home / Reviews / How to delete svchost exe file. Remove svchost exe virus from Windows system. Video: svchost overloads the processor. solution
09.03.2021

How to delete svchost exe file. Remove svchost exe virus from Windows system. Video: svchost overloads the processor. solution

Almost every PC user has faced the problem of periodic freezing of windows. Most users decided to fix the problem by deleting unnecessary processes through the task manager. After opening the manager and finding a large number of svchost.exe processes, the user starts to panic.

As a result, users decide that a large number of processes are due to system infection. In order not to lose important files, you should delete the malicious svchost. However, not every computer owner knows how to remove svchost exe on Windows 7.

The difficulty of removing virus utilities is due to the fact that they are disguised as a system process, the removal of which can lead to a violation of the stability of the PC and the subsequent need to reinstall Windows. Therefore, before deleting the process and its fundamental, you need to compare the signs of the two files.

The svchost.exe standard process is responsible for some system functions. The file is located in the directory of the disk with the installed Windows OS. A process that runs on Windows can only be signed by SYSTEM, LOCAL SERVICE, or NETWORK SERVICE.

In turn, a fake is most often located in the folders "My Documents", "Programm Files", "Windows". Virus removal experts hint at the versatile storage of the malicious svchost.exe in the windows folder:

  • system;
  • config;
  • inet20000;
  • inetsponsor;
  • sistem;
  • windows;
  • drivers.

In addition to the fact that viruses fill the system area, they have a similar name to the standard process. Therefore, if you find processes that are similar in name, you should check the service that is responsible for starting them. As a rule, the similarity of the virus processes is determined by the following names: svch0st, svchos1, svcchost, svhost, svchosl, svchost32, svchosts, svschost, svcshost, ssvvcchhoosst. The virus has permission (.exe). Resolution (.com) is sometimes encountered.

Removal by standard methods

There are various ways to remove a virus disguised as svchost.exe. The easy way is to remove the main malware that launches the virus. To determine this application, you must also view the properties of svchost.exe in the name of which there is a change. The properties will indicate the service due to which the virus is launched, as well as the exact location.

To remove the virus from windows, in this case, you need to use the "administration" utility. You can select this utility in the "Control Panel". Having opened "Administration" you need to select the "Services" tab.

After looking through the list that appears, you need to find the name of the malicious service and disable its launch in the properties. Then the user has to open the folder where the virus is located and delete it. You can also delete it in another way: you need to stop the process using the task manager, then delete it from the folder.

On a note! Very often a virus is detected by the "System Configuration" check. Opening the msconfig.exe file, select the "Startup" tab. If the name svchost is found in the list, you should remove the ability to run it simultaneously with the system and remove the application that launches it.

Third Party Applications

However, it happens that it is impossible to remove the virus or disable the service. What should the user do in the end and how to remove svchost exe on windows 7. The answer to the question is simple: you need to turn to third-party programs.

Among the programs that actively help windows to fight the malicious svchost.exe are noted:

  • Cleaning Essentials (you can download the application from the official website https://www.comodo.com/);
  • Dr. Web CureIt;
  • Autorun Analyzer;
  • KillSwitch;

In other cases, it is impossible to remove the virus due to the fact that it is impossible to determine where the original file is, and where is a fake. Then a powerful online scanning system on the virustotal.com portal can help the user. On this site, press the "Select file" button. Then, using Windows Explorer, select the suspicious file and run the scan. A passed test will indicate that the file should be deleted.

To prevent the next Windows infection, it is necessary to timely check the operation of the anti-virus program and update the signature database. In addition, the use of a firewall will not be superfluous in protecting your PC.

You can remove the malicious svchost using the AVZ program. The application is downloaded from the Internet in the avz.exe format. After installing the program and running it, you must execute the script. This function is available in the "File" tab. The script is taken from a photo.


Threat name

Executable file name:

Threat type:

Affected OS:

Trojan Svchost

hlhtxo.exe

Spyware / trojan

Win32 (Windows XP, Windows Vista, Windows Seven, Windows 8)



Trojan Svchost intrusion method

Trojan Svchost copies its file (s) to your hard disk. Typical file name hlhtxo.exe... Then it creates startup key in the registry with the name Trojan Svchost and the value hlhtxo.exe... You can also find it in the list of processes named hlhtxo.exe or Trojan Svchost.

If you have further questions regarding Trojan Svchost, please fill in and we will contact you shortly.


Download Removal Tool

Download this program and remove Trojan Svchost and hlhtxo.exe (download of fix will start automatically):

* SpyHunter was developed by US-based company EnigmaSoftware and is able to remove Trojan Svchost-related issues in automatic mode. The program was tested on Windows XP, Windows Vista, Windows 7 and Windows 8.

Functions

The program is able to protect files and settings from malicious code.

The program can fix browser problems and protect browser settings.

Removal is guaranteed - if SpyHunter fails, free support is provided.

Antivirus support 24/7 is included in the package.


Download a utility to remove Trojan Svchost from the Russian company Security Stronghold

If you are not sure which files to delete, use our program Trojan Svchost Removal Tool.. Trojan Svchost Removal Tool will find and completely remove Trojan Svchost and all the problems associated with the Trojan Svchost. Fast, easy, and handy, Trojan Svchost Removal Tool protects your computer against Trojan Svchost threat that does harm to your computer and violates your privacy. Trojan Svchost Removal Tool scans your hard disks and registry and destroys any manifestation of Trojan Svchost. Conventional antivirus software is powerless against malicious programs such as Trojan Svchost. Download antimalware designed specifically to remove threats like Trojan Svchost and hlhtxo.exe (download of fix will start immediately):

Functions

Removes all files created by Trojan Svchost.

Removes all registry entries created by Trojan Svchost.

The program can fix problems with the browser.

Immunizes the system.

Removal is guaranteed - if the utility fails, free support is provided.

Antivirus support 24/7 through the GoToAssist system is included in the package.

Let our support team solve your problem with Trojan Svchost and remove Trojan Svchost right now!

Leave a detailed description of your Trojan Svchost problem in the section. Our support team will contact you and provide you with a step-by-step solution to the problem with Trojan Svchost. Please describe your problem as accurately as possible. This will help us provide you with the most effective Trojan Svchost removal method.

How to remove Trojan Svchost manually

This problem can be resolved manually by deleting the registry keys and files associated with Trojan Svchost, removing it from the startup list and de-registering all associated DLL files. In addition, the missing DLL files must be restored from the OS distribution if they were damaged. Trojan Svchost.

In order to get rid of Trojan Svchost, You need:

1. End the following processes and delete the corresponding files:

A warning: you only need to delete files whose checksums are in the malware list. Your system may have required files with the same names. We recommend using for a safe solution to the problem.

2. Delete the following folders:

3. Delete the following keys and / or registry key values:

A warning: If registry key values ​​are specified, you must delete only the specified values ​​and leave the keys themselves intact. We recommend using for a safe solution to the problem.

4. Reset browser settings

Trojan Svchost can sometimes affect the settings of your browser, for example, change the search and home page. We recommend that you use the free "Reset Browsers" feature in "Tools" in the program to reset all browsers at once. Please note that before doing this you need to delete all files, folders and registry keys belonging to Trojan Svchost. To reset browser settings manually, use these instructions:

For Internet Explorer

    If you are using Windows XP, click Start, and Open... Enter the following in the box Open without quotes and click Enter: "inetcpl.cpl".

    If you are using Windows 7 or Windows Vista, click Start... Enter the following in the box Search without quotes and click Enter: "inetcpl.cpl".

    Select a tab Additionally

    Under Reset Internet Explorer Browser Settings, click Reset... And press Reset again in the window that opens.

    Select the checkbox Delete personal settings to delete history, restore search and home page.

    After Internet Explorer finishes resetting, click Close in the dialog box.

A warning: Reset browser settings v Instruments

For Google Chrome

    Find the Google Chrome installation folder at: C: \ Users \ "username" \ AppData \ Local \ Google \ Chrome \ Application \ User Data.

    In folder User Data, find the file Default and rename it to DefaultBackup.

    Start Google Chrome and a new file will be created Default.

    Google Chrome settings reset

A warning: In case that doesn't work, use the free option Reset browser settings v Instruments in the Spyhunter Remediation Tool.

For Mozilla Firefox

    Open Firefox

    Select from the menu Help > Troubleshooting Information.

    Click the button Reset Firefox.

    After Firefox finishes, it will show a window and create a folder on your desktop. Click on To complete.

A warning: This way you will lose your passwords! We recommend using the free option Reset browser settings v Instruments in the Spyhunter Remediation Tool.

If the computer starts to slow down, first of all, the user opens the Task Manager and looks at which processes are loading the system. This process is often svchost.exe.

Svchost.exe is an auxiliary system service that is used for many tasks. However, its operation can be disrupted by physical damage to the memory chips or errors when loading system update files. Also, viruses can be disguised under svchost.exe. Therefore, by identifying the cause of the excessive loading of the Windows 7 system, you can fix the problem.

Solving the problem if svchost.exe is a system process

If svchost.exe (netsvcs) loads the processor by more than 50%, you should do the following:

  • Open the Task Manager. To do this, right-click on the taskbar and select "Start Task Manager".
  • Go to the "Processes" tab and select svchost.exe from the list, which loads the processor. Click on it with the right mouse button and select "End Process" or use the appropriate button.
  • After that, start the command line with administrator rights and enter the following command "netsh interface ipv6 set teredo disable".


  • Without closing the console, enter "netsh interface teredo set state disable".


  • We reboot the computer.

If svchost.exe (netsvcs) loads RAM, Microsoft recommends that you follow these steps:

  • We run a system scan for viruses.
  • After checking (it is not necessary to perform any actions while scanning the system with an antivirus, as this will load the system even more and the computer will slow down), open the command line and enter "sfc / scannow".


  • If Windows Resource Protection detects corrupted files, you can find out which ones by going to "C: \ Windows \ Logs \ CBS \ CBS.log".



Also, many users managed to solve the problem with booting the system by the svchost.exe (netsvcs) process by disabling automatic system updates. To do this, do the following:

  • Click "Start", "Control Panel" and select "System and Security".


  • Next, select "Windows Update".


  • In the left menu, select "Settings" and set "Do not check for updates (not recommended)".



  • After that press "Win + R" and enter "services.msc".


  • The services window will open. We find "Windows Update". Click on the service with the right mouse button and select "Stop".


  • We reboot the computer.

Solving the problem if svchost.exe is a virus

Before taking any action to solve the problem, it is worth initially determining whether svchost.exe is a virus.

The main signs that a virus is disguised under this process are:

  • The system svchost.exe always goes under the name "System Local Services" or "Network Services".
  • The virus is disguised under the name "Admin" or under the name of a user account.

You can determine this in the "Processes" tab in the Task Manager. However, there are a couple of nuances to consider here.

  • There are at least 4 svchost.exe processes in the Task Manager, or even more.


  • You can identify a virus by name or by completing the process. If it is not a virus, the normal working system will simply reboot. If the virus is, then you need to delete the "Prefetch" folder, which is located on the C drive in the "Windows" folder.


  • After we reboot the system and start checking the PC for viruses using a curing utility or antivirus.

Also, to determine whether it is a virus or not, perform a clean system startup. Thus, the culprit of the problem can be identified.

So, today we have to deal with a very interesting computer process. It is called Svchost.exe netsvcs. It is this point that causes concern and alarm among many users. After all, over time, it begins to load the operating system. Sometimes 50 or 100% at once. And, as a rule, it becomes simply impossible to work. Today we will learn what Svchost.exe netsvcs is, and what to do if this process takes a lot of system resources from the computer. Mainly - memory. Let's get down to exploring today's issue.

Description

But first you need to understand what it is all about. Initially, all computer processes are not dangerous. But only for the time being. They perform specific functions. These safe processes include Svchost.exe netsvcs.

Initially, this is the name of the processor hosts that are dynamically started using the link libraries. In other words, this item is responsible for the computer libraries. More precisely, for their launch and performance. Of course, the more libraries there are, the more resources are needed. But there is a limit to everything. So, over time, many users begin to notice that Svchost.exe netsvcs is running out of memory. Windows 7 is an unrivaled leader in this regard. What to do in this situation?

Reboot

The first scenario is a banal computer restart. It is very important if you have not turned off the operating system for a long time. In this case, your memory will be filled not only with Svchost.exe netsvcs, but also with other functions that are important for work. Also, maybe you just had a minor system crash. It does not pose a threat to data, but a weighty imprint is imposed on the performance of the computer and its memory.

It is in this situation that the most common reboot will help. The system will restart completely and you should be able to work normally. So many users are struggling with the problem. But it helps only in the listed cases. If the problem that Svchost.exe netsvcs loads Windows 7 memory lies in another, then the approach to eliminate the "hotbed" needs a different one. Which one?

Deleting

For example, you can simply restart the process. More precisely, remove it from the task manager, and then it will start again. This technique helps when the usual reboot or turned out to be useless. The reasons can be different - from a system failure to incorrectly installed content. But the fact remains - Svchost.exe netsvcs needs to be removed from the list of performed tasks.

Press Ctrl + Alt + Del on your keyboard. Now open the Task Manager and then go to the Processes tab. Then find the line you want. Ready? Then select it (left-click on the line), and then select the "Finish" command. You will be given a message about the irreversibility of the process. Agree with him, and then confirm your actions. Our process will disappear for a while and then start. If this did not happen for some reason, then it is worth restarting your computer. With the advent of the process, it will be noticeable how everything fell into place. Now the computer memory will not be fully loaded. But there are other cases as well. They are not eliminated as easily as we would like.

Registry

For example, if you often notice that Svchost.exe netsvcs overloads the processor and memory, then you should consult your computer's registry. Often, problems with this moment arise for users who do not monitor their operating system. For example, they do not clear the system registry. In this case, you can be glad that only one process fails. But everyone can fix the situation. And there is no need to experience special torment here.

Download yourself and install an app called CCleaner. Run it, and then configure - in the scan, mark all hard disk partitions, browsers, as well as the computer registry. Now, on the right side of the window, click on "Analysis", then on "Cleanup". Wait a few seconds - the computer registry will be cleared. As a result, the Svchost.exe netsvcs process will no longer load the system. In addition, you will have free space on your hard drive. True, cases where our process brings a lot of trouble due to the computer registry are quite rare. Often you have to fix the problem in other ways.

Updates

For example, sometimes you have to refuse to update your computer. Svchost.exe netsvcs memory and processor often overflows due to loading add-ons. They must be discarded. The surest way not to run into unnecessary troubles is to disable downloading and checking for updates even during the installation of Windows. If you haven't done this, then it's time to think about this task.

For example, visit the "Center right in the computer tray. Now go to the settings. You will see a window in which the update options will be available. It would be best to select" Do not check automatically. "This item is marked with a label" not recommended. "But in our case it is he who can help.

After confirming the actions, restart your computer and disable the Svchost.exe netsvcs process. Now you can check if everything is good with the memory and processor. Yes? Then update the operating system only in cases No? It is worth looking for other ways to deal with the problem.

Rollback

Sometimes it can help True, this option is relevant when the process loads your computer for a short time. In order to perform this action, go to "Start" and select "All Programs" there. Find "Special" and then "Service". In this list, you will have to find "System Restore".

Read the information in the window that appears. For example, you will have to take into account that this process is irreversible. And you cannot interrupt it. Agree with the information and then choose what is called a rollback point. By default, they are created automatically from time to time. Click "Next" and then wait for the process to finish. During this period, the computer will reboot itself several times. Do not be alarmed, it should be so.

The rollback will complete after approximately 30 minutes. And you will no longer load the processor and memory of Svchost.exe. It is worth agreeing to this action only if you are fully confident that the system as a whole is working normally. Otherwise, your rollback may be critical for your computer.

Viruses

True, problems with processes are often the result of infection of the operating system with various viruses. In this case, you will have to permanently cure the computer. This is the only way to improve the performance of the system. Please note that under Svchost.exe, a computer infection is very often encrypted. It runs as a user, not System.

You will need to scan your computer with an antivirus and cure everything. Delete that which has not been cured. Now clean your computer's registry (CCleaner will help you with this) and reboot. That's all the problems are solved. Only now, a complete reinstallation of the computer is often needed. Only in this case can we hope to eliminate all problems.

At one's own risk

However, if the real problem is Svchost.exe netsvcs (Windows 7 most often has problems with it), but you are not very happy with the prospect of reinstalling the system, you can try to act at your own risk. You will need to delete the folder called Prefetch. It is located in Windows.

Next, visit the Tasks folder. All documents should be cleared in it. Next, get rid of Svchost.exe. You can restart your computer and see the result. This is a very risky business. And often you still need to reinstall Windows after that. So it's best not to try to deal with the problem in this way.

Computer problems associated with a lack of RAM have been, remain, and most likely in the near future they will also be relevant for most ordinary users. However, in our case, we will consider a specific situation: "Svchost loads Windows 7 memory", the solution of which can be used in a number of other cases when the OS is in need of RAM resources.

Today we will look at:

Briefly about the Svchost process

The ending "host" speaks for itself (translated from English it means "host receiving guests"). This process is a kind of container for system services, which use one or another dynamic Windows library, which in turn allows you to optimize the system processes of the OS itself. You can find a more detailed explanation of such a concept as "host" ... Now, let's turn to the practical part of our story.

Waste of RAM: does this really happen?

There is little point in using a clean OS that has a very meager software arsenal. However, even those who are used to being content with the standard set of built-in Windows tools and do not know that electronics needs systematic preventive maintenance, there will inevitably come a moment when system resources run out and the OS turns into a kind of "turtle" burdened by various "digital garbage".

In the case when the user believes that the physical volume of his RAM is "immense", that is, it more than fits into the system requirements of the version of Windows used, he is mistaken, to put it mildly! Since even 32 GB of RAM will not save the OS from the brakes, which the user himself initiates with his inept actions, ignoring the main question " ».

However, let's get back to the essence of our story, namely, let's talk about what should be done when you suddenly discovered an "insatiable eater" of RAM in the form of the process "Svchost.exe", which, among other things, has the same name "ASSISTANTS" albeit with less "Obvious appetite" in the Task Manager window?

Process monitoring: analysis of indicators and the right decision

As mentioned above, the "Svchost.exe" process can be used by various Windows services. Therefore, do not be surprised if you see several processes of the same name in the “Processes” column. When using the Internet and simultaneously using several resource-intensive programs, this fact is the norm.

A deviation can only be considered a mismatch in the name of the process we are describing (viruses are often disguised as "Svchost.exe", supplementing the process name with various symbols, or, on the contrary, abbreviating the "symbolic original"). Also, a cause for concern is the entry of a "fake path" (location, directory of the executable file must match the value: windows \ system32). Draw your attention on whose behalf the process was started. If "Svchost.exe" is not started by the system, then the time to sound the alarm is a virus (for more details, read )!

We deal with the list of services that "burden memory" in vain

Everything is simple here, you can disable system services only when you understand what a particular Windows service is responsible for. Otherwise, your OS is at risk of crashing. Therefore, before you deactivate the executive program element (which seemed to you to be "superfluous") - think about what a frivolous attempt to "remember" release can lead to. At the same time, it is known for certain that the process of updating the Windows operating system is one of the most "voracious RAM eaters."

You can disable the update service using the following recommendations:

  • In the search box of the "Start" menu, write the command "services.msc".


  • Next, find the item "Windows Update" in the list provided.


  • Click on the above item twice with the left mouse button.
  • In the "Startup type" block, use the "Disabled" option, then - "Stop".


  • Complete the changes by pressing the "Apply" - "OK" keys.

Otherwise, you should adhere to the following scenario of actions:

  • To identify the "Svchost.exe" processes that are consuming memory and CPU resources, press the keyboard shortcut "CTRL + ALT + Delete".
  • Activate the Start Task Manager button.
  • Next, click on the "Processes" tab.
  • Check the box "Display processes of all users".

  • Select the "memory-consuming" process and use the right mouse button to call the context menu, from which you should select the last item "Go to services".
  • In the next window, all services using this process will be highlighted - click on the "Services" button and carefully study the annotation block of their purpose.

Services are deactivated in the same way (see the above section). However, remember that disabling some critical services may result in partial or complete inoperability of the OS.

Summing up

As you've probably already seen, everything is pretty simple to resolve. Nevertheless, in the process of finding and eliminating the cause of "lack of RAM", and we considered the option "wasted RAM resources", before disabling any service, it is still worth studying in detail the question: "What could be the consequences?" All the best to you and only correct decisions to optimize your OS!

Today we will try to deal with one rather interesting computer process called Svchost.exe netsvcs. This item quite often causes alarm and concern among many users. Over time, this process begins to actively load the operating system.


Sometimes this process loads the system by 50 or even 100 percent. As a rule, it is completely impossible to work in such a situation. Today we will look at what the Svchost.exe netsvcs process is, and also learn what to do if this process takes system resources from the computer, namely memory. Let's start considering this issue.

Description

First you need to figure out what it is all about. All computer processes are not dangerous by themselves. But this is until a certain time. Processes perform different functions. Svchost.exe netsvcs also belongs to safe processes. Also originally called processor hosts, which are dynamically started using libraries.

In other words, this item is responsible for the computer libraries, or more precisely, for their performance and launch. Of course, the more libraries there are, the more system resources are required. However, there is a limit to everything. Over time, many users begin to notice that the Svchost.exe netsvcs process is consuming memory. In this case, the unsurpassed leader is the operating system Windows 7. What to do in such cases?

The first scenario in this case is a simple reboot. This is especially true if you have not turned off the operating system for a long time. In this case, your memory can be filled not only with Svchost.exe netsvcs, but also with other important functions for work. It is also quite possible that your computer just experienced a system crash. It does not pose a particular danger to data, but it can seriously affect the performance of your computer and its memory.

In such a situation, a regular restart of the computer can be very helpful. This will result in a complete system restart. After that, you should be able to work normally again. Many users prefer to use this method. However, it only works in the listed cases. If the problem with the memory load by the Svchost.exe netsvcs process is different, you need a different approach to fix this problem.

Deleting

You can try restarting the process, or more precisely, deleting it from the task manager, and then starting it up again. This technique helps when shutting down the computer or a simple restart are useless. The reasons can be completely different - ranging from a system failure and ending with incorrect installation of programs. But Svchost.exe netsvcs still needs to be removed from the list of running tasks. To do this, simply press the Alt + Ctrl + Del combination on the keyboard.

Now open Task Manager and go to the Processes tab. Here you need to select the required process and click the "Finish" command. After that, a message about the irreversibility of this process will be displayed. You will need to agree with him and confirm the operation. The process will disappear for a while, and then it will start again. If for some reason this does not happen, you will need to restart your computer. With the advent of this process, you will notice that everything has fallen into place. The computer memory will no longer be fully loaded. However, there are other situations in which it is not so easy to fix the problem.

Registry

If you notice that the Svchost.exe netsvcs process is consuming memory and CPU frequently, you should consult the registry. At this point, problems often arise for those users who do not pay due attention to the operating system, for example, do not clear the system registry in time. In this case, it’s surprising if you only fail one process. Correcting this situation is quite simple. And you will not have to experience any special torment. Just download an application called CCleaner to your computer.

Run the program and configure it. It is necessary to mark in the item "Scanning" all partitions of the hard disk, browsers, as well as the system registry of the computer. Then, in the right part of the window, you must click on the "Analysis" button. When the analysis is complete, click on the "Cleanup" button. After that, you will need to wait a while until the computer's registry is cleared. As a result, the Svchost.exe netsvcs process will no longer load the system. You will also free up disk space. True, situations where the Svchost.exe netsvcs process gets in trouble due to the system registry are quite rare. Usually the problem has to be fixed in other ways.

Updates

In some cases, you have to refuse updates. Often Svchost.exe netsvcs is CPU and memory overhead due to add-ons being loaded. It is better to refuse them. The fastest way not to run into trouble is to disable downloading and checking for updates when installing the operating system. If you haven't done this before, now is the time to think about this task. To do this, you can visit "Windows Update" in the computer tray. Go to the parameter setting item.

A window will open listing the upgrade options. Better to select the option "Do not check automatically." This item is usually labeled “not recommended”. However, in this case, it is this point that can help. When you confirm these steps, restart your computer and disable Svchost.exe netsvcs. After that, check if everything is ok with the processor and memory. If so, then system updates should only be installed when absolutely necessary. If this action does not help, you will have to look for other ways to combat this problem.

Rollback

Sometimes a rollback of the system can help to cope with this problem. However, this option will only be effective if the process does not load your computer for a very long time. To perform an action, you need to go to the "Start" menu and select "All Programs" there. Next, you need to select "Special", and then "Service". In the list that opens, you must find the item "System Restore". Read the information that will be presented in the window that appears. Please note that this process is irreversible. Moreover, it cannot be interrupted.

Accept the suggested action and select a rollback point. They are created automatically by default from time to time. After that, you need to click on the "Next" button and wait for the completion of this process. During this time, the computer will reboot several times. Do not be afraid of this. The rollback will complete after about half an hour. After that, the Svchost.exe netsvcs process will no longer load the computer's processor and memory. It is better to take this action only if you are absolutely sure that the system as a whole is working normally. Otherwise, the rollback execution may end abominably.

Virus activity

Sometimes problems with processes can be associated with the manifestation of viral activity. In this case, you will have to treat the computer with anti-virus programs. Only this will help to improve the performance of the system. Also, it should be borne in mind that an infection is often hidden under Svchost.exe netsvcs. It is launched not from System, but from the user's behalf. To deal with this problem, it is recommended to use antivirus software. It is better to remove those objects that cannot be treated. After that, you can clean up the system registry and restart your computer.

This should fix the problem. However, a complete rearrangement is often required. Only in this case can you guarantee the complete elimination of all problems. If Svchost.exe netsvcs becomes a real problem, but you are not very happy with the reinstallation option, there is another method you can try. Try deleting the Prefetch folder. It is usually located in the Windows folder. After that, find the Tasks folder. It is necessary to clear all documents in it. After that, get rid of Svchost.exe netsvcs in Task Manager. That's all, you can restart your computer and check what happened.

The unstable operation of the computer's operating system, accompanied by failures, various kinds of errors, maximum CPU and RAM load, and, as a result, a general decline in PC performance, can be caused by many reasons. First of all, the presence of viruses must undoubtedly be attributed to them. But there are others, such as the Svchost system service, which often loads the memory and processor of a PC by 50, or even 100%, thereby reducing its performance to a minimum. It is about this service that will be discussed in this article. Here we will look at where the Svchost.exe file is located and what to do to revive the computer when it loads the system to the maximum.

What is this Svchost.exe process?

In Windows XP and later modifications of this operating system, a process such as svchost.exe appeared. Initially, it denoted network connections, but then a number of other functions were assigned to it, and in Windows 7 this process became necessary to start other system services. So it was given some versatility.

You can find out where svchost.exe is hiding if you open the task manager and check the box next to "Display processes of all users." You will see a whole tree of svchost.exe processes.

The problem is that it often loads the system heavily, namely, it loads the computer's memory and processor, sometimes by 50, and sometimes by 100 percent, this becomes a critical moment for the normal operation of old laptops and PCs. What could cause this to happen?

  1. The svchost.exe virus. More precisely, it is a malicious file disguised as a system process and is difficult to detect, even if the processor is heavily loaded.
  2. Updates failing. Especially if they are loaded automatically and contain some bugs.
  3. The Windows 7 event log file is overloaded with various entries. It records all the actions that you have ever performed with the system. Can you imagine how many records can accumulate there if you have used a PC, for example, for 5 years?
  4. Physical damage to the hard drive. Not the most common reason, but it should not be ruled out.

How to fix the problem

After these steps, your computer should start to run faster. The conclusions are as follows: do not enable automatic downloading of updates, check the operation of the PC after disabling the most resource-intensive svchost process, clear the "Prefetch" folder and the event log. Pay attention on whose behalf the process is running. If the user has the name of your PC in the field, it quite means that it is time to clean the computer from viruses.

If the computer starts to slow down, first of all, the user opens the Task Manager and looks at which processes are loading the system. This process is often svchost.exe. Svchost.exe is ...

The svchost system file is quite often the target of hacker attacks. Moreover, virus writers disguise their malware as its software "appearance". One of the brightest representatives of the "fake-svchost" viruses is Win32.HLLP.Neshta (Dr.Web classification).

This "impostor" copies itself to the Windows directory, infects files with the "exe" extension and takes system resources (RAM, Internet traffic). However, he is capable of other nasty things. There are known cases of infection when the viral svchost loads the computer's RAM by 98-100%, disconnects the Internet channel, and disrupts the functioning of the local network.

Svсhost files - good and bad, or who is who

The whole difficulty of neutralizing viruses of this type is that there is a risk of damaging / deleting a trusted Windows file with an identical name. And without it, the OS will not work, it will have to be reinstalled. Therefore, before proceeding with the cleaning procedure, let us familiarize ourselves with the special features of a trusted file and an "outsider".

True process

Manages system functions that are run from dynamic link libraries (.DLL): checks and loads them. Listens to network ports, transmits data through them. It is actually a Windows service application. It is located in the C: → Windows → System 32 directory. In XP / 7/8 OS versions, in 76% of cases it has a size of 20.992 bytes. But there are other options as well. More details can be found on the filecheck.ru/process/svchost.exe.html recognition resource (link - "29 more options").

Has the following digital signatures (in the task manager, the "Users" column):

  • SYSTEM;
  • LOCAL SERVICE;
  • NETWORK SERVICE.

Hacker fake

It can be located in the following directories:

  • C: \ Windows
  • C: \ My Documents
  • C: \ Program Files
  • C: \ Windows \ System32 \ drivers
  • C: \ Program Files \ Common Files
  • C: \ Program Files
  • C: \ My Documents

In addition to alternative directories, hackers use almost identical names, similar to the system process, as a disguise for the virus.

For example:

  • svch0st (the number "zero" instead of the letter "o");
  • svrhost (instead of "c" the letter "r");
  • svhost (no "c").

There are countless versions of the “free interpretation” of the name. Therefore, it is necessary to show increased attention when analyzing existing processes.

Attention! The virus may have a different extension (other than exe). For example, "com" (Neshta virus).

So, knowing the enemy (virus!) In person, you can safely proceed to its destruction.

Method # 1: Cleaning with Comodo Cleaning Essentials

Cleaning Essentials is an antivirus scanner. Used as an alternative system cleaning software. It comes with two utilities for detecting and monitoring Windows objects (files and registry keys).

Where to download and how to install?

1. Open comodo.com (manufacturer's official website) in your browser.

Advice! It is better to download the distribution kit of the utility on a "healthy" computer (if possible), and then run it from a USB flash drive or CD-disk.

2. On the home page, hover over the Small & Medium Business section. In the submenu that opens, select the Comodo Cleaning Essentials program.

3. In the boot block, in the drop-down menu, select the bitness of your OS (32 or 64 bit).

Advice! The bit depth can be found through the system menu: open “Start” → enter “System Information” into the line → click on the utility with the same name in the “Programs” list → look at the “Type” line.

4. Click the "Free Download" button. Wait for the download to complete.

5. Unpack the downloaded archive: right-click on the file → "Extract all ...".

6. Open the unpacked folder and double-click the left button on the "CCE" file.

How to set up and clean your OS?

1. Select the "Custom scan" mode.

2. Wait a little while the utility updates its signature bases.

3. In the scan settings window, check the box next to drive C. And also enable the check of all additional elements ("Memory", "Critical Areas ..", etc.).

4. Click "Scan".

5. Upon completion of the scan, allow the anti-virus to remove the found imposter virus and other dangerous objects.

Note. In addition to Comodo Cleaning Essentials, you can use other similar antivirus utilities to clean your PC. For example, Dr. Web CureIt !.

Helper utilities

The Cleaning Essentials package includes two auxiliary tools for real-time system monitoring and manual malware detection. They can be used if the virus cannot be neutralized during the automatic scan process.

Application for quick and easy work with registry keys, files, services and services. Autorun Analyzer determines the location of the selected object, if necessary, it can delete or copy it.

To automatically search for svchost.exe files, in the "File" section, select "Find" and specify a file name. Analyze the found processes, guided by the properties described above (see "Hacker forgery"). If necessary, remove suspicious objects using the utility's context menu.

Monitors running processes, network connections, physical memory and CPU load. To catch a fake svchost using KillSwitch, follow these steps:

  1. On the System tab, open the Processes section.
  2. Analyze all activated svchost processes:
    • right-click on the file;
    • select "Properties";
    • look at its current directory. If it is different from C: \ Windows \ system32 \, it is most likely that the object under investigation is a virus.

If malware is detected:

  1. Additionally, look in its field for the column "Assessment" (safe - safe) and the signature.
  2. If these properties also do not correspond to the characteristics of the trusted system file, activate the context menu again (right-click). And then run the "Pause" and "Delete" functions in sequence.
  3. Continue checking, the virus may have created and launched copies of itself. It is also imperative to get rid of them!

Method number 2: using system functions

Autoload check

  1. Click "Start".
  2. Type msconfig in the search box and press Enter.
  3. In the System Configuration window, go to the Startup tab.
  4. Look at the commands (the "Command" column) that launch the items at Windows startup, and their location (directories, registry keys in the "Location" column):
    • Disable all directives containing svchost (uncheck the box next to the entry by clicking). It is 100% virus. The system process with the same name is never registered in startup.
    • Open the directory of the malware (indicated in the "Location") and delete it. To neutralize the key in the registry, use the regular regedit editor: "Win + R" → regedit → Enter.

Analysis of active processes

  1. Press Ctrl + Alt + Del.
  2. Click on the "Processes" tab.
  3. Check the properties of all active svchost (name, extension, size, location). When analyzing, be guided by the data of the filecheck.ru service and the characteristics given in this article.

Right click on the name of the image. Select Properties from the menu.

If a virus is found:

  • in the properties of the object, find out its location (copy or remember);
  • click "End process";
  • go to the malware directory and delete it using the standard function (right-click → Delete).

If it is difficult to determine: trusted or a virus?

Sometimes it's hard to tell if svchost is real or fake. In such a situation, it is recommended to carry out additional detection using the free online scanner "Virustotal". This service uses 50-55 antiviruses to scan an object for viruses.

  1. Open virustotal.com in your browser.
  2. Click Select File.
  3. In Windows Explorer, open the directory of the process you want to check, select it by clicking, and then click "Open".
  4. Click "Check!" To start scanning. The file will be downloaded from the PC to the service and scanning will start automatically.
  5. Check out the test results. If the majority of antiviruses detect an object as a virus, it must be removed.

Date of publication: 20.07.2010

The article was updated on 09.12.2011.

Symptoms:
Your computer suddenly began to freeze and slow down the system. At the same time, you have an antivirus with the latest antivirus databases. Click on Ctrl + Alt + Delete and click on the tab Processes... You will see a list of all processes that are currently running; at the same time, you will see that some of the processes consumes a lot of computer resources (although you are not using any programs at the moment). Here you will see a certain process svchost(There will be several processes with the same name, but you need exactly the one that loads the system at 100%).

Solution:
1) Try, first of all, just restart your computer.
2) If, after rebooting, this process continues to load the system, then right-click on the process and, in the list that opens, select Terminate the process tree... Then restart your computer.
3) If the first two methods did not help you, then go to the folder Windows and find the folder there Prefetch(C: \ WINDOWS \ Prefetch). Delete this folder ( delete exactly the folder Prefetch; DO NOT accidentally delete the folder itself Windows!!!) Then follow the second point (i.e. delete the svchost process tree). Reboot your computer.

How many processes should there besvchost.exe in the Processes tab?
The number of processes with this name depends on how many services are started via svchost. The number may vary depending on the version of Windows, the properties of your computer, etc. Therefore, the number of processes named "svchost.exe" can be from 4 (absolute minimum) to infinity. I have 12 svchosts on a 4-core computer with Windows 7 (including the services started) in the "Processes" tab.

How to determine which one is a virus?
You can see in the screenshot above that in the "User" column next to each svchost there is the name of the source that launched this very process. In normal form, next to the svchost will be written "system", or "network service", or "local service". Viruses run themselves on behalf of "user" (can be written "user" or "administrator").

What is, in general, a processsvchost.exe?
In simple terms, the svchost process is an accelerator for the launch and operation of services and services. Svchost's are launched through the services.exe system process

What happens if I, by clicking on "End process tree", accidentally terminate the system processsvchost and not the virus itself?
Nothing bad will happen. The system will give you an error and restart your computer. After the reboot, everything will fall into place.

What viruses are disguised assvchost.exe?
According to Kaspersky Lab, viruses are masked under svchost.exe: Virus.Win32.Hidrag.d, Trojan-Clicker.Win32.Delf.cn, Net-Worm.Win32.Welchia.a
According to unconfirmed reports, some versions of Trojan.Carberp are also disguised as svchost.exe

How do these viruses work?
These viruses, without your knowledge, enter special servers, from where they either download something else dangerous, or send information to the server (namely, your passwords, logs, etc.)

Processsvchost.exe loads the system, but in the "User" column it says "system ". What it is?
Most likely, this means that some service or service is working hard. Wait a little, and this process will stop loading the system. Or it won't stop ... There are some viruses (for example: Conficker) that use real svchosts to corrupt your system. These are very dangerous viruses, and therefore you should check your computer with an antivirus (or better, several at once). For example, you can download DrWeb CureIt - it will find such viruses and remove them.

Why end the process tree and delete a folderPrefetch?
If you terminate the process tree of your svchost, which slows down the system, then the computer will urgently restart. And at startup, when the virus tries to start again, the antivirus (which you must have installed without fail) will immediately detect and remove it. There are many modifications though. For example, the original source of such a virus may be located in the Prefetch folder. This folder is needed to speed up the work of services and services. Removing it will not damage your computer.

Your advice did not help me. Processsvchost.exe continues to load the system.
First of all, check your computer with an antivirus. Better yet, check your computer with several antivirus programs.
I can also advise you to clean the System Volume Information folder. This folder contains the restore points for your computer. Viruses register themselves in this folder, since the system does not allow the antivirus to delete anything from this folder. But this is unlikely to be useful to you. I have not yet heard of such modifications of viruses that would impersonate svchost.exe and are located in the System Volume Information folder.

If you have any more questions, I will be happy to answer them.


Latest Computers & Internet Tips:

Board comments:

I deleted the Prefetch folder and everything became OK! thanks, XPi system

userOK, you're right svchost.exe is one of the main processes. But there is a certain type of virus that masquerades as it. After all, svchost is just a name. Plus, terminating the process tree doesn't harm anything. Windows is a pretty good system, and it recovers most of the system files automatically.

What are you teaching children ?????????? svchost.exe in the family of Microsoft Windows operating systems (2000, XP, Vista, Seven) is the host process for services loaded from dynamic libraries. The use of a single process for the operation of several services can significantly reduce the cost of RAM and processor time.

Popular
Categories

2021
maccase.ru - Android. Brands. Iron. news