If you look at your Windows Task Manager Processes tab, you will probably see several copies of ’svchost.exe’ running. This is normal and is the process name that your background services run as. If you ever are curious what each one is actually ‘hosting’, here is an easy way to find out.
- Download and run Process Explorer.
- Double-click on a svchost.exe entry.
- Look at the Services tab.
- You should see a list of the respective service names under the ‘Display Name’ column. Click on the entry for more information.
This is a really handy feature to know not only for informational purposes, but for troubleshooting as well. If a certain instance of svchost.exe is eating up a bunch of memory, now you know how to find out what it is doing.
Jason Faulkner is the man who brings you our daily tips. He is based in Atlanta, Georgia.
Knowing exactly what process is running is indeed extremely useful; especially in the case of svchost:
A lot of malware presents its process as svchost.exe, or variations of; such as scvhost.exe or svcvhost.exe, so knowing exactly what’s going on can assist greatly in the hunt for malware on a compromised system.
Addendum: Do NOT shut down any instance of svchost.exe simply because it is suspected malware: Confirm that it definitely is in fact a malware process first, before killing it and deleting its registry key.