Results 1 to 4 of 4

Thread: 9 svchost.exe?

  1. #1
    hailfire Guest

    Unhappy 9 svchost.exe?

    ok, so my computer has been stedily been getting slower so i figure maybe there is something on it. (little brother would turn off ZA because it woulden't allow him to be on different sites. dontcha just love 20 year olds)

    anyways, i went to take a look at task manager to see if there was anything that looked weird and sure enough i have about 9 svchost.exe running. some of them are duplicates.
    5 are system, 2 are network service,and 2 are local service each one is running diffrent mem usage.

    i went ahead and did a search on my computer to see where they were at as well and got more than one.
    3 of them to be exact...
    C:\WINDOWS\$NtServicePackUninstall$
    C:\WINDOWS\system32
    C:\WINDOWS\ServicePackFiles\i386

    there were a few others that didn't match exactly to the search though...
    SVCHOST.EXE-3530F672
    C:\WINDOWS\Prefetch

    SMSvcHost
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation

    SMSvcHost.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation

    i went ahead and also screen shot what the task manager looks like right now to see if anyone can see anything that looks off.

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 9 svchost.exe?

    Hi Chrissy

    The 9 svchost.exes are not uncommon as given per the number of windows 'services' that are enabled or used in your windows.

    Your attempt to isolate the svchost.exe according to the file locations is not entriely correct.
    Yes the scvhost.exe is found in the i386 and service pack/update folders but it main 'active' used location is always found in the windows\system32 folder.
    And yes it can be seen associated with a prefetch file seen in the prefetch folder (used for vitual or page memory by windows).
    And yes it can be associated with the .net frame.
    Only the svchost.exe seen in the windows\system32 is the active file and the other are either for virtual mem uses, file associations with other proceses or just install/update files.


    Any svchost.exe found to be 'active' in other locations of the hard drive other than the file located in the \system32 directory such as root of the c drive or in the main windows directory or even in various temp folders is always malware and not a legitimate windows file.
    Notice the key term active is used - svchost.exe is simply a window's file that 'manages' the various window's services, albeit many services from just the one single svchost.exe file itself.

    This is why multiple svchost.exe can be used on the windows and seen in your task manager's processes view.
    Although windows officially labels the svchost.exe as the 'Generic Host Process' sometimes it is more accuratrely described (although incorrectly) as the "generic 'service' process". A somewhat more accurate although incorrect term.
    Svchost.exe is directly responsible for controlling and properly conducting the windows services. More services means often more active svchost.exes.

    I can see however in your task manager several issues that maybe of corcern about the 'slow' computer issue.
    First I see a couple of .tmp executed and actively running - either you have just installed/uninstalled something or there is the possibility of malware running from the Temp folders.

    Second I see the alg.exe running - this service is not required for the ZA firewall and it is used only for stately packet inspection when doing FTP with the window's own firewall. I would recommend to disable this service and maybe even a few others - have a look at the service configurations guides found at http://www.blackviper.com/
    The blackviper.com site is a very informative guide site and maybe some of these un-needed services can be disabled to save some resources (including perhaps some of these svchost.exes).

    Third I see a McAfee executible running at the same time I see a ZA firewall and mantispam file running - it could be you have too much security running at the same time and something needs to be uninstalled OR you have McAfee file leftovers from a recent uninstall.
    Last edited by oldsod; August 10th, 2009 at 04:32 PM. Reason: fix typo :)
    Best regards.
    oldsod

  3. #3
    naivemelody Guest

    Default Re: 9 svchost.exe?

    FYI - McSACore.exe = McAfee SiteAdvisor. Not really a big threat to pc.

    hailfire, the number of svchost.exe is quite normal/ within range; running a multitude of window services. As Senior Member oldsod has mentioned you can make some adjustments for which windows sevices "Run" automatically/ at start-up or "manually" or 'disable.'

    For instance: if you don't use Instant messaging program of Microsoft = WindowsMessenger - you can adjust to 'disable/ not run' or to 'manual' - just in case you change your mind. Or if you have a desktop without any wireless routers/ printers, etc. you may disable the 'wireless configuration services, etc.' Just be carefull of your choices and cross-reference your information.

    Additional thought: opening and closing ZoneAlarm as your brother does; probably not good for you pc - it may be a factor in the slowness and 'potential security risk.'

    hailfire, it would be advisable to list the particular ZA product you have ? ZA Suite, ZA Extreme, ZA Antivirus, ZA Pro, ZA Free firewall and it's version number - anytime you post here.

    In Vista systems - Generic Host Process for Win32 Services(XP) is called = Host Process for Windows Services

    Personal note: my 4 year old XP recently broke down; got new Vista pc - ZA will list 'alot more' window services/ programs than in XP systems.
    __________________________________________________ ___________
    NaiveMelody NYC - 8-12-09 - No Woman, No Cry - Bob Marley & The Wailers
    Last edited by naivemelody; August 11th, 2009 at 09:57 PM.

  4. #4
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,648

    Default Re: 9 svchost.exe?

    hailfire : You might consider using Process Explorer v11.33 in place of task manager.It's an advanced process management utility.

    At this link :

    http://technet.microsoft.com/en-us/s.../bb896653.aspx

    Have a nice Day

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •