cancel
Showing results for 
Search instead for 
Did you mean: 

Svchost.exe

N/A

Svchost.exe

I am using the free version of Zone Alarm and have just been looking at my firewall logs and have seen that svchost.exe is trying to access the internet and connect to path-cdns01.plus.net with a rating of medium and using UDP protocol. It has shown up several times now and I have some questions.

1. I have looked up the svchost.exe programme and it says ""Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. It manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging."

so far so good, but: "The svchost.exe file is located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm!"

I have run a search and found three files with this name, one in the correct folder, one in C:\WINDOWS\ServicePackFiles\i386 and one in C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989. Does this mean the two outside of the System32 folder are rogues?

2. How would they have got to the system? I previously ran Computer Associates, then Norton 2005 and now AVG anti virus. They have never reported viruses or worms on my system when scanning the system. I also have Spybot which has never reported this as spyware.

3. Should I delete these files?

Answers on the back of a postcard if you would please Cheesy

Cheers

Mark
5 REPLIES
N/A

Svchost.exe Replying Ivan

Hello Mark,

I completely understand your concern I think its legitimate but I DO think your worries are abit unfounded in this case as you've described it. No! the files Svchost.exe in the i386 folder will be a required version of the file related to the service pack, and the other is most likely to be legit too in the software distribution folder this is probably a copy of Svchost.exe that is part of an installer or setup package and again it sounds legit to me. I dont think you have any thing to worry about.

NO! dont delete Svchost.exe NOT a good idea at all. NOT recommended (if you must or if you want to be rid of a file or to disable it, renaming IS a much better option as atleast you can undo the renaming at a later date) TIP I ususally just rename a file something like filename_OLD then I know clearly that the file was disabled deliberately.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
Your Forum Your Voice,Get Involved!
N/A

Svchost.exe

Cheers Ivan. I disabled one of the files temporarily in task manger as it was using 23,100k!! I then found out that all of my internet connectivity had gone down the spout!!

Cheers

Mark
N/A

Svchost.exe more Ivan

Hello Mark,

Humm!! well YES!! thats the problem with Svchost.exe it does run a whole number of DLL files which in turn support specific windows related services.

Svchost.exe does tie the various services running with the deeper level's of programming code which windows requires for some critical or essential services (as you found out the hard way just like me??!! :roll: ).

Yes! the other problematic aspect of having mutiple instances of Svchost.exe running on your system is that MS dont want anyone to muck around with stuff like this unless your a programmer. And its a pain having mutiple Svchost.exe running because its almost impossible to work out what anyone instance of the service is doing.

ie. is Svchost.exe running my internet connection alone or is it busy with shadow copy service making backups's etc. Its impossible to know and thats the bit that I dont like personally.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
Your Forum Your Voice,Get Involved!
deepfatfrier
Grafter
Posts: 99
Registered: 26-09-2007

Svchost.exe

Rofl, this brings back memories... :lol:

Once, my svchost.exe got infected with a virus (dunno how - isn't it in use all the time? :?), and stupid old me thought, "ah, I'll just delete it, it's got backups in \i386 to repair it on the next boot..." - little did I know... :roll:

Eventually managed to delete it (by killing every instance of it in taskmgr and running a never-ending loop on a command prompt running "del svchost.exe").
I realised quite quickly that this was going to be a reinstall job... :twisted:

And the moral of the story is... don't delete svchost.exe!! Tongue
N/A

Scvhost.exe Ivan

Enough Said really !! :lol:

Ivan