What is svchost.exe? - Security Term

What is the svchost.exe file? Why do I have multiple svchost.exe processes running in Task Manager? Is svchost.exe a virus or trojan? These are the most frequently asked questions about this process.



What is the svchost.exe file?
Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process.


Why do I have multiple svchost.exe processes running in Task Manager?
There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. This is a normal operation of Windows: One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows.


To view which services are currently running under svchost.exe (windows-Windows XP Professional SP3)

To view the list of services that are running in Svchost:

• Click Start on the Windows taskbar, and then click Run.
• In the Open box, type CMD, and then press ENTER.
• Type Tasklist /SVC, and then press ENTER.

Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For more information about a process, type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotation marks)

The following example of Tasklist output shows two instances of Svchost.exe that are running.

The registry setting for the two groupings for this example are as follows:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost

• Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc 

• RApcss :Reg_Multi_SZ: RpcSs

To view which services are currently running under svchost.exe (windows-vista and windows 7)

• Open Task Manager by right-clicking the taskbar and then clicking Task Manager.
• Click the Processes tab.
• Click Show processes from all users. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
• Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Could svchost.exe be a virus or trojan?
There are viruses that can infect this file and may run as a SVCHOST.EXE service. If you think your computer may be infected with a computer virus that is causing problems with this service, I recommend you update your virus protection program and visit the Microsoft Windows update page instead of attempting to manually fix the problem.

If your antivirus protection software does not detect a virus or other malware your computer is most probably not infected and the svchost.exe file is most probably not a virus.

source:
http://support.microsoft.com/kb/314056
http://windows.microsoft.com/en-US/windows-vista/What-is-svchost-exe