Menu
Is free
check in
the main  /  Education / How to identify the virus disguised under the SVCHOST system process. SVCHOST process and how to distinguish it from a virus masking for him How to find out if svchost virus

How to reveal the virus disguised under the SVCHOST system process. SVCHOST process and how to distinguish it from a virus masking for him How to find out if svchost virus

Penetrating on the computer, viruses usually try not to advertise their presence, hiding their processes from the eye of the user or masking them for harmless system processes from which gets the most svchost.exe.. And it is quite understandable. Having found a dozen copy of this process in the task manager, users begin to suspect a nonlade, tying svchost.exe. With some problems that may not have any relationship to him. Some newbies are even trying to remove it, which, of course, does not lead to anything good.

So what is this very svchost.exe. And why is it so often duplicated? Firstly, svchost.exe. It is not a virus, although examples of masking of malware under this extremely important and necessary windows needed to work. How to expose the viruses hiding behind them. We will tell a little lower, but for now let me say a few words about the appointment. svchost.exe.. So, this process is also referred to Generic Host Process for Win32 Services Takes the most direct participation in the work of programs, services and services that use dynamic libraries (DLL), which make up a significant part of Windows system files and application programs.

Insofar as svchost.exe. You have to serve many programs and services, to ensure stability, it starts in several copies of which in some cases can achieve several dozen. In general, touch svchost.exe. It is extremely not recommended, but as we have said, viruses can be masked under it. How to recognize them? Let's start with the fact that the real file svchost.exe. Must be in one of these folders:

  • C: / Windows / System32
  • C: / Windows / SYSWOW64
  • C: / WindowsPrefetch
  • C: / Windows / WinsXS / *

Note: Star at the end of the fourth option implies that after a slash, another folder can be located, usually having a long name, which is a set of characters. For rare exception svchost.exe. can meet in the catalogs of some programs, for example, MalwareBytes Anti-Malware.

If this file is located in the root directory of Windows or custom folders, then most likely it is a virus. Showing the selectivity, masking under the system svchost. Malicious files can hide in the most unexpected places. You can use the Process Explorer Task Manager to search for them, detecting processes paths to search by file name MasterSeeker. or similar program.

In addition to location location, close attention should be paid to the file name. Few of novice users pay attention to it, and in vain. At first glance, you can not notice how the files differ from each other svchost.exe. And (in the second is missing "C"). And in the name of the file, Latin letters can be replaced with Cyrillic. It is harder to identify it, as it can be located in the "correct" folder, while seeing the difference in the name will be only Windows, you will also have to check the characters in the name of the code table (externally the same Cyrillic and Latin letters have a different code).

What if they found "wrong" or in the wrong place svchost? To start, send it to scan to VirustotalIf there is something in it, at least one of the fifty antiviruses will give a signal. Real File svchost. Must be flawlessly clean. To remove a raising under svchost. File, read the virus, we use Dr.Web Cureit !, Dr.Web LiveDisk or utility AVZ.. To work B. AVZ. You also need a script.

And here is the script itself. Create a * .txt file and insert it and save the following.

begin.
SearchRotkit (True, True);
SETAVZGUARDSTATUS (TRUE);
QuarantineFile ('full path to malicious file', ");
DELETEFILE ('Full Path to Malicious File');
BC_IMPORTALL;
ExecuteSSClean;
ExecuteWizard ('TSW', 2.3, TRUE);
BC_ACTIVATE;
RebootWindows (True);
end.

In brackets opposite the teams QuarantineFile. and Deletefile. You need to specify the full path to a malicious file. For example: (' C: \\ Windows \\ System \\ SYSHOST.EXE‘,”);

Run AVZ., choose in the menu File, then choose Run script, insert the code of the previously edited script to the opened window (what to do is specified in the script itself) and click the " Run" After rebooting the computer, check whether the malicious file is deleted after which you perform a complete scanning of the system disk by any antiviral and anti-spyware tools.

Svchost.exe is the name of the system process, which is masked by a number of viruses. As a result of this malicious software, the connection to the Internet can be lost or a serious system failure occurs. Therefore, it is important to know how to remove the SVCHOST EXE before the computer will stop working.

