Svchost.exe and How To Deal With It Right

Mysterious Svchost.exe file wonders users all over the world. I’d like to shed light on it and explain, when this file is good and must-have and when it is malicious and must-kill.

Have a lot of svchost.exe instances in process list and don’t know how to deal with them?

Your in the right place. I’ll tell you here.

There a lot of speculations about this file. But what is truth?

Is it a virus? Or is it a Microsoft’s conspiracy?

What is Svchost file in my processes after all?

Svchost.exe file in your processes (also known as Generic Host Process for Win32 Services) is a legal and important Windows component existing on every computer. Its main purpose is to to host services that can’t load on their own like those from dynamic-link libraries (DLLs).

You can even see several Svchost files in your processes running simultaniously. In most cases you should not worry if you see five or six or even more copies of svchost.exe in the list of running processes because they host different services.

But can Svchost.exe be malicious?

Unfortunately, yes…

There are several known spyware and trojans that pretend to be legal Svchost.exe. They usually have the same name or one of the following names: svchost.exe, svchosts.exe (which often causes svchosts.exe page faults), Generic.exe, svcchost.exe and several others.

Q: How I can find if my Svchost.exe file is malicious or not?

A: First of all, legal svchost.exe should reside in WindowsSystem32 folder and should not appear in startup list. But even if you have no Svchost files other than in your System32 folder and you autorun list is clear, you can’t say for sure that you do not have malicious Svchost.exe file.

Use anti spyware scanners to find out if you have malicious svchost.exe file or a legal one!

I see this error message: “Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

And how to solve all other problems related to Svchost and unrelated to malware?

There are several problems connected with Generic Host Process which are unrelated to spyware or trojans or viruses. These problems include error messages like this:

“Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.”

or like this:

“svchost.exe — application error the instruction at “0x745f2780” reference memory at “0x00000000″. the memory could not be ‘read’”

If you encountered one of these error messages, here you will find how to get rid of them.

The are several possible reasons of this error message. (If you don’t care of reasons and want to skip to solutions, scroll to next block of this page)

Reason 1: You have one these worms in your system: CashToolbar Downloader-MY, System1060, CoolWebSearch Svchost32, ADCLICK-AG, ADCLICK-AX, ADUYO-A, AGENT-V, AGOBOT-KL, AUTOTROJ-C and some others. Download solution for this reason here.

Reason 2: Some legal DLL used legal copy of Svchost.exe to run itself at Windows startup. This illegal DLL crashed and caused crash of the whole Svchost.exe service or the whole system.

Reason 3: You used Online Update feature and new update was download from Microsoft’s web service which contains errorneous verison of Windows Installer or double-byte character set (DBCS) characters support (only occures in Microsoft Windows XP Service Pack 2 (SP2)).

Reason 4: You installed old printer or scanner drivers from Hewlett-Packard which are incompatible with the current version of Svchost.exe

There are two complex solution for all reasons mentioned above.

One is easy – get Svchost Fix Wizard which will solve all automatically. Just write to Security Stronghold’s support team. Ask them to send you Svchost Fix Wizard which will solve everything automatically.

Another way is to try solve all these manually. I recommend this only if you know what you are doing because incorrect actions may cause even more serious problems than you have now.

Below I included manual solution algorithm.

How to get rid of error messages manually?

To completely solve “Generic Host Process for Win32 Services” problem you should:

1) Scan your PC for the following viruses: CashToolbar Downloader-MY, System1060, CoolWebSearch Svchost32, ADCLICK-AG, ADCLICK-AX, ADUYO-A, AGENT-V, AGOBOT-KL, AUTOTROJ-C

2) Go to Windows Automatic Updates properties (right-click on My Computer, then click on Properties and switch to Automatic Updates tab)

3) Choose “Turn Off Automatic Updates”, click OK and reboot your PC

4) Manually update Windows using “Windows Update” shortcut in the start menu

5) Turn automatic updates on

6) If your problem is not solved on this step, uninstall old Hewlett-Packard printer and scanner drivers (if any) and download new drivers from the manufactures web site

7) If your problem is not solved on this step, use the following command to show all svchost.exe instances and associated services or libraries:

tasklist /svc /fi “imagename eq svchost.exe”

Then search for each of services and libraries shown in that list in the Internet to find out whether the entry is malicious or not. In case you find malicious entry, use msconfig.exe utility to disable the appropriate service entry.

This is long but effective way of Generic Host Process or svchosts.exe repair.

If you are not sure which files and registry keys to delete, write to Security Stronghold’s support team and they’ll send you their Svchost Fix Wizard.

Why I address to their Fix Wizard? They helped me to solve the same problem one day… I hope they’ll help you as well.