On 4/24/2011 8:54 PM, Antares 531 wrote:
> I frequently get a warning from my Norton security software that
> something is using excess disk activity. When I click on the link that
> it shows it takes me to a file svchost.exe but that is all I can
> figure out. Is this a malware file, or is it a valid part of Windows
> 7? I am running Windows 7 Home Premium SP1 and all seems to be working
> very well. I do notice some slow responses from time to time but I
> think that may be caused by scan disc or some such background
> activity.
As its name implies 'host' svchost.exe hosts other programs running on
the computer. They can be other O/S programs or vendor programs being
hosted by svchost.exe. Svchost.exe can also host malware programs too.
To see what SVChost is hosting, you can use something like Sysinternal's
Process Explorer which is free.
The link talks about Process Explorer and how to use it.
<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
It will tell you where a program is being run from on the HD. If you
highlight a program in the upper pane, it will tell you from what
directory the program is running from on the HD. If you right-click the
line and go to Properties, you can get more information about the
process and what it is hosting.
The lower pane tells you what programs are being hosted by any given
process that is running. You can right-click the line too.
If svchost.exe is not running out of the Windows\system32 directory,
then it's a trojan.
You might not even have malware running and everything is legit for any
given svchost.exe that is executing.
|
Similar Threads