Detection

Detect the svchost.exe virus on the computer is quite difficult. The problem is that SVCHOST is a Windows system module with which services are started. Disabling these services can lead to errors and incorrect operation of the system.

The various viruses only assign this name to themselves, hiding among truly useful processes in the Task Manager.

Attention! The fact of the presence of the SVCHOST.EXE process in the "Task Manager" does not speak about the infection of the computer with a virus! Such processes must be launched, since the system cannot correctly work correctly!

But as among the existing processes, identify the malicious, if they have the same name for everyone? You must refer to the "Username" field, where it is indicated who is the initiator of the process startup.

System modules are launched on behalf of "System", "Local Service" or "NetWork Service". If you see that the svchost.exe process is started on behalf of the user, know - before you the virus acting under the cover.

Removal

Unfortunately, a virus masking for a system module can be completely removed only in two ways: a complete reinstalling system or registry cleaner.

Programs that allow you to remove the URL MAL virus, it will not help here. It will not cope with the task of this kind and spyhunter - utility using which you can remove ADS by OFFERSWIZARD.

It makes no sense to reinstall separately: this is an extreme measure when other methods are already triggering and declared invalid.

It is better to immediately move to the registry cleaner, but first you can try to install a more powerful anti-virus package or use your Dr.Web Cureit utility that helps remove Trovi COM and cope with other similar viral applications.

Excellent, if you can do both - to check the system using an antivirus with updated signatures, and then run Dr.Web Cureit and scan hard disk with it.

Do not forget to check the Windows Startup List.

Press Win + R, enter the "msconfig" command and go to the "Auto-loading" tab. Check that there is no SVCHOST EXE in the list of configuration items. When a virus is detected, remove the checkbox from it, and then delete from the list.

If the specified actions did not help, go to the registry cleaner.

Work with registry

Open the system registry using the "Regedit" command. Here you will have to change and delete a number of records, so be patient.

Go for consistently HKEY_LOCAL MACHINE → Software → Microsoft → WINDOWS → CURRETVERSION → RUN. Find the "PowerManager" \u003d "% windir% svchost.exe" key and delete it.

Now you need to delete other records related to the virus. Go to HKLM → Software → Microsoft → Windows NT → CurrentVersion → Winlogon. Find the "userinit" key and check its value. Give it to the form "C: \\ Windows \\ System32 \\ userinit.exe". To do this, click on the key right-click and select "Change".

Use the search feature (Ctrl + F) and find other records with the value of "SVCHOST". Remove them all.

As you can see, with registry entries will have to suffer a little. Therefore, if it is possible - reinstall the system or try to roll back its former state using the control point of the recovery.

Publication date: 07/20/2010

Article Updated 09.12.2011

Symptoms:
Your computer suddenly began to hang and brake the system. At the same time, you have antivirus with the latest antivirus bases. Click Ctrl + Alt + Delete and click on the tab Processes. You will see a list of all processes that go at the moment; At the same time, you will see that some of the processes consumes a lot of computer resources (although you are currently not using any programs). Here you will see a certain process svchost.(Processes with the same name will be several pieces, but you need exactly the one that loads the system under 100%).

Decision:
1) Try, first of all, just restart the computer.
2) If, after rebooting, this process continues to load the system, then click the right key to the process and, in the list that opens, select Complete the tree processes. Then restart the computer.
3) If the first two ways did not help you, go to the folder Windows and find a folder there Prefetch. (C: \\ Windows \\ Prefetch). Delete this folder ( delete exactly the folder Prefetch.; Do not delete the folder itself Windows!!!) Next, follow the second item (i.e., remove the SVCHOST process tree). Restart the computer.

How many processes should besvchost.eXE in the "Processes" tab?
The number of processes with such a name depends on how many services are running via SVCHOST. The number may depend on the version of Windows, the properties of your computer, etc. And therefore, the processes with the name "svchost.exe" can be from 4 (absolute minimum) to infinity. I have on a 4-nuclear computer with Windows 7 (taking into account the running services) in the "Processes" tab costs 12 svchosts.

How to determine which one is a virus?
You can see on the screenshot above that in the "User column" next to each SVCHOST is the name of the source, which launched this very process. In a normal form, System, or "Network Service", or "Local Service", will be written next to SVCHOST. Viruses start themselves on behalf of "User" (may be written "User" or "Administrator").

What is, in general, the processsvchost.eXE?
If we talk like a simple language, then the SVCHOST process is an accelerator of the launch and operation of services and services. Svchosts are launched through the system process Services.exe

What will happen if I press on "complete the process tree", accidentally complete the system processsvchost, not the virus itself?
Nothing terrible will not happen. The system will give you an error and restart the computer. After rebooting, everything will fall into place.

What viruses are disguised undersvchost.eXE?
According to Kaspersky Lab under svchost.exe, viruses are masked: virus.win32.hidrag.d, trojan-clicker.win32.delf.cn, net-worm.win32.welchia.a
By unconfirmed data, some versions of Trojan.carberp also masked under svchost.exe

How do these viruses work?
These viruses without your knowledge go to special servers, whenever you download anything dangerous, or send information to the server (namely your passwords, logs, etc.)

Processsvchost.eXE ships the system, but in the "User" column writtensystem. What it is?
Most likely - this means that some service or service works hard. Wait a little, and this process will stop shipping the system. Or will not cease ... There are some viruses (for example: conficker) that use real svchosts to spoil your system. These are very dangerous viruses, and therefore you should check your computer with antivirus (and better than several at once). For example, you can download DrWeb Cureit - it will find such viruses and delete.

Why do you need to complete the process of processes and delete the folderPrefetch?
If you complete the process of the processes of your hovering system, svchost, then the computer is easy to reboot. And when starting, when the virus once again tries to start, then the antivirus (which must be installed at mandatory) will immediately detect and remove it. Although there are many modifications. For example, the source of such a virus can be located in the Prefetch folder. This folder is needed to speed up the work of services and services. Its removal will not damage your computer.

I did not help your advice. Processsvchost.eXE continues to ship the system.
First of all, check the computer with antivirus. And even better, check the computer with several antiviruses.
I can also advise you to clean the System Volume Information folder. This folder contains recovery points for your computer. Viruses prescribe themselves in this folder, as the system does not allow the antivirus to delete anything from this folder. But it is unlikely to use you. I have not yet heard about such modifications of viruses that would give out yourself for svchost.exe and were in the System Volume Information folder.

If you have any questions, I will be happy to answer them.


Latest Tips for section "Computers & Internet":

Council comments:

Many thanks! Everything is clear and without water. All extra processes disappeared. Thank you!

Windows6.1-KB3102810 x86 (x64) - for 7, who has a lot of an update.

In short Disk defragment, SVCHOST no longer arises. All the problem is solved.

I redote everything, and the update center turned off, and the prefetch removed, and the process of processes completed, nothing helps, still svchost loads percentage of 30%.

Ilya, thank you very much! Help! Did everything as written. Only I have an automatic update on XP. After turning off the autorun only I managed to stop the service, as this process was gone, and the load of the CPU was sleeping. Who is XP or updates are not important - I recommend this method.

Ivan, thank you so much for the comment) helped. Forbidden access and everything is normal. Before that, nothing helped!

Demolished the prefetch folder but after rebooting it appears again as well as the problem with the RAM.

win XP solved the problem simply - via the system update disabling. Probably minor thus unobtrusively push users to leave XP and 7.

Rustam, it is clearly written in the article that this is the folder not for system files (which are in the Windows folder). Here is a quote from the article "It does not damage it to your computer." Read the article attentively, Cykablyat!

I looked into the svchost folder, but only the root folders of all programs running on the computer came out there. When removing it could have a catastrophe, and Miantly: the complete shutdown of all life-supporting programs, which would ultimately lead to what the computer would have stopped working after a reboot, and I had to reinstall Windows. So, I did not dare to delete the entire host folder . I will look for other solving problems. And for those who think that the disconnection of the update solves the problem, I will say: I did it once, so the virus that got into the computer, devoured all the motherboard and stopped working hard. In fact, he launches a laptop, but immediately hangs, and does not respond even on Ctrl-Alt-del. And on the start button and turn off the computer. You have to remove the battery ... Since then, the laptop on pensions ... No workshop is taken to repair it. Nonsense some kind .....

demolished this folder - helped. Thank you!

who will help with svchot? My Data for Communication Vaitsap VIber +7 999 171 60 74 Skype West00073 I will be grateful. tested comp all possible ways does not help

who can help this slander simply urged it all. Are there any specials who can solve this question?

