Svchost.exe - what is this process and why does it sometimes load the system?

The problem with the "hanging" computer is probably familiar to everyone without exception. As a rule, blame for this viruses, poorly written programs, as well as banal overheating. From time to time, svchost.exe is guilty. What kind of process is this, and why is this happening? Let's try to figure it out!

The virus or not?

First, many immediately panic. Having seen svchost in the "Task Manager", they immediately assume that a cunning virus was crawling into the computer. Immediately installed the latest antivirus (and preferably two), after which the computer is checked several times. If the user was so critical that he installed two or three security applications at once, then the system is guaranteed to fall.

Immediately warn: it's not a virus, so do not rush to remove svchost.exe! What is this process then?

General information about the application

This is the name of a very important component responsible for running dynamic system libraries (DLLs). Accordingly, it depends on both Explorer (Explorer) itself Windows, and not one thousand third-party applications. Especially this applies to games that actively use these libraries through DirectX.

It is located at the following address:% SystemRoot% \ System32. By reading the registry entries for each download, the application generates a list of the services that should be started. It should be noted that several copies of svchost.exe can be run at a time (what kind of process is it, you already know). The important thing is that each instance of this process may well contain its own group of services. This is done for the maximum comfort of controlling the operation of the system, as well as for simplifying debugging in the event of any problems.

All the groups that are currently part of this process can be found in the following registry keys:

• HKEY_LOCAL_MACHINE \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ Svchost;
• HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Service.

All the parameters that are available in these sections are visible as separate instances of svchost.exe (what it is, we have already told).

In each registry key that refers to them, there is a parameter of the form: REG_MULTI_SZ. It contains the names of all the services available in a particular Svchost group. Each of them contains the name of one or more services, in the description of which there is a ServiceDLL key.

This is the file svchost.exe.

How to check the processes associated with Svchost?

To see all the services that are currently associated with this process, you need to do some simple things.

• Click on "Start", then find the "Run" command in this menu.
• Enter the CMD command there , then press ENTER.
• After that, copy and paste the following expression into the opened command line emulator: Tasklist / SVC. Press ENTER again.
• A list of all processes will be displayed in the form of a list. Attention! Be sure to enter the / SVC key parameter, since it displays the active services. To get extended information about a particular service, use the following command: Tasklist / FI "PID eq process identifier" (together with quotes).

If you have any problems

Very often it happens that after the introduction of commands the computer displays something that is not comprehensible, like: "The command can not be recognized". Do not rush to re-enter it.

Typically, this happens because you are working from an account whose rights are simply not enough to perform such actions. It does not matter if you have an administrator account or not. To correct the situation, the command-line mode emulator should be started in a slightly different way.

To do this, click on the "Start" button, and then enter the CMD in the "Search" field. In the right part of the menu, a list with the found files will open. Click the right mouse button on the first one (with the appropriate name), then select "Run as administrator" in the context menu that appears.

So we gave you the basic information. Now let's deal with those malicious programs that can masquerade as a harmless system application.

How to separate the wheat from the chaff?

Look carefully at the process name: it should be written as sVChost! Very common are some Trojans that masquerade as sVHost. If you see something similar in your "task manager", then in this case it's really time to completely scan the system for malicious applications.

Especially "advanced" viruses and Trojans can nevertheless skillfully mask themselves, having exactly the same name as the true process has. But even they can be identified with 100% probability, paying attention to the most characteristic signs. Let's analyze them.

First, the real system process never (!) Starts on behalf of the regular user. Its start can be initiated by SYSTEM, LOCAL SERVICE, and NETWORK SERVICE. More importantly, it does not start (!) When the system starts with the means of autoloading. Accordingly, in the list of programs that start simultaneously with the system, in no case should there be svchost.exe. What is this process in this case?

If you see something like that, then the only reason is the virus.

Checking Auto Backup

Do not know how to do this? Everything is very simple! First, click on the "Start" button, click the "Run" field in the left mouse button. Then enter the MSConfig command there. A list of all applications launched at startup will open, which you should carefully review.

If there are many svchost.exe processes (or even one), then you definitely have to think about how to remove malicious programs from your computer.

What should I do if I find a spy?

As we already said, in this case it is reasonable to scan the OS with a powerful antivirus program. But before that, it does not hurt to perform a number of simple actions, with which you can completely block the virus any opportunity to harm you. In general, svchost.exe-virus in recent years has spread widely across the Runet. As a rule, under the guise of the usual system process, malicious programs that specialize in stealing user personal data operate.

