If you’ve landed on this page via search engine, you are here because you may be wondering why are there so many processes running with the name svchost.exe. Is this a virus? You’ve probably tried to kill them but then discovered that you can’t and you don’t even remember starting them… so what the heck is svchost.exe?
This article is the first in our series of Technology Tools, processes, Programs, etc you may have seen before but may not be so familiar with, hopefully we will be able to dedicate a special section to this on our website by the time we finish restructuring things here, hopefully before the year ends (2012) and we will do justice to some of these processes
What the Heck is svchost.exe and Why is it running?
Introduction
If you go into your task manager, one of the few programs you will always find running is called svchost.exe. You may have some questions about this mysterious application. What is it? Can I close it down to save memory and increase the speed of my computer? This article will help you figure out what svchost.exe is and what it does.
If you go into your task manager, one of the few programs you will always find running is called svchost.exe. You may have some questions about this mysterious application. What is it? Can I close it down to save memory and increase the speed of my computer? This article will help you figure out what svchost.exe is and what it does.
What is svchost.exe?
If you look up Microsoft’s definition of the program, you will see that svchost.exe is a generic host process name for services that run from dynamic-link libraries. Does that make sense? In plain English, svchost.exe is used as a bridge between an executable program and a data file called a .dll. These files are dynamic link libraries, and they contain information common to a number of different executable programs. This saves time and energy for programmers so they do not have to insert the same blocks of code again and again. Unfortunately, executable programs cannot directly read and use the libraries. This is where svchost.exe comes into play. It loads the .dll into a service that is run in the background of Windows. The executable program can obtain information from the service.
If you look up Microsoft’s definition of the program, you will see that svchost.exe is a generic host process name for services that run from dynamic-link libraries. Does that make sense? In plain English, svchost.exe is used as a bridge between an executable program and a data file called a .dll. These files are dynamic link libraries, and they contain information common to a number of different executable programs. This saves time and energy for programmers so they do not have to insert the same blocks of code again and again. Unfortunately, executable programs cannot directly read and use the libraries. This is where svchost.exe comes into play. It loads the .dll into a service that is run in the background of Windows. The executable program can obtain information from the service.
Each group of services gets its own svchost. For example, if you have five different services related to the Windows firewall, they will all be loaded into one svchost executable.
If you are running the old version of Windows (Windows XP) you can identify the services that is running by taking the following steps.
At a command prompt run:
tasklist /svc
The tasklist utility will pop up and show you what processes are running under each svchost.exe, I’m using Windows 7 in this example as I don’t have Windows XP installed
Can This Program Be a Problem?
Typically, you do not want to shut this program down without caution. Many times you will not be able to shut it down from the command line anyway. However, some viruses and other malicious threats can gain administrative access to your task manager and start shutting down vital services. This often manifests itself as a remote procedure call reboot of the system, and it can make it very difficult to deal with the malicious program.
Typically, you do not want to shut this program down without caution. Many times you will not be able to shut it down from the command line anyway. However, some viruses and other malicious threats can gain administrative access to your task manager and start shutting down vital services. This often manifests itself as a remote procedure call reboot of the system, and it can make it very difficult to deal with the malicious program.
Svchost itself is not often the target of modification by malicious code. There are Trojan horses, however, that disguise themselves as svchost. This can be quite difficult to identify since you will often find many different hosts running at the same time. Programs like Hijack This! can help you figure out which among your svchosts is the culprit in this case.
Conclusion
Svchost is a vital program for the way Windows applications are programmed. It is used to create programs that allow for dynamic access into library files. While it can at times be exploited for malicious intent in your machine, svchost is usually nothing to worry about, and more than likely it is not worth the time or risk to dig in and mess with it.
Svchost is a vital program for the way Windows applications are programmed. It is used to create programs that allow for dynamic access into library files. While it can at times be exploited for malicious intent in your machine, svchost is usually nothing to worry about, and more than likely it is not worth the time or risk to dig in and mess with it.
Bookmark & Share
No comments:
Post a Comment