All specified in the article ways did not help me, I decided to read the comments and most often it was said that it was not a virus and update and I turned off these updates and everything went

thank you !! Snown folder. corrected;)

I apologize, hemp. Other processes in SESTEM32

And if the process that loads the CPU is not like all the other SVCHOST in Win32, but in the AppDataRoaming?

thank you, deleted the folder and all the rules.

I was helped by the Council with Comments, from the novel 08/30/2016, it was the second (optional) method, through administration!

aTP everything has fallen into place!

Can I contact you on Skype?

System file SVCHOST often becomes a target for hacker attacks. Moreover, the viruses will mask their malware under his program "appearance". One of the most vivid representatives of the viruses of the "Lia-Svchost" category - Win32.hllp.neshta (Dr.Web classification).

This impostor copies himself to the Windows directory, infects files with the extension "EXE" and takes system resources (RAM, Internet traffic). However, it is capable of other nastiness. Infection cases are known when viral SVCHOST loads a computer RAM by 98-100%, disables the Internet channel, disrupts the functioning of the local network.

SVSHOST files are kind and evil, or who is who

All complexity of neutralization of this type of viruses is that there is a risk of damaging / deleting a trusted Windows file with an identical name. And without it, the OS will not work, it will have to reinstall. Therefore, before proceeding with the cleaning procedure, you will get acquainted with the special signs of the trusted file and the "stranger".

True process

Manages system functions that run from dynamic libraries (.dll): Checks and loads them. Listens to the network ports, transmits data on them. In fact, the Windows service application is actually. Located in the directory with: → Windows → System 32. The versions of the XP / 7/8 versions in 76% of cases have a size of 20, 992 bytes. But there are other options. More information with them can be found on the recognized resource filecheck.ru/process/svchost.exe.html (link - "Another 29 options").

It has the following digital signatures (in the Task Manager "Users" column):

  • System;
  • LOCAL SERVICE;
  • NETWORK SERVICE.

Hacker fake

May be in the following directories:

  • C: \\ Windows
  • C: \\ My Documents
  • C: \\ Program Files
  • C: \\ Windows \\ System32 \\ Drivers
  • C: \\ Program Files \\ COMMON Files
  • C: \\ Program Files
  • C: \\ My Documents

In addition to alternative directory, hackers, almost identical, similar to the system, names, names are used as a masking of the virus.

For example:

  • svch0st (digit "zero" instead of the Litera "O");
  • sVRHOST (instead of "C" letter "R");
  • sVHOST (no "C").

Versions of the "free interpretation" name countless. Therefore, it is necessary to exercise increased attention when analyzing the existing processes.

Attention! The virus can have another extension (different from EXE). For example, "COM" (Neshta virus).

So, knowing the enemy (virus!) In the face, you can safely begin to destroy it.

Method number 1: Cleaning Comodo Cleaning Essentials utility

Cleaning Essentials - anti-virus scanner. Used as an alternative software for cleaning the system. It includes two utilities for detecting and monitoring Windows objects (files and registry keys).

Where to download and how to install?

1. Open in the browser Comodo.com (the official site of the manufacturer).

Tip! Distribution utility is better downloaded on a "healthy" computer (if there is such an opportunity), and then run from a USB flash drive or CD.

2. On the main page, Mouse over the SMALL & Medium Business section. In the submenu that opens, select Comodo Cleaning Essentials.

3. In the boot unit, in the drop-down menu, select the discharge of your OS (32 or 64 BIT).

Tip! The bitmap can be found through the system menu: Open the "Start" → Enter the "System Information" in the string → Click on the utility with the same name in the "Programs" list → View "Type" string.

4. Click the "Freamed" button. Wait for the download to complete.

5. Unpack the downloaded archive: Right-click on the file → "Extract everything ...".

6. Open the unpacked folder and click 2 times the left button on the CCE file.

How to set up and clean the OS?

1. Select Custom Scan mode (selective scan).

2. Wait a little while the utility updates its signature databases.

3. In the scan settings window, check the box in front of the S. disk as well as check all additional elements ("Memory", "Critical Areas ..", etc.).

4. Click "Scan".

5. Upon completion of the inspection, allow an antivirus to remove the found virus-impostor and other dangerous objects.

Note. In addition to Comodo Cleaning Essentials, other similar antivirus utilities can be used to treat PCs. For example, Dr. Web Cureit!.

Auxiliary utilities

The Cleaning Essentials package package includes two auxiliary tools designed to monitor the real-time system and detecting malware manually. They can be used if the virus fails to be neutralized during the automatic check.

The application for quick and convenient work with registry keys, files, services and services. Autorun Analyzer determines the location of the selected object, if necessary, can delete or copy it.

To automatically search for svchost.exe files in the "File" section, select "Find" and set the file name. Analyze the processes found, guided by the properties described above (see "Hacker Fake"). If necessary, remove suspicious objects through the context menu of the utility.

Monitor running processes, network connections, physical memory and load on the CPU. To "catch" a fake SVCHOST using Killswitch, follow these steps:

  1. On the System tab, open the Processes section.
  2. Analyze all SVCHOST activated processes:
    • right click on the file;
    • select "Properties";
    • look at its current directory. If it is different from C: \\ Windows \\ System32 \\, most likely that the object being studied is a virus.

In case of detection of malware:

  1. Additional view in its field Count "Evaluation" (Safe - Safe) and Signature.
  2. If these properties also do not correspond to the characteristics of a trusted system file, activate the context menu (click right-click). And then successively run the "Suspend" and "Delete" functions.
  3. Continue checking, perhaps the virus has created and launched its copies. From them, too, necessarily need to get rid of!

Method number 2: Using system functions

Checking startup

  1. Click "Start".
  2. Dial in the MSCONFIG search line and press "ENTER".
  3. In the "System Configuration" window, go to the "Autavar" tab.
  4. View commands (Column "Command"), starting elements when you start Windows, and their location (directories, registry keys in the location column):
    • All directives containing SVCHOST disable (remove the click of the checkbox near the recording). This is a 100% virus. The system process with the same name is never written in autoload.
    • Open the Galfire Directory (indicated in the "Location") and delete it. To neutralize the key in the registry, use the regular editor REGEDIT: "Win + R" → Regedit → Enter.

Analysis of active processes

  1. Press "Ctrl + Alt + Del".
  2. Click on the Processes tab.
  3. Check the properties of all active SVCHOST (name, extension, size, location). When analyzing, focus on the fileCheck.ru service and the characteristics shown in this article.

Right with the name of the image. In the menu, select "Properties".

In case of virus detection:

  • in the properties of the object, find out its location (copy or remember);
  • click "Complete Process";
  • go to the Galfire Directory and delete it using a standard function (click right-click → Delete).

If it is difficult to determine: trusted or virus?

Sometimes it is definitely difficult to say whether Svchost is a real or fake. In such a situation, it is recommended to conduct additional detection on the free online scanner "Virustotal". This service for checking the object for viruses uses 50-55 antiviruses.

  1. Open in the browser Virustotal.com.
  2. Click "Select File".
  3. In Windows Explorer, open the process directory you want to check, select it with click, and then click Open.
  4. To start scanning, click "Check!". The file will boot from PC to the service and automatically start scanning.
  5. Check out the results of the inspection. If most antiviruses detect an object as a virus, it must be deleted.

The problem with the "computer" computer is probably familiar to everyone without exception. As a rule, viruses are accused of this, poorly written programs, as well as banal overheating. From time to time the guilty is svchost.exe. What is this process, and why is it going on? Let's try to figure it out!

Virus or not?

First, many are immediately amented panic. Seeing Svchost in the "Task Manager", they immediately suggest that a cunning virus has passed into the computer. It immediately sets the newest antivirus (and better two), after which the computer is checked several times. If the user was such a risk that he installed two or three protective applications at once, then the system is guaranteed.

Immediately warn you: this is not a virus, and therefore do not throw to remove svchost.exe! What is this process then?

Overview of the application

This is the name of a very important component responsible for the launch of dynamic system libraries (DLL). Accordingly, it depends on it to Explorer (Explorer) of Windows itself and not one thousand third-party applications. This applies to games that actively use these libraries through DirectX.

It is located at this address:% Systemroot% \\ System32. Reading the registry entry with each download, the application generates a list of those services that must be running. It should be noted that several copies of svchost.exe can be launched at a time (which is the process, you already know). It is important that each process may well contain its services group. This is done to maximize the comfort of controlling the operation of the system, as well as to simplify debugging in the event of any problems.

All groups that are currently included in this process can be found in the following registry sections:

  • HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ WindowsNT \\ CurrentVersion \\ Svchost;
  • HKEY_LOCAL_MACHINE \\ SYSTEM \\ CURRENTCONTROLSET \\ SERVICES \\ Service.

All parameters that are available in these sections are visible as separate instances of svchost.exe (what it is, we have already told).

In each section of the registry that relates to them, there is a parameter of the form: REG_MULTI_SZ. It has the names of all services available as part of a specific SVCHOST group. Each of them is contained by name one or more services, in the description of which there is a SERVICEDLL key.

This is what the svchost.exe file.

How to check the processes associated with svchost?

To see all the services that are currently related to this process, you need to make some simple things.

  • Click on "Start", then find the "Run" command in this menu.
  • Enter there then click on ENTER.
  • After that, copy and paste the following expression in the command line emulator that opens: Tasklist / SVC. Repeat the Enter key again.
  • The list of all processes will be displayed as a list. Attention! Be sure to enter the / SVC key parameter, as it displays exactly active services. To obtain advanced specific service information, use the following command: Tasklist / Fi "PID EQ Identifier_Process" (with quotes).

If there are problems

It often happens that after entering the commands, the computer displays something nephessable, sort of: "The team cannot be recognized." Do not hurry to introduce it again.

As a rule, this happens due to the fact that you are working from under the account, the rights of which are simply insufficient to fulfill this kind of action. It does not matter, the administrator you have an account or not. To correct the situation, the command line mode emulator should be run in several other way.

To do this, click on the "Start" button, after which you enter the CMD in the Search field. On the right side of the menu, the list with the found files opens. Click on the first of them (with the corresponding name) right mouse button, after which you select the "Run from the administrator" item in the context menu that appears.

So we gave you basic information. Now let's figure it out with those malicious programs that can be masked for a harmless system application.

How to separate the grains from the challenge?

Look carefully in the process name: it should be written as svchost! Some trojans are very common, which are masked by svhost. If you see something similar in your "Task Manager", then in this case, in fact, it is time to completely scan the system for the presence of malicious applications.

Especially "advanced" viruses and trojans can still mask, having exactly the same name as the true process is. But even them can be distinguished from 100%, paying attention to the most characteristic signs. Let's look them.

First, the real system process never (!) Does not start on behalf of an ordinary user. Its start can be initiated by System, Local Service, as well as Network Service. Much more importantly, it does not start (!) When starting the system tools for autoload. Accordingly, in the list of programs that start simultaneously with the system, in no case should be svchost.exe. What is this process in this case?

If you see something like that, then the reason is one - the virus.

Checking the startup

Do not know how to do it? Everything is very simple! First click on the Start button, click the left mouse button on the "Run" field. Then you enter the msconfig command there. A list of all started when starting the applications to be carefully viewed.

If there are many svchost.exe processes (or even one), you will definitely have to think how to withdraw from your computer.

What to do when a "spy" is detected?

As we have already spoken, in this case the wisdom of everything is scanned by a powerful antivirus program. But before that it will not prevent a number of simple actions, with which you can finally block the virus every opportunity to harm you. In general, the svchost.exe virus in recent years has spread widely on the runet. As a rule, under the larger of the usual system process, malicious programs are valid, specializing in the stealing of personal data of users.

First, in the "Location File" line, find what specifically the folder is the virus file. Having highlight it in the list of the left mouse button, click on the "Disable" button. Click on "OK", after which go to the directory with the search file and delete it. Everything. You can scan antivirus.

The process is very much loading the processor. What is what happens and what to do?

So we returned to the beginning of our article. Remember that sometimes due to svchost.exe (what is this process, we explained in detail in detail) the computer begins to slow down and "hang"? What is this happening? And how can you overcome this phenomenon without reinstalling the system?

The simplest way

There is a fairly simple and effective recommendation that helps in many cases. Open the "Task Manager", look for the SVCHOST process, then click on it right mouse button and choose "priority / low". It should be noted that it is necessary to do so with each process of the same name that is in the "Task Manager".

Once again we remind: If you see a svchost.exe file (what it is, you already know), in no case do not rush to remove it, suspecting the virus!

Windows Update

Often, on Windows XP, the problem with almost 100% and SVCHOST is called that the update service incorrectly works. On some computer resources, this phenomenon found an explanation.

The case is in the incorrect update checking mechanism. Considering the number of corrections that have published for this system, a small error in the memory distribution has become a serious problem: the computer not only works slowly, but also you can search for "patches" by days, alternately depending on this.

How to disable the problem service?

To temporarily disable Windows Update, go to the "Control Panel", find the "System and Security" item. It is there that is the desired "Windows Update Center", in which we are interested in the "Enable and Disable Auto Update" item. We set the checkbox opposite the item "Do not check the availability of updates". Click on OK and reboot the machine.

If, after that, everything is fine, and the processor is not in the "killed" state most of the time, then the culprit of all problems really was the update service. In the event that the problem continues to be observed and then return Windows Update to its original state, after which we continue to search for the culprit of all misfortunes.

Internet Observer

However, do not hurry. In many cases, Internet Explorer is to blame. Remember how at the very beginning of the article we discussed the importance of svchost for the "conductor"? But the Internet Observer is an important part of the Windows File Manager of the Windows family.

Problems with it very often begin in the case when the IE version is very obsolete. For example, in Microsoft itself, it has not yet been recommended to use Windows XP with the sixth version of Internet Explorer.

Accordingly, in this case it is simple enough. Use the Windows Update above mentioned above. Download and install all the latest updates for your version of the operating system, install the new version of IE. It is possible that this measure will help you.

Games

Jump, after trying to start what applications the processor is overloaded. In addition, you must be alarmed by the messages "svchost.exe application error", which are almost 100% indicator that some third-party application is guilty in the inadequate behavior.

Most often this program is the game downloaded by her happy owner with some "left" site. Those who brought modifications in the program code, removing protection from it, rarely test their creation for full compatibility with some systems, their DLL libraries and other. So there is nothing to be surprised in this case.

"Bat"

In rare cases, the owners of the postal program The Bat of old versions are facing, which for one or another people continue to enjoy a lot of people. Try to delete the application. After that, put the new version of the utility, then look at the behavior of the computer.

Drivers

Very often, when transferring the system to another disk after some serious errors in the file system, as well as after a viral attack, users face the OS, which completely depended due to SVCHOST. EXE. "How to remove this malicious process?" - Study users think.

Recommended: Deleting this file will lead to the most severe consequences and the complete inoperability of the system, so that before extreme measures it is better to read our next advice.

There is information that the svchost.exe process, the error of which spoils so much nerves to users, may incorrectly work due to the incorrectly installed or "curves" of the drivers. It often turns out that the reason is the programs for video cards and sound boards. Drivers are complex and unpredictable for them, so if possible, remove them, and then set the most recent (or most stable) versions.

Windows Defender

The owners of Windows Vista / 7 should pay attention to the Windows Defender program, which is included in the standard set of operating system data. It serves to prevent malicious programs from entering the system, but sometimes it does not behave any better.

Problems arise if the installed third-party antiviral software because of something does not deactivate the "Defender". This is especially true for all ESET NOD products, which in the recent past were extremely popular with many domestic users.

To correct the situation that occurred, click on the "Start" button, go to the "Control Panel" button, after which it will find "Defender" in it. In its main window there is an item "Run checking in idle state". Uncheck the checkbox from it, click OK. In some cases, this measure is useful.

We hope you learned that for the program svchost.exe. We talked in detail about its purpose, as well as about the methods of eliminating problems with her. As a rule, the troubleshooting methods we have operated. You only need exact following the instructions posted in the article.

In addition, it does not prevent the system in time.