Thursday, April 10, 2008

Mystery Behind SVCHOST.exe

Often, when I boot my Windows XP-SP2 operating system, the first thing I notice is a huge CPU utilization by a process called as SVCHOST.exe.The process infact almost sucks up my entire CPU percentage.Therefore to gain an insight into what exactly goes on, I thought of dugging up about SVCHOST.exe.

Leo Notenboom says “On Windows XP, 2000, and 2003, SVCHOST is not a virus. On those systems SVCHOST is a required system component. If you happen to successfully delete it, your system will not run. You’ll be much worse off than before.”

The svchost.exe file is located in the folder C:\Windows\System32.

During startup process of Windows, Svchost.exe which is located in the above mentioned folder checks the services portion of the registry in order to construct a list of various services that it needs to load post startup. Its perfectly normal to have multiple instances of Svchost.exe run at the same time. In such a scenario each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

SVCHOST stands for Service Host. By typing “tasklist /svc” at the command prompt ( type without quotes) you can actually see all the copies of svchost and what services they are running.

The most important things to remember about SVCHOST are that it is not a virus (it is SCVHOST that can be treated as a virus but not SVCHOST) and that this program is important for the stable and secure running of your computer and should not be terminated.

To learn more about SVCHOST, please refer to Microsoft Website

No comments: