Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this:
(source)
Svchost.exe is a generic host process name for services that are run from
dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32
folder. At startup, Svchost.exe checks the services portion of the registry to
construct a list of services that it needs to load. There can be multiple
instances of Svchost.exe running at the same time. Each Svchost.exe session can
contain a grouping of services, so that separate services can be run depending
on how and where Svchost.exe is started. This allows for better control and
debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're
running Windows XP Home edition then you'll have to download this file
HERE
and put it in your windows/system32 directory. If you're running XP Pro then you
won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's
an example of what I got when I issued this command if you'd like to take a look
at an example.
A Description of Svchost.exe in Windows XP:
http://support.microsoft.com/?kbid=314056
Virus Precaution:
The original file from Microsoft gets placed in the Located in
C:WINDOWSSystem32 directory. If you find it anywhere else then you should be
suspicious for sure.
You'll want to keep an eye on
this google search for any known viruses.