Skip to main content

"svchost.exe is using a lot of my CPU. Is this a virus?"

·321 words·2 mins
system-administration tech svchost-exe sysadmin technology windows
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure

A common occurrence I find is that svchost.exe is often mistaken for a virus or some form of malware because it is often listed in Task Manager utilizing a percentage of CPU time. And while some virii are named something similar to svchost.exe to stop the user from thinking otherwise 99% the user simply doesn’t understand what it is. But it is very important to have antivirus programs like Zonealarm ransomware protection. Microsoft describes the svchost.exe as

…a generic host process name for services that run from dynamic-link libraries (DLLs).

At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.

So, in a nutshell, svchost.exe is a container for services that run via DLL files.

Great, but when a user is trying to diagnose what is eating CPU cycles it masks what is really going on. What can one do to remove the wool over their eyes and find out what is truly going on?

It’s rather simple. Drop to command prompt and run the following command:

tasklist /svc /fi "imagename eq svchost.exe"

You will be presented with a list similar to the one below:

tasklist command output

Conveniently the tasklist command breaks down each instance of svchost.exe, lists the PID (use this to track it in Task Manager) and what services are running via it.

I was able to use the above command recently to find Windows Defender service was still running despite the installation of Symantec Endpoint Protection and thus was chewing CPU cycles.

Hopefully, it will come in handy for you to. Let me know in the comments section or on Twitter if it does!

Related

Bring back SKU choice in Windows 7 installer
·168 words·1 min
system-administration tech sysadmin technology windows-7
One of the best things Microsoft did when Vista came about is to make all their different SKUs available on the one disc/ISO.
Windows 7 Libraries & Personal Network Drives/Shares Part 1
·615 words·3 mins
system-administration tech libraries sysadmin technology windows-7 xml
Windows 7 is arguably one of the best operating systems Microsoft have put out in their history in the game.
Beware the Sysadmin
·25 words·1 min
system-administration tech humor sysadmin technology webcomic xkcd
I don’t usually get excited by xkcd web comics but I thought this one was particularly appropriate (thanks Anthony Burke)