A close definition???
According to Microsoft: "svchost.exe is a generic host process name for services that run from dynamic-link libraries". in a simple lay man's toungue????
Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for reusability… but the problem is that you can't launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.
More detailed eye????
The file svchost.exe is the Generic Host Process for Win32 Services used for administering 16-bit-based dynamically linked library files (DLL files) including other supplementary support applications.
As operating systems became more complex Microsoft decided to run more software functionality from a dynamic link library (DLL) interface. However DLLs are unable to launch themselves and require at least one executable program, i.e. svchost.exe, is needed to bridge between the library process and the operating system.
Through the solitary file svchost.exe, the DLLs efficiently contain and dispense Win32 services as well as neatly facilitate the execution of svchost.exe’s own operations. Acting as a host, the file svchost.exe creates multiple instances of itself. The multiple executions of the file svchost.exe contribute to the stability and security of the operating system by reducing the possibility of a crashing process that causes a domino effect on its neighbor processes, thereby creating a system-wide crash in the machine.
Other instances of SVCHOST.EXE:
1) svchost.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately.
2) svchost.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
3) svchost.exe is a process belonging to Microsoft Service Host Process. This could also be a stealth monitoring software that sits in the background and tracks all activities such as keyboard input (including websites visited, passwords etc.) This information can be sent to third parties through email or ftp uploads. If you did not intentionally install this program make sure you remove it to protect your privacy.
Why Are There So Many svchost.exes Running?
If you've ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows… so they are separated out.
Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. Another svchost.exe instance might run all the services related to the user interface, and so on.
So What Can I Do About It?
You can trim down unneeded services by disabling or stopping the services that don't absolutely need to be running. Additionally, if you are noticing very heavy CPU usage on a single svchost.exe instance you can restart the services running under that instance.
The biggest problem is identifying what services are being run on a particular svchost.exe instance… we'll cover that below.
If you are curious what we're talking about, just open up Task Manager and check the "Show processes from all users" box:
you can right-click on these processes and "go-to service option" to view what services they are providing...
this will lead you to the services tab,,and you will be shown the services un by this svchost.exe as in highlighted form.like this:
if you feel that a particular service is no longer needed or is hindering your performance or you suspect it to harm your security then you can easily disable it by right-clicking abd disabling it. or you may choose some of the options:
actually the best part of it is that the task manager tells the full name of the service that is holded by a particular process or being currently executed ..you can disable it in following steps:
1.open run
2.type services.msc
3.search the name of service you want to disable.
4.right-click on that service bar
5.click properties
6.change the startup type to "disabled"
its a very easy way than doing through command prompt..this will help you fight svchost.exe if its hindering your sleep,otherwise it helps a lot:)
enjoy.
