How To Identify What Programs Started svchost.exe in Windows

Thanks for the info mate, I have a quite a few svchost.exe instances running, but now I know it's alright.

I think you have failed your mission, you have Vista LOL, sorry, thats low

hello,
Please i have been having the svchost/exe error on my system and it is giving me so much cause for worry, please can u send me the the detail infomation on how i can solve the problem. Thank you as i anticipation your reply. Bye.

I ran this also I use windows XP SP2, and says not recognized. I copy and pasted and am savvy as well.

Thanks! Ran it here as quoted and worked well.

Something is calling SVChost which in turn tries to access the internet. This could be a trojan or something else undesirable, so I want to know what program is calling the SVChost. May be earthlink, who only does my Email these days, but they do weird things to verify if you are "On". Real Player trys to run a constant message board, that I hope I got shut off.

I tried the command line approach above, and it runs. In a flash. Then closes. No time to read what it says. Why doesn't that pane persist?

Is there a better, or alternative way to figure out who is constantly trying to access the internet on my computer? It is asking for server privilege, which I have nearly eliminated by the ZoneAlarm "ask" option, so not much happens, other than it is driving me nuts answering the "ask" panel. I would just flat blacklist, except that there are many valuable uses.

thank you for the command line commands.

Is it possible for a malware program to use svchost.exe?

i have process explorer. and i know i have a yucky trojan/malware problem i have been trying to get rid of unsuccessfully so far. and i have concluded through various malwarebytes anti malware scans and sd fixes etc etc that the file or shellpaths of the 2 rundll32 processes listed are in fact this trojan. ive always been unsure about the svchost.exe processes… but when i looked at the 'properties' of the process, i noticed it named the "parent" of this rundll32 (run a dll as an app) process, which was svchost.exe and in parentheses (916)
and there is a svchost process (916) in my list. i want to kill the process but i want to make sure its not an important process that also handles things my computer cannot function without, despite its infection.
can you tell me if its ok or not to just kill that svc host process its parented by?
im super tired, i hope all that made sense 🙂

also, what happens when you "suspend" a process>?

THANKS!!

I'm running WinXP SP2 Home. When I enter "tasklist….." in a command window, it says " 'tasklist' is not recognized as an internal or external command, operable program or batch file."

If you are comfortable working with the Registry, you can get a good understanding of the description & functions of Svchost.exe at http://support.microsoft.com/kb/314056

Sometimes the red light is on constantly on my PC.
Sometimes when I leave the comp' the red light is on constanly.
If I move the mouse or press a key the red light slows and then flashes slowly.
Recently I managed to open task manager and could see that svchost.exe and wuauclt were busy in processes.
The OS is supposed to be W XP Home, sometimes it is W XP Professional, it depends what I happen to look at regarding info' it has on it.
I was able to put the tasklist etc into command prompt and it gave a list of the svchost.exe.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\home>tasklist /svc /FI "IMAGENAME eq svchost.exe"

Image Name PID Services
========================= ====== =============================================
svchost.exe 700 DcomLaunch, TermService
svchost.exe 780 RpcSs
svchost.exe 848 AudioSrv, BITS, CryptSvc, Dhcp, dmserver,
EventSystem, FastUserSwitchingCompatibility,
helpsvc, HidServ, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
svchost.exe 1116 Dnscache
svchost.exe 1268 LmHosts, SSDPSRV
svchost.exe 1844 WebClient
svchost.exe 2328 stisvc

I was able to select-copy-paste the result as you see it above from the command prompt.
Qs: Why are the numbers different?
Does anyone recognise any malware in amongst the list?

Hello! abgcefa interesting abgcefa site!

I have had it with MS and the malware they call an OS. Switching to Ubuntu and getting Windblows off of my perfectly good Sony Vaio.

Die a horrible death Balmer and Gates.

@Watching The Net:

I have Windows XP Professional SP3 and yet I get the same error as Justin O when I try to use the tasklist command in command prompt. Will look at Process Explorer.

