The problem with a “hanging” computer is probably familiar to everyone without exception. As a rule, viruses, poorly written programs, and also banal overheating are blamed for this. From time to time, svchost.exe is guilty. What kind of process is this, and why is this happening? Let's try to figure it out!
Virus or not?
Firstly, many immediately panic. Seeing svchost in the "Task Manager", they immediately assume that an insidious virus has crept into the computer. The latest antivirus (or better two) is installed immediately, after which the computer is checked several times. If the user was so zealous that he installed two or three security applications at once, then the system is guaranteed to crash.
We warn you right away: this is not a virus, and therefore do not rush to delete svchost.exe! What is this process then?
Application Overview
This is the name of a very important component responsible for running dynamic system libraries (DLLs). Accordingly, it depends on both Explorer (Explorer) of Windows itself, and not one thousand third-party applications. This is especially true for games that actively use these libraries through DirectX.
It is located at this address:% SystemRoot% \ System32. Reading the registry entries at each boot, the application forms a list of those services that should be running. It should be noted that several copies of svchost.exe can be launched at a time (what kind of process you already know). The important thing is that each instance of this process may well contain its own group of services. This is done to maximize the comfort of monitoring the operation of the system, as well as to simplify debugging in the event of any problems.
All groups that are currently part of this process can be found in the following registry keys:
- HKEY_LOCAL_MACHINE \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ Svchost;
- HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Service.
All parameters that are available in these sections are visible as separate instances of svchost.exe (we already told what it is).
Each registry key that applies to them has a parameter of the form: REG_MULTI_SZ. It contains the names of all services available as part of a specific Svchost group. Each of them contains the name of one or more services, the description of which contains the ServiceDLL key.
This is what svchost.exe is.
How to check processes related to svchost?
To see all the services that are currently associated with this process, you need to do a few simple things.
- Click on "Start", and then find the "Run" command in this menu.
- Type in the CMD command, then press ENTER.
- After that, copy and paste the following expression in the opened command line emulator: Tasklist / SVC. Use the ENTER key again.
- A list of all processes will be displayed in a list. Attention! Be sure to enter the / SVC switch as it displays the active services. To get advanced information about a specific service, use the following command: Tasklist / FI "PID eq process_identifier" (together with quotation marks).
If you have problems
It often happens that after entering commands, the computer displays something unintelligible, such as: "The command cannot be recognized." Take your time to re-enter it.
As a rule, this happens due to the fact that you are working from an account whose rights are simply not enough to perform this kind of action. It does not matter if you have an administrator account or not. To correct the situation, the command line mode emulator should be launched in a slightly different way.
To do this, click on the "Start" button, and then enter CMD in the "Search" field. In the right part of the menu, a list with the found files will open. We click on the first of them (with the corresponding name) with the right mouse button, and then select the item “Run as administrator” in the context menu that appears.
So we have given you the basic information. Now, let's deal with those malicious programs that can disguise themselves as harmless system applications.
How to separate the grain from the chaff?
Take a close look at the process name: it should be spelled as sVChost! Some Trojans that masquerade as sVHost are very common. If you see something like this in your “task manager”, then in this case it’s really time to completely scan the system for malicious applications.
Especially "advanced" viruses and trojans can nevertheless masterfully disguise themselves, having exactly the same name as the true process has. But even they can be distinguished with 100% probability, paying attention to the most characteristic signs. Let's take them apart.
Firstly, a real system process never (!) Starts on behalf of a regular user. Its start can be initiated by SYSTEM, LOCAL SERVICE, as well as NETWORK SERVICE. More importantly, it does not start (!) When the system starts with startup tools. Accordingly, in the list of programs that start simultaneously with the system, in no case should there be svchost.exe. What is this process in this case?
If you see something like this, then there is only one reason - the virus.
Check autoload
Not sure how to do this? Everything is very simple! First, click on the "Start" button, left-click on the "Run" field. Then enter the MSConfig command there. A list of all applications launched at startup will open, which you need to carefully review.
If there are many svchost.exe processes (or even one), then you definitely have to think about how to get the malware out of your computer.
What to do when a spy is detected?
As we already said, in this case it is most reasonable to scan the OS with a powerful antivirus program. But before that, it doesn’t hurt to perform a number of simple actions with which you can completely block the virus from any possibility of harming you. In general, the svchost.exe virus has spread widely over the Runet in recent years. As a rule, malicious programs that specialize in stealing users' personal data operate under the guise of a normal system process.
Firstly, in the “File location” line, find in which specific folder the virus file is located. Having selected it in the list with the left mouse button, click on the “Disable” button. Click on "OK", then go to the directory with the file you are looking for and delete it. All. Can be scanned by antivirus.
The process loads the processor heavily. What is happening and what to do?
So we are back to the beginning of our article. Remember that sometimes because of svchost.exe (what kind of process is this, we have already explained in detail) the computer starts to slow down and “hang”? What is this happening for? And how can this phenomenon be overcome without reinstalling the system?
Simplest way
There is a fairly simple and effective recommendation that helps in many cases. Open the "Task Manager", look for the svchost process there, then right-click on it and select "Priority / Low." It should be noted that this must be done with every process of the same name that is in the "Task Manager".
We remind you once again: if you see the svchost.exe file (what it is, you already know), in no case take the time to delete it, suspecting a virus in it!
Windows Update Service
Often, on Windows XP, the problem with almost 100% processor utilization and svchost is caused by the update service not working correctly. On some computer resources, this phenomenon has been explained.
The point is the incorrect update check mechanism. Considering the number of corrections that came out for this system, a small error in the memory allocation turned into a serious problem: the computer not only works slowly, but you can also look for “patches” for days on end, depending on this.
How to disconnect a problem service?
To temporarily disable Windows Update, go to the "Control Panel" and look for the item "System and Security". This is where the desired “Windows Update” is located, in which we are interested in the item “Turn automatic updates on and off”. We put a check mark next to the item "Do not check for updates." Click on OK and reboot the machine.
If after that everything is fine, and the processor is not in a "killed" state most of the time, then the update service was the culprit of all the problems. In the event that the problem continues to be observed and after that, return Windows Update to its original state, after which we continue to look for the culprit of all the misfortunes.
Internet Browser
However, take your time. In many cases, Internet Explorer is to blame. Remember how at the very beginning of the article we discussed the importance of svchost for Explorer? But "Internet Browser" is an important component of the file manager of the Windows family of OS.
Problems with it very often begin when the version of IE is very outdated. For example, Microsoft itself for a very long time did not recommend using Windows XP with the sixth version of Internet Explorer.
Accordingly, in this case, solving the problem is quite simple. Use the Windows Update service mentioned above. Download and install all the latest updates for your version of the operating system, install the new version of IE. It is possible that this measure will help you.
Games
Observe after trying to launch which applications the processor is overloaded. In addition, you should be warned by the “svchost.exe application error” messages, which are almost a 100% indicator that some third-party application is to blame for the inappropriate behavior of the system.
Most often, this program is a game downloaded by its happy owner from some “left” site. Those who made modifications to the program code, removing protection from it, rarely test their creation for full compatibility with some systems, their DLLs, and more. So there is nothing to be surprised in this case.
"Bat"
In rare cases, owners of The Bat mail program of old versions face this problem, which for one reason or another many people continue to use. Try uninstalling the application. After that, install the latest version of the utility, after which again look at the behavior of the computer.
Drivers
Very often, when transferring the system to another disk after some serious errors in the file system, as well as after a virus attack, users encounter an OS that completely hangs due to svchost. exe. "How to remove this malicious process?" - Beginners think.
We’ll warn you once again: deleting this file will lead to grave consequences and a complete inoperability of the system, so it’s better to read our next tip before extreme measures.
There is evidence that the svchost.exe process, whose error spoils so many nerves for users, may not work correctly due to improperly installed or “crooked” drivers. It often turns out that the reason is the program for video cards and sound cards. Drivers for them are complex and unpredictable, so remove them if possible, and then install the latest (or most stable) versions.
Windows Defender
Windows Vista / 7 owners should pay attention to the Windows Defender program, which is included in the standard package of delivery of these operating systems. It serves to prevent malware from entering the system, but sometimes it behaves no better.
Problems arise if the installed third-party antivirus software does not deactivate Defender due to something. This is especially true for all Eset Nod products, which in the recent past have been extremely popular among many domestic users.
To fix the situation, click on the "Start" button, go to the "Control Panel", and then find the "Defender" in it. In its main window there is an item “Run scan in idle state”. Uncheck it, click OK. In some cases, this measure is useful.
We hope you find out what svchost.exe is. We talked in detail about its purpose, as well as about methods for resolving problems with it. As a rule, the troubleshooting methods given by us work. You only need to strictly follow the instructions laid out in the article.
In addition, it does not hurt to update the system on time.