In all the versions of Windows, from XP and up to Windows 10, there is a special service process — svchost.exe. Its full name — Generic Host Process for Win32 Services or, in recent versions of OS, Host Process for Windows Services. From the title it is clear that the main role — is a kind of a universal platform for the implementation of the system different services. For example, Windows Defender, font service, DNS, SSDP, etc.
For this reason, after opening the Task Manager, you may find a few lines of svchost. And this is perfectly normal. Although this flexibility could not pass various virus writers masquerading to this process malicious executable files using it again as a platform for virus.
How to check svchost.exe on viruses?
So, you started computer in one day. You have opened Task Manager and saw that svchost.exe process loads Windows OS on maximum (processor and memory can be loaded up to 100%). What to do and how to identify – is it virus or not? Let’s deal together. To begin with, just open up Task Manager and carefully look at the name of the executable file — svchost.exe. If a Generic Host Process is masked by a virus, it is usually named, though very similar, but still you can see the difference.
The second sign, on which you can recognize the virus — file location. Svchost.exe executable file is located in the system directory:
- C:\Windows\System32 — for 32-bit systems
- C:\Windows\SysWOW64 — for 64-bit systems
If it uses any other folder – it’s a virus.
If svchost.exe is normal but still loads Windows OS
You need to look for the culprit in the services using svchost for their work. Then go to Task Manager, click the right button on «svhost» and select «Go to Service». In the list of services those will be highlighted which use the Generic Host Process Platform.
By turn right click each of them, choose the menu item «Stop» and look at the result. The same can be done through the Windows command prompt. To do this, press the key combination Win + R and enter the command CMD in «Run». Click on «OK». Thus, we will launch the Windows command prompt. Enter the command: tasklist / svc and see which services are using Host Process for their work.
Pay attention to the lines with svchost.exe, which have only one service listed. If there 3 or more services – miss this processes, this are the system services with a probability of 99.99%
Then take turn trying to finish these processes with single command: taskkill / F / PID <ID_PID>
The result should be presented as a message «Success: The process is completed».