First, in the "File Location" line, find the folder in which the virus file is located. Select it in the list with the left mouse button, click on the "Disconnect" button. Click on "OK", then go to the directory with the desired file and delete it. All. You can scan with antivirus software.

The process heavily loads the processor. Because of what is happening and what to do?

So we went back to the beginning of our article. Remember that sometimes because of svchost.exe (what kind of process is this, we have already explained in detail) the computer starts to slow down and "hang"? Because of what is this happening? And how can you overcome this phenomenon without reinstalling the system?

The simplest method

There is a fairly simple and effective recommendation, which helps in many cases. Open the "Task Manager", search for the svchost process, then right-click on it and select "Priority / Low". It should be noted that it is necessary to do this with every process of the same name, which is in the "Task Manager".

Again, if you see the file svchost.exe (what it is, you already know), in no case take the time to delete it, suspecting it is a virus!

Windows Update Service

Often on Windows XP, the problem with almost 100% CPU utilization and svchost is caused by the fact that the update service does not work correctly. On some computer resources, this phenomenon was explained.

The point is in the incorrect mechanism for checking for updates. Given the number of patches issued for this system, a small error in the allocation of memory has become a serious problem: the computer not only works slowly, but you can also search for the "patch" for days, alternately hanging up.

How to disable the problem service?

To temporarily disable Windows Update, go to the "Control Panel", find the "System and Security" item there. This is where the required "Windows Update" is located, in which we are interested in the item "Enabling and disabling automatic updates". Check the box next to "Do not check for updates". Click on OK and reboot the machine.

If everything is fine after that, and the processor is not in the "killed" state most of the time, then the update service was indeed the culprit of all the problems. In the event that the problem continues to be observed and after that, we return Windows Update to its original state, after which we continue to search for the culprit of all the misfortunes.

Internet Browser

However, do not rush. In many cases, Internet Explorer is at fault. Do you remember how at the very beginning of the article we discussed the importance of svchost for "Explorer"? But the "Internet Explorer" is an important part of the file manager for the Windows operating system.

Problems with it very often start when the version of IE is very old. For example, in Microsoft itself for a long time did not recommend to use Windows XP with the sixth version of Internet Explorer.

Accordingly, in this case, the problem is solved simply enough. Use the Windows Update service mentioned above. Download and install all the latest updates for your version of the operating system, install a new version of IE. It is possible that this measure will help you.

Games

Observe, after trying to run which applications the processor is overloaded. In addition, you should be alarmed by messages "svchost.exe application error", which are almost 100% indicator that in the inadequate behavior of the system, some third-party application is to blame.

Most often this program is a game downloaded by its lucky owner from some "left" site. Those who made modifications to the program code, removing protection from it, rarely test their creation for full compatibility with some systems, their DLL-libraries and others. So there is nothing to be surprised in this case.

"Bat"

In rare cases, such a problem is faced by the owners of the mail program The Bat of old versions, which for some reason continue to be used by many people. Try uninstalling the application. After that, install the newest version of the utility, then again look at the behavior of the computer.

Drivers

Very often when the system is transferred to another disk after some serious errors in the file system, and after a virus attack, users are faced with an OS that is completely hung due to svchost. Exe. "How can I remove this malicious process?" - beginners think.

Once again, we will warn you: deleting this file will lead to the hardest consequences and the complete inoperability of the system, so before the last measures, it is better to read our next advice.

There is information that the process svchost.exe, the error of which spoils so many nerves to users, may not work properly due to incorrectly installed or "curve" drivers. Very often it turns out that the reason for this are programs for video cards and sound cards. Drivers for them are complex and unpredictable, so if possible, delete them, and then install the latest (or most stable) versions.

Windows Defender

Owners of Windows Vista / 7 should pay attention to the program "Windows Defender", included in the standard package of these operating systems. It serves to prevent malware from getting into the system, but sometimes it behaves no better.

Problems arise if the installed third-party anti-virus software because of something does not deactivate the "Defender". This is particularly true for all Eset Nod products, which in the recent past have been extremely popular with many domestic users.

To fix the situation, click on the "Start" button, go to "Control Panel", and then look for "Defender" in it. In its main window there is an item "Run the check in idle state". Uncheck it, click OK. In some cases, this measure is useful.

We hope you learned what the svchost.exe program is. We described in detail about its purpose, and also about methods of eliminating problems with it. As a rule, the ways of troubleshooting that we've provided work. You only need to follow the instructions given in the article exactly.

In addition, do not interfere in time to update the system.