What is svchost.exe in the Task Manager

Svchost.exe is one of the important processes when operating Windows. Let's try to figure out what functions is included in its task.

Information about svchost.exe.

Svchost.exe It is possible to see in the task manager (for the transition, press Ctrl + Alt + Del or Ctrl + SHIFT + ESC) in the "Processes" section. If you do not observe elements with a similar name, then click "Display all user processes".

Go to display all user processes in Task Manager

For ease of display, you can click on the name of the "Image Name" field. All data on the list will be built alphabetically. Svchost.exe processes can function a lot: from one and theoretically to infinity. And the almost number of active processes acting simultaneously is limited by the parameters of the computer, in particular the capacity of the CPU and the size of the RAM.

Functions

Now the circle of tasks of the process is studied. It is responsible for the work of those Windows services that are downloaded from DLL libraries. For them, it is a host process, that is, the main process. Its simultaneous operation for several services significantly saves RAM and time to perform tasks.

We have already found out that svchost.exe processes can function a lot. One is activated when starting OS. The remaining instances launches Services.exe, which is a service manager. It forms blocks from several services and starts separate svchost.exe for each of them. This is the essence of savings: Instead of a separate file for each service, Svchost.exe is activated, which combines a whole group of services, thereby reducing the level of load on the CPU and the PC RAM consumption.

Placement file.

Now let's find out where the svchost.exe file is posted.

The svchost.exe file in the system there is only one, if, of course, its duplicate was not created as a viral agent. Therefore, to find out the location of this object on the hard drive, click the right mouse button in the task manager according to any one from svchost.exe names. In the context list, select "Open File Storage".

Go to the location of the svchost.exe file through the context menu in the Task Manager

A conductor opens in the directory where svchost.exe is located. As you can see from the information in the address bar, the path to this catalog is as follows:
C: \ Windows \ System32

Also in extremely rare cases svchost.exe can lead to folder
C: \ Windows \ Prefetch
or to one of the folders located in the directory
C: \ Windows \ Winsxs

In any other directory, this svchost.exe can not lead.

Why svchost.exe loads the system

Regardless often, users are found with a situation where one of the processes svchost.exe loads the system. That is, it uses a very large amount of RAM, and loading a central processor from the activity of this element exceeds 50%, sometimes reaching almost 100%, which makes it possible to work on a computer almost impossible. This phenomenon may have such main reasons:

Substitution of the process of the virus;
A large number of simultaneously running resource-intensive services;
Failures in OS;
Problems with the update center.

Details about ways to solve these problems are described in a separate material.

Lesson: What to do if svchost loads the processor

Svchost.exe - viral agent

Sometimes svchost.exe In the Task Manager, it turns out to be a viral agent, which, as already mentioned above, loads the system.

The main sign of a viral process, which immediately needs to pay attention to the user's attention is the great spending of system resources of the system, in particular a large workload of the CPU (more than 50%) and RAM. To determine the current or fake svchost.exe loads the computer, activate the task manager.
First, pay attention to the "User" field. In various versions of the OS, it may also be called "username" or "User Name". The following names can only match SVCHOST.EXE:
- Network Service;
- System (System);
- Local Service.
If you notice the name corresponding to the object being studied, with any other name of the user, for example, with the name of the current profile, you can be sure that you are dealing with the virus.

Names of user files svchost.exe in Task Manager

It is also worth checking the location of the file. As we remember, in the overwhelming majority, minus two very rare exceptions, it must correspond to the address:
C: \ Windows \ System32
If you find that the process refers to a directory that is different from those three, about which the conversation was above, then you can confidently talk about the presence of a virus in the system. Especially often the virus is trying to hide in the "Windows" folder. You can learn the location of the files using the conductor in the way that was described above. You can apply another option. Click the name of the item in the Task Manager right-click. In the menu, select "Properties".

The properties window will open in which the "Location" parameter is located in the General tab. Opposite it recorded the path to the file.

There are also situations where the viral file is located in the same directory, where both the authentic, but has a slightly modified name, for example, "svchost32.exe". There are even cases when in order to deceive the user, the attackers instead of the Latin letter "C" in the Trojan file insert the Cyrillic "C" or instead of the letter "o" insert "0" ("zero"). Therefore, you need to pay special attention to the name of the process in the Task Manager or the file, its initiating, in the conductor. This is especially important if you have seen that this object consumes too many system resources.

File with a changed name in Windows Explorer

If concerns were confirmed, and you found out that you deal with the virus. It should be eliminated as quickly as possible. First of all, you need to stop the process, since all further manipulations will be difficult if it is possible, due to the workload of the processor. To do this, click on the viral process in the task manager with the right mouse button. In the list, select "Complete Process".

Go to the SVCHOST.EXE process stop through the context menu in the Task Manager

A small window is launched, where you need to confirm your actions.

Confirmation of the completion of the svchost.exe process

After that, without making reboot, you should scan the computer with an antivirus program. It is best for this purpose to use the Dr.Web Cureit application, as the most well-proven in the fight against the problem of this particular nature.

Computer Scanning Anti-Virus Utility Dr.Web Cureit

If the use of the utility does not help, then the file should be deleted manually. To do this, after the process is completed, we move to the directory of the location of the object, click on it with the right mouse button and select "Delete". If it is necessary, then in the dialog box confirm the intention to remove the item.

If the virus blocks the deletion procedure, then restart the computer and log in in safe mode (SHIFT + F8 or F8 when loading). Perform the file elimination by the above algorithm.

Thus, we found out that svchost.exe is an important Windows system process that is responsible for interaction with the services, thereby reducing the consumption of system resources. But sometimes this process may be a virus. In this case, on the contrary, it squeezes all the juices from the system, which requires an immediate user's response to eliminate the malicious agent. In addition, there are situations where because of various failures or lack of optimization, Svchost.exe itself can be a source of problems.