Several times I've killed a sprialing svchost.exe process which was eating up memory which has usually resulted in my sound device subseqently not being recognised by my pc until I reboot. I notice wmprise.exe regularly runs. Have AVG and FIREFOX which I'm aware seem to have conflicts.

Just wanted to point out that the article *is* a failure.

The title is, "how to identify what programs started svchost", and in that, you have failed completely. The most relevant thing that you have to say is,

"It's unknown as to exactly how and why svchost.exe runs in this fashion,…"

I feel deceived and mislead. This does not tell me how to identify what started it, and so brings me no nearer to the solution to my problem.
I'm off to try to find something that actually answers the question that was asked. I'd appreciate it if you changed the title so that future searchers won't be mislead into coming here thinking there are any answers to that question.

@Bagby>
What a turd burglar you are! your post proves you can read, but doesnt prove you can listen.

If "How To Identify What Programs Started svchost.exe in Windows" and
svchost.exe (768) DcomLaunch, PlugPlay, isnt clear enough for you; Then i suggest you buy a mac.

@mariposa:
Try: Malwarebytes, Spybot, rkll, Avira. Read up as much as you can prior to use. They aren't too difficult to use. Also: C Cleaner, Advanced System Care, Iobit.
Whilst one antimalware may find some malware another may find other malware.
It is better if you can have two computers having the info on one whilst doing the job on the other. If you don't have two computers then print the instructions.
It can sometimes take a couple of tries with the above before things are cleared up. It can take a long time as one antimalware is used at a time.
Do the scans overnight, it can take 3 to 4 hours to scan my computer.
There is also chkdsk (checkdisk) which is in XP, part of MS Windows.

There is info' regarding the different types of malware and what they sometimes look like.

Sorry mate,
but I can understand Bagby's frustration.

identifying is something different then ending up with
a variation of names (processes). that's what I came for
and I am left with this:

AudioSrv, BITS, Browser, CryptSuc, Dhcp,
dmseruer, EuentSystem,
FastUserSwitchingCompatibility, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, seclogon, SENS, SharedAccess,
ShellHWDetection, Themes, TrkWks, W32Time,
winmgmt, wscsuc, WZCSUC

one of them recreates the System Volume Information (SVI)
although it was deleted before. System restore is off and no virus
for sure. Unlocker has to kill svchost.exe first before it can delete SVI.
after killing svchost the processes above dissappear from the list.
works sometimes until reboot , sometimes only for minutes.

so where to go from here?

regards
Damian

ps
xp "Run" flashes the list because of its auto exit.
that "tasklist /svc /FI "IMAGENAME eq svchost.exe"
needs to placed in a batch file adding the command "pause'
on a separted line.

well Mike,
and mouse right-click anywhere on the cmd screen
gets you the command line cut and
paste option to avoid typing.

regards
Damian

When i used internet in my computer after some time net connection error.then show a logo "svchost.exe-Application Error.so tel me what is the problem in my computer?

Hi there

I was wondering if you could give me some advice. The svchost.exe running the wuauserv, Schedule, SENS, ShellHDdetection, Themes, Winmgmt,RasMan, AeLookupSvc, gpsvc, LanmanServer, ProfSvc is sending out a lot of data when I am connected to the internet. I stopped the wuauserv in command and its still sending out huge amounts of data. I am viewing this information from TCP view and it gives me the PID of the svchost with the above named dll files running. I can not browse the internet at all because of this. Any ideas why this could be happening?

OH WOW !
I have been frustrated for a long long time because I couldn't tell what was
behind all those SVCHOST.EXE ' s This Is magnificent Information.
THANKS FOR SHARING IT !

Hi. How can I do this on windows xp? tasklist is not recognised in command prompt.

If it ѕtill dоesn't sh᧐w, trʏ the Samsung Kies PC software and update thrоugh your Macintosh orr PC.

Ιf іt stilpl Ԁoesn't sh᧐ѡ, thе only solution іѕ
tÖ… wait.