
rcoups

rcoups

    New Member

  • Member
  • Pip
  • 4 posts
I have 6 instances of the file "svchost.exe" running right now using beaucoup resourses. I know that is the name of a legitimate Windows file, and that it's also a file created by numerous Trojans and Worms, but how do tell the difference ? Does anyone know the file size of the legitimate file. Thanks in advance.
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
about 13kb, and it lives in c:\windows\system32

6 instances of svchost.exe is not unusual......it is a generic service host-er...many functions will use it to run.

Why do you think it is a problem?
  • 0

#3
rcoups

rcoups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Because this file is created by so many Trojans and Worms and under Processes in Task Manager the file sizes are: 3,260 k
20,156 k
5,328 k
5,428 k
4,436 k and
6,552 k

and even though I run 1 GB of Ram, these files and opthers are slowing my system down.
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
you misunderstand...the file it self is 13k...those measurements you are referring to are the processes that run through the svchost generic process.

This is not a sign of infestation...necessarily.


have you gone through the malware detection removal steps?
  • 0

#5
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0

#6
Tyger

Tyger

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,896 posts
svchost functions a lot like rundll and rundll32 in earlier windows, except in the case of XP, even more so. It loads libraries into RAM memory and it needs to be on standby in memory to do its job. It "hosts" services by putting them into memory.
  • 0

#7
rcoups

rcoups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I haven't gone through the malware detection steps listed in this forum yet. I do run SpySweeper, Ad-Aware SE and SpyBot S & D regularly in addition to weekly NAV scans. I was just hoping that the file size of some of the svchost.exe files might point to an infection and I could delete some of them. I will look on sysinfo.org for some of the other processes that are running on my system that I can't identify as legitimate files. Thanks for your input. Apparently the svchost files can be left alone for now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP