subject: How to Judge Whether Svchost.exe Is a Virus [print this page] How to Judge Whether Svchost.exe Is a Virus
When the Blaster virus spreads seriously, there is a saying that all files that label "Svchost.exe" are viruses which must be deleted immediately. Such a rumor has frightened all the computer users because every Windows XP user can find out several progresses when they follow the steps to check the Svchost.exe.
Is Svchost.exe really a virus like what people say online?
First let's know how Microsoft describes Svchost.exe. Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions.
Why dose the saying Svchost.exe is a virus produce?
As the service options of the Windows increase, in order to save limited system resources, Microsoft makes a lot of system services into shared model, and what Svchost.exe dose is to be a host of these services. As Svchost.exe can start the service, virus creators then invade and damage the computer in deliberately plan, taking advantage of the feature of Svchost.exe.
How can we distinguish whether Svchost.exe is a normal progress or a virus?
The key assignments of Svchost.exe is at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost", and every key assignment stands for a dependent one. Take Windows XP for example, you can type "cmd" at the Run box and then type "tasklist /svc" at the command line mode. (While "tlist s" applys to Windows 2000) Finally, a service list is showed.
If you have doubt that the computer has been infected by virus, by searching Svchost.exe documents you can find abnormal condition of the Svchost.exe. In general, only a Svchost.exe can be found in the catalog C:WindowsSystem32. Others that appear in other catalog will properly be virus.
In a word, Svchost.exe is not a virus progress but a core progress of system. But for its particularity, viruses try their best to invade it.
