multiple svchost.exe???

L

liquidmonkey

Disciple
hello,
have recently noticed that i have 8 'svchost.exe' (4 are SYSTEM, 2 are NETWORK SERVICE and 2 are LOCAL SERVICE) running when i start up my PC, also have 3 'rundll32.exe' running too.
a few weeks ago i did have an issue with the 'vundo' pain in the butt vrus/malware and am concerned if it is still on the system. at least the pop ups stopped but things do slow down every now and then.
i run adaware, spybot, norton2007, registry-booster and spywareblaster about once a week to keep things clean and it generally stays that way. this is actually the first time ever i've had any problems.
i don't have any weirdo firewalls or crazy anti-virus stuff, only what i mentioned above.

any ideas??
do u need a hijack-this log?
 
lol u already have a crazy antivirus stuff installed and thts norton :lol:

trust me a good firewall + a good antivirus eliminates 80% problems unless u invite trouble urself :p

so far i m using Zone Alarm + Kaspersky 6 + WinXP manager and last time i formatted my OS was a year back when i got a BSOD and later realised it was due to my sound card >.<

i dont run ne adware or spyware stuffs and till date no probs :D
 
virus/ malware is still in ur system..i had the same problem till about yesterday..Ran AVG Virus scan in safe mode after which i ran AVG Anti-Sypware and Spybot. cleaned my Reg and now everything seems fine.
 
No need to panic unnecessarily. svchost is the system service which either groups the system services or runs it individually. Here is the explanation for svchost
A description of Svchost.exe in Windows XP
Click to expand...

Presently I have more than 5 svchosts running and i am more than confident that i dont have any spywares, malwares or virus. If you do a Tasklist /SVC in command prompt, u will find the tasklist of all processes with what process is running as service and most of the times if not all the times, you will find that svchost will be using or running valid system processes.

As for rundll32.exe, its a dll called by the system when a specific program that needs it is running. usually the runddl32.exe will disappear after sometime and program name will appear in the tasklist. if not, you can end it manually But beware, sometimes it will end the program u r running currently if you dont identify it properly

@liquidmonkey - If you are sure that you have run all he anti - spyware, anti - malwares, its usually the after effects of the spyware or malware that you are feeling. The best thng to do at this point of time is a sfc/scannow . It replaces all the winxp original files but a not eof caution. Any customization with appearance or the the system files which uses the shell (like winlogon etc ) will be lost. Atleast, you can have the normal system back
 

Attachments

  • svchost.JPG
    svchost.JPG
    193.1 KB · Views: 96
You should normally have many svchost.exe's.

service.exe runs all the services in your system (Run>services.msc). These include all drivers and background processes etc, some network facilities. Some of these can share processes, some can't. So there will be multiple copies of it.

I am not sure why you have multiple copies of rundll32.exe but it is very possible.
 
Usually when it is a virus or other malware it has caps, so it would look like this SVCHOST.EXE.

svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

Description of Svchost.exe in Windows XP

svchost.exe Windows process - What is it?

Note: svchost.exe is also a process which is registered as the Trojan.W32.Dasher. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)

This is a registered security risk and should be removed immediately.

There are viruses circulating in the internet which uses the same name as svchost.exe. The legit svchost.exe will be present in the %windir%\system32 folder.

Each instance of svchost.exe process seen in the Task Manager hosts a group of services. To see the list of services hosted by each instance of svchost.exe, you may use the Tasklist.exe console utility available in Windows XP Professional Edition.

*

Click Start, Run and type CMD.EXE

*

Type tasklist /svc >c:\taskList.txt

The taskList.txt will contain the list of Processes, their Process IDs and the Services running under each Process.

Note: Tasklist.exe is not included in Windows XP Home Edition. You may use Process Explorer to view this information.

Find more info regarding this exe Here
 
It is quite normal as other have said , to have multiple svchost.exe in your task manager , Best would be to scan with a AV if you suspect anything .
 
Back
Top