Helping people with computers... one answer at a time.

Svchost.exe, or just "svchost" is a Windows component. It's quite normal to have more than one copy running. Unfortunately, it's also the target of malware and often shows up in malware-related problems.

Fire up Process Explorer or Task Manager in Windows to view the running processes and you'll see something called "svchost.exe".

In fact, you'll see it listed several times.

As I write this, there are no less than 11 copies of svchost.exe running in my Windows 7 64-bit system.

To understand why this is expected, we need to understand a little bit about why svchost exists and what it does.

Multiple svchost.exe's running on my machine, viewed in Process Explorer

Service Host

Svchost, as the name implies, stands for Service Host.

Many components of the Windows operating system are actually implemented as what are called "services" - a fancy name for programs that run in the background and aren't necessarily associated with whomever is logged into the machine.

You can quickly see which services are running by typing NET START in a command window, or by right-clicking on your Computer icon, clicking on Manage, clicking on the small triangle next to Services and Applications to expand it, and then clicking on Services.

Services installed in Windows 7

On my machine, "Net Start" shows me 76 running services on my machine. The Services interface shown above displays all installed services and an indication of whether they are running or not.

There are many things that are common to all services: how they start, how they interact with the system, and how they manage the administrivia of running a system service. Rather than writing a complete service from scratch, many are implemented as a type of program run by another program.

That "host" program is our friend svchost.exe.

Hosting services

Svchost.exe is designed to be the host for one or more actual services. It's the program that gets run, and when it gets run, it's instructed which service to run. The actual service is typically implemented in a DLL that svhost.exe accesses.

As it turns out, a single copy of svchost.exe can actually "host" several different services at once.

Hover your mouse pointer over one of the svchost.exe instances in Process Explorer and a tool tip will show you exactly which running services are being hosted by that particular copy of svchost:

Services running in one specific instance of svchost.exe

In this example, the pop-up shows that this single instance of svchost.exe is actually hosting 18 separate services. Other instances typically host fewer, often only one. Which copy of svchost.exe hosts what service is a function of how the services relate to each other and when they are required by the rest of the system.

Svchost and malware

Because it's expected that there will be multiple copies of svchost.exe running and its workings are quite mysterious to the average computer user, malware authors have long leveraged the confusion around it to hide or at least obfuscate their doings.

  • In the past, the svchost.exe file itself was a popular target for direct compromise - malware would actually alter the program with their malicious code. Windows File Protection in later versions of Windows rendered this approach mostly ineffective.

  • Malware authors often try to install their malware as a service hosted by svchost.exe. Installing a service requires administrative access and is effectively blocked in most cases by limited user accounts in Windows XP and UAC in Windows Vista, 7 and later.

  • Malware is sometimes actually delivered in a file called svchost.exe, but placed in a non-standard location. When running, the malware looks like "just another svchost" unless examined more closely. (The correct location is in Windows\System32.)

  • Similar sounding names and typos have also been fairly common. "svhost.exe" and "svchosl.exe" might pass for "svchost.exe," unless you were looking carefully and noted the typos.

As I said, the confusion around svchost has become a tool that malware authors have used to to either worm their malicious code onto machines in the first place and/or try to hide its presence once installed.

Svchost.exe is not malware

I've seen a number of panicked questions that immediately jump to the conclusion that svchost.exe is, itself, malware.

That's simply not true.

Svchost.exe is a required system component and Windows will simply not run without it. If it becomes infected, it's possible that attempts to clean it up by deleting or quarantining it may result in a system that doesn't work.

As we've seen above, malware often tries to look like svchost, or it tries to run using svchost, but that doesn't mean that svchost.exe itself is malware.

(This is an update to an article originally published October 20, 2003.)


A description of Svchost.exe in Windows XP Professional Edition - Microsoft Support.

What is svchost.exe? - Microsoft. Written for Windows Vista, but applies to all recent versions.

Article C1852 - October 2, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

December 14, 2003 8:27 PM



December 14, 2003 9:58 PM

Question 1: it depends entirely on the operating system version, the filename that should have been specified in the error message, and potentially the applications installed on your machine.

Question 2: svchostC is most likely a virus, I believe. Make sure you're runing a virus scanner, and that the signatures are up to date.

If you need more specific or detailed help, please submit your question here:



jose luis
January 7, 2004 3:56 PM

I have a machine like a server, in this pc I`ve intalled dll's, this dlls are functions that make transactions in sql over acces. All work fine, but in any moment appears "error en svchost.exe" this error in the server machine. in the side of the client appear an error "error en internet".
What I can do? what is this error? how can I avoid this?
Please write me to mi e-mail.
thank alot for the attention to this trouble.
atte. Jose Luis sanchez from Toluca, Mexico.

January 7, 2004 11:12 PM

Right now when ever I connect the internet, I will get the error message: svchost.exe error. Windows will terminate this program. After that I cannot get linked on any website, and my office2000 program will have trouble to run, like cannot run the "copy", "cut" and "paste" fuction, and cannot link to anyother file. What is wrong? what shall I do to avoid this? Please help me. Thanks!

January 8, 2004 5:34 PM

I'll point you all at for those of you that need a quick and specific answer. Since this is so common, I'll try to come up with a general answer if I have the time to do the research.

In the mean time, I also encourage you to read . Regardless of who you take this question to, there are some common bits of information that will help.


January 11, 2004 6:22 AM

When I connect the internet, I will get the error message: svchost.exe error. Windows will terminate this program. After that I cannot get linked on any website, and my office2000 program will have trouble to run, like cannot run the "copy", "cut" and "paste" fuction, and cannot link to anyother file. What is wrong? what shall I do to avoid this? Please help me. Thanks!

January 12, 2004 9:56 PM

Everyone who's having SVCHOST errors, please read this article:

January 18, 2004 5:05 AM

i can't copy and paste since i had the msblast and lovsan viruses.

emil me please on how to fix the problem, thanks

January 28, 2004 11:12 AM

when i connect to the net after surfing for few minutes i get the svchost.exe error. its a msgbox, asking OK to terminate the program or Cancel to Debug. I am unable to find a solution. I have Win.2000. When u click on Cancel it opens a Visual studio window. I have already formatted the comp and even loaded the latest Internet Explorer version. The problem still persists.

January 28, 2004 11:18 AM

Please read this article:


February 18, 2004 8:20 PM

On the task manager, I always see svchost.exe. I know that there are several of them, but there's one (listed as LOCAL SERVICE) that steadily takes up CPU usage. When it reaches 50-80%, my programs start to slow down. What causes this and how can I correct it?

2700 MHz, 768MB, 128M nVidia GeForce4 Ti4200-8x (0x0281)
Running Windows XP

February 18, 2004 9:20 PM

I'd use tasklist /svc, as documented in this article, to try and determine which svchost is causing your trouble, and what services it is attempting to provide. That may provide a clue. Naturally I'd also make sure you're up to date on service packs, windows update, virus checks and so on.


February 19, 2004 9:58 AM

Leo, thank you for your online forum. My laptop, Toshiba Satellite 1415-S173, cable modem, MS WiFi, Symantec AV and full Security suite has recently required longer and longer to boot. I have tried to find the bottleneck to no avail. Numerous tweak scripts, exhaustive startup manager trials. 1.5 to 2 minutes to get the logon screen and another 2+ to load the desktop. I just found in MS Sys Info, Sys Summary, Software Environment, Startup Programs.....each file is listed twice with NT AUTHORITY\SYSTEM one user and .DEFAULT the other user. This is true for every file listed. Any thoughts? Otherwise, the system performs quite nicely. thanks in advance

February 19, 2004 12:13 PM

Having everything listed twice certainly seems suspicious. I'd have you start with this article: it's about system slowdowns in general, but many of the same techniques apply. It also points to another article on controlling what happens at startup with instructions on how to use msconfig. I'm curious as to whether msconfig shows everything twice as well. You didn't mention running any spyware scanning software - that's also a frequent cause for startup issues. Again, the article I just referenced discusses that also.

Best of luck!


February 23, 2004 2:01 AM

Through Zone Alarm I learn that svchost.exe want to act as a server. Literally:
Do you want to allow Generic Host Process for Win32 services to act as a server?
Tech Inf.: source IP: 5000
Application: svchost.exe
Version: 5.1.2600.0 (xpclient 010817-1148)

["More info" in ZoneAlarm does not really give one more understanding or "yes/no" advice.]

I guess I am not the only one who gets this Question. Pls mail... tks
Curious Kees

February 23, 2004 2:00 PM

I'm using zone alarm too. and i choose "yes" - nothing bad happend since then.

February 24, 2004 6:12 PM

One of the svchost.exe's on my computer is making my computer's CPU run at 100%. It slows things down on my computer, even though I have good parts. Do you know what's going on?

February 24, 2004 6:51 PM

When I type tasklist /svchost I get the following message.

"tasklist not a known internal or external command, operable program or batch file"

I am running XP home on a Compaq presario notebook. The reason I would dearly like to run the program is that my PC is running at 100% busy even though there are no programs active and I am not connected to the net - or anything else.

February 24, 2004 8:22 PM

Recommend you follow the instructions here: and the several good ideas in the comments that follow.


February 24, 2004 8:25 PM

Tasklist.exe is in \windows\system32 if present. You should be able to find it on your Windows XP CD as well.


February 25, 2004 3:16 AM

Everytime i connect to the internet... after 10 mins or 15... and "SVCHOST.exe - Application ERROR" appears... and when i click... OK my connection will stop responding... and if CANCEL it will debug... but still stop responding... what was it?!?! thanks!

February 25, 2004 8:21 AM

That's classic behaviour for one of the viruses that manifests as a SVCHOST error. Check out this article:

Good luck!


February 26, 2004 9:34 AM

I have had many of the same errors that you all are talking about but that is just how it all started for me. I got so bad that I could not open any web pages.

what you all should try is got to the site that makes nortons anti-virus and look up


That is what I have found no my computer, and only one of them Nortons corp pro found.

Now I have a question. I am really new to all this computer tek stuff and so when nortons or avg could not fix the walchia worm I paniced and tryed to delete every thing to do with the svchost that I could. I deleted the svchost.dll but the svchost.exe would not delete for it was in use to I tryed everything to delete it. One thing that I wish that I do not do was I opened up the properties and at the time there was six (6) tabs and i changed every setting in there that could be changed.

Now I got rid of all the worms but my computer is not working right at all, i think that is has to do with what I did to the svchost.exe. I tried to reformat my computer using my windows XP but it told me that my files were corrupeted and it can not be done.

Please any info about how I can reformate my computer would help.

thank you for your time

February 26, 2004 9:37 AM

Jay trust me you had the blaster worm.....and it is a naste one too

You need to find a program called "FixBlaster" then you need to make sure that you have all the criticial windows updates and that will fix that problem.

February 26, 2004 9:45 PM

svchost.exe is actually an important and required system component. If attempting to resolve a virus issue has damaged it, that can easily explain all sorts of remaining bad behaviour, even after the virus has been eradicated. My recommendation is to run the system file checker (sfc). I mention it and how to run it in this article: - it should repair any damaged files.

Good luck!


February 28, 2004 1:48 PM

Okay Leo, I need help, I am running winodws XP SP1 and print Spooler service disappered from Services list. There are no printers listed in printers folder. I cannot add printer. When trying to run the wizard I get Error: 'Operation could not be completed.'
I have deleted the print driver and cleaned the registery.
The only thing I can think of was I was trying to print .prn file from dos prompt and something remove spooler service.

February 28, 2004 4:47 PM

Yikes! I'd run the system file checker to see if that doesn't restore the spooler. I just posted an article on SFC:

Good luck!


February 28, 2004 6:21 PM

Thank you,
I have done that; SFC replaced a DLL and I should have written down which one but did not. My spooler is still not back! any other suggestions

February 28, 2004 7:02 PM

I have a virus that attached itself to my svchhost.exe and svchoste.exe files, since they are running, I try to end process and then move the file to the virus valt (in AVG) - BUT when I end the process I am forced to reboot the machine.

anyone provide any assistance?

Im using WIN XP Home SP1 - thanks

February 28, 2004 7:07 PM

svchost is a required system file - the system can't run without it. You'll need to use one of the removal tools. I recommend symantec: - it's also worth reading this article: .

Good luck!


theresa darius
March 9, 2004 10:39 AM

i cant seem to get rid of my popups, i have used ad-ware 6.0 and spybot but these pop-ups keep coming back...sometimes 60 at a time...i think it is a virus that may have attached itself to my svchost.exe file, i want to remove them, how do i go about this....
help please Leo

March 9, 2004 1:06 PM

Well, you didn't say whether or not you've run an anti-virus check, so certainly do that. Also check out this article: for more steps to take on the svchost problem (read the posted comments as well, many people contributed valuable info). You also didn't say what kind of popups. If you're running XP or Win2k you should disable the Windows Messenger Service (not the IM client, but the service.) I talk about that one in this article:

Good luck!


Franz J. Polster
March 9, 2004 11:37 PM

I learnt about the existence of svchost.exe just
yesterday, when my Norman firewall, under Windows
XP professional, asked whether task
c:\windows\system32\svchost.exe should be allowed
outgoing communication with protocol UDP
to remote address
What is the purpose of svchost.exe accessing
the internet? What if I deny access (which I did,
without observing any negative consequences)?
Who/What is behind (Microsoft, I

Thanks for your reponse in advance


March 10, 2004 9:30 AM

I'll assume you meant "Norton" firewall :-).

So, to find out what is, I went to a command prompt, and typed the following:

ping -a

And it tells me that that IP address is "" ... so you are correct, it was Microsoft. That instance of svchost is supporting the time service, and has asked for the current time. You can change the server it uses, or turn off the auto time update completely, in the same place you set your PC's clock in Windows.


Ovi & Adi
March 13, 2004 9:44 AM

My computer is running really slow. A lot of CPU usage is taken by svchost. What can I do? Where can I look for the problem?

March 15, 2004 1:31 PM

Hello Leo !
I have a question for you:
I hav norton NIS+NAV installed on win xp pro, and it can't run anymore, when I restart windows it I can see the icon of nav and nis(with x) and after a few seconds they disapear and I can't run any norton application besides live update, which dosen't work as well. I even tried to install windows on another partition and re-install NIS before even conecting to the internet, and the same happens again... I did update all the leasts updates from microsoft update. I think its a virus, but I can't find it with the pre-installed nis that on the nis-setup-cd or with trend micro online antivirus or fixblast.exe...
is the rpcs service of svchost run is normal ?
if I tried to close it I get the 60secs countdown as in the blaster worm... should this service run by normal use? or is it some kind of virus?


March 15, 2004 5:06 PM

rpcss is a normal service. Unfortunately it's also the service that had a vulnerability that virus writers exploited. You can read more about it, and try downloading the patch for that vulnerability from here:

Some variations of the viruses actually prevent virus scanners from updating, so it sounds like that's what you have. Try the patch above and see if that doesn't let you make progress.

Good luck!


March 16, 2004 3:31 PM

i have a big problem. i have a 1.6 gig processor, and im constantly overloaded. the problem comes when C:windows/system32/svchost.exe gets pinged by a number of different ip adresses, and i get a pop up (ping) from different ip adresses that try to get my to pay 19.99 to i need a solution bad. can anybody help?

March 16, 2004 3:52 PM

Step one: turn off the windows messaging *service*. There's a paragraph with the quick steps on how to do that about 2/3rds down this article: - then, get youself a good spyware scanning program (recommendations here: ).

Good luck!


Zeak Harbors
March 17, 2004 11:31 AM

I had one of the Walchia worms and it said my svchost.exe was infected. Norton tried to get rid of it but it was unable to get into the file. To fix this i restarted in safe mode and ended the process trees of all the svchosts running on my computer after that i looked up where there were located and deleted them. While this was happening my computer was shutting down because of the msblast. When i restarted no a lot works including microsoft explorer. I'm not sure how to restore the correct svchost. I hope you can help.

March 17, 2004 11:40 AM

svchost.exe is a required system file. Removing it is most definitely the *wrong* thing to do to try to resolve this problem, and is pretty much guaranteed to hose your system.

Assuming you're running XP, my recommendation: try system file checker first.

If that gets your system somewhat runable, then follow get all the patches from Windows Update.

And definitely read the comments here ... there have been several good suggestions on how to proceed depending on your system, your connectivity, and what state of disarray you are in.

Good luck,


Tim Coley
March 20, 2004 1:22 AM

Norton recently told me that my svchost file was infected with "Download.Trojan". It could not be repaired, so I quarantined it, but what should I do now? If I can't repair it, then should I delete it?

March 20, 2004 11:36 AM

Or you can do nothing, if Norton no longer complains. It's typically OK to delete *the quarantined file* (NOT the *real* file). If you're not sure about the difference, then leaving it as quarantined should also be fine. Since SVCHOST is a required system file, deleting the wrong one could be a problem.


March 21, 2004 11:07 PM

I hava a big problem with svchost.exe. 2500 MHz, 512MB, 128M ATI Radeon 9600 Running Windows XP,
it work perfect about 5 min and then CPU usage become 100%. What can I do?

March 22, 2004 6:16 AM

Hi Leo
I've just encountered a similar problem to Korsaria. I have a Dell 2.4 Ghz + 512 Mb +80G HD running XP. I have Norton anti virus and also Norton Firewll but they have not been updated for a ouple of months.
this morning I found that every application was being interrupted and it would sit there and do nothing for about a minute before it stumbled on and then stopped again. I used task manager and found that the CPU was running at almost 100% with SYSTEM PROCESS. The only other thing that was running at this time was SVCHOST.EXE but this was not taking up much CPU time and was intermittant. Something is causing SYSTEM PROCESS to commandeer the CPU. Do You have any thoughts.
Many thanks

March 22, 2004 3:42 PM

My initial reaction is that you are both infected with a virus. Updating virus signatures frequently is a *must* in today's environment - I update nightly. Update those virus scanners and get the latest round of updates from Microsoft for your system.


March 23, 2004 2:06 PM

How do I capture the output from tasklist /svc before it disappears?

svchost.exe is constantly taking between 80 & 99% of processor & is bugging me.

If I can capture the output this will tell me which version of SVCHOST.EXE is running what programs, but how do I change them?

March 23, 2004 2:15 PM

tasklist /svc | more
tasklist /svc >filename.txt

If your processor is pegged in svchost, you likely are infected with a virus, and need to run a virus scan or removal tool.


March 23, 2004 3:15 PM

Thanks Leo, going throught the pain of trying to ensure I have all the windows updates & just looked at the symantec security site for the worm removal tool. Printed it off, too tired to plough through that tonight.

Thanks for your advice, truly appreciated.

sakol nisarut
March 24, 2004 6:50 PM

when i use my notebook with battery. This running program "svchost.exe" are alway run and take a lot of power from my notebook!!
What and how should I do in this case?
Thank You for your comment.
Sakol Nisarut

March 25, 2004 1:49 AM

I have a Dell 2.0Ghz running on XP.
After I read the posted here,I tried TASKLIST /SVC on CMD window; but I've got only an error message saying:

'tasklist' is not recognized as an internal or external command, operable program or batch file.

Why is TASKLIST /SVC not working on my XP?
I'll appreciate your help.

March 25, 2004 9:33 AM

Tasklist is only in XP Pro, I'm guessing you have XP Home edition. You can copy it over from an XP Pro system, if you have access to one. You might also be able to find a copy on-line if you search.


March 25, 2004 3:43 PM

Thank you, Leo. Yes, mine is XP Home.
While searching for TASKLIST.EXE, I found great free tools from the following site:

Free tools of this sites such as Process Explorer, TCPView, FileMon, RegMon seem very good.
Would you check them out and give me opinion?
I'll appreciate again.

March 25, 2004 3:45 PM

I *highly* recommend sysinternals. In fact, you'll find them mentioned in several of my articles, and on my recommendations page. The tools you list are part of my "take everywhere with me" arsenal :-).


March 27, 2004 2:56 AM

my sygate peronal pro firewall tipes that it is a critical problem and blocks incomming messages to svchost.exe. firewall desdcribes it in that way: 03/26/2004 20:56:08 Intrusion Detection System Critical Incoming TCP svchost.exe 4 03/26/2004 20:56:08 03/26/2004 20:56:08
is it wrong if firewall blocks these connectings?

March 27, 2004 10:19 AM

No, it looks like the firewall is doing its job. Further, based on the IP addresses, it looks like one of the other computers on your network may be infected with a virus.


March 29, 2004 10:39 AM

I think I`ve closed one of svchost and from that I have some errors that appear on my screen... at numeber of error 10053 and 10054... how can I put the svchost again... I`ve installed the windows again and no effect. If I`ve written wrong, please scuse me, I am from ROMANIA and I have 11 years old. Can I fix the problem????

March 30, 2004 8:02 AM

my computer is infected by virus w32.WlechiaB.Wrom .
when ever i run antivirus say virus found in c:\windows\system32\drivers\svchost.exe.

how to over come this.
i searched on net i founf some thing saying run given exe it will delete the file infected, is it ok?

waiting for u'r reply.


March 30, 2004 9:16 AM

No way to know, since you didn't say where you found it. There are such tools ... I would start at Symantec's anti-virus site and download one from there.

Best of luck,


March 31, 2004 8:01 PM

I'm having problems with IEXPLORE.EXE and EXPLORER.EXE...
I think both are corrupted, because when i'm opening certain folders with images or photos or even larger number of files it goes like this:
- "EXPLORER.EXE (or sometimes IEXPLORE.EXE) generated errors and will going to close"

how can i solve this problem?
I think just reinstalling Windows is not enough, so i appreciated if you could give me an answer.

Big Thankx

Lereno from Portugal

p.s - i've got Windows XP Professional(sorry about my English!!!)

March 31, 2004 8:10 PM

First, I'd try the system file checker: - then I'd make sure you had an up to date virus scan.


April 1, 2004 1:43 AM


April 2, 2004 3:48 AM


itried to conecct to mIRC and it says i have a trojan ??? ive ran spy-bot , ada-awre and norton2004 i also have a personal firewall enabled , how do i find the trojan thats lurking on my system please ?? i run winXPpro thanx for your assistance


April 2, 2004 4:45 PM

Good question. Does mIRC give you any information as to *what* trojan it thinks you have? You might also try an additional virus scanner (there are several free ones on the net that make for a good second tier scanner).


April 3, 2004 4:12 AM

Hi. I have a question...
I have four SVCHOST.EXE running after restarting computer ... but after 1hour (or more) one of them is using my CPU in 99% ... when i disable it i can't COPY/PASTE/MOVE FOLDERS, etc.
Can you please help me ? And if you reply plz send me an email so i can see what is the problem :P btw. maybe there is a way to look why this process use 99% of my CPU ?

April 3, 2004 9:21 AM

That's most certainly a virus. Check out the article and subsequent comments here:

Good luck!


April 3, 2004 2:55 PM

thx Leo ... i solve my problem myself :)
This was the attack on the RPC to run commands :) I think it was Gaobot attack from LAN network :)
antivirus + patches for xp + little time ... and i solve the problem :)
btw. nice site - keep up the good work :)

April 3, 2004 3:19 PM

Hey Leo, I got a question for yah...(obviously). I run windows xp, and for some reason or another, after I reboot my compt, my task bar gets locked up and I am no longer able to use it. I can still minimize programs and alt+tab back into them. I just cannot see them on my taskbar...mainly because it will later dissaper after running a few progams...IE games and such. I ran norton...nothing found...ran spy bot, search and destroy...found a few things, didnt fix my problem. I got the latest xp updates and such. But when i opend up my task manager, and ended svchost, my taskbar came back up and was working fine. svchost does not mainly take up alot of my cpu, but it does have it's spikes at moments where it will shoot up. Any idea what might be going on?

April 3, 2004 7:22 PM

Is the task bar still visible when the problem happens? I'm wondering if it's jsut auto-hidden? Right click on an unused area on the task bar, hit properties (you may need to unlock the taskbar), and check the auto-hide and on-top settings.


April 5, 2004 1:13 AM

Hi There...

I has a problem with my PC's,
I'm using WinXP Pro, and i had this Generic Host Process For Win32 Services. Where each time the dialog box pop up, i try to close it and there is a dialog box tell that the PCs need to shut down. After a few times faced this problem i try to find a solution in internet and found out it is a MSblast. i been search a file named MSBlast.exe but did not found it. finally i found out that the generic host.... actually point to the svchost.exe.
can anyone help me to settle my problem???plzzz???


April 5, 2004 8:18 AM

Question. I had the common problem of recieving about a dozen popups every 5 minutes. I installed the STOPzilla pop-up Blocker and the pop ups stopped. However, I now have a problem that is just as bad as the pop up ads. Whenever I'm online I can hear the audible sound that alerts me that a pop-up has been blocked. But about twice per hour this results in a major slow or complete freeze of my system. What could be the cause?

April 5, 2004 9:35 AM

Hi. I have a question...
I have four SVCHOST.EXE running after restarting computer ... but after 1hour (or more) one of them is using my CPU in 100% ... when i disable it i can't COPY/PASTE/MOVE FOLDERS, etc.
Can you please help me ? And if you reply plz send me an email so i can see what is the problem :P btw. maybe there is a way to look why this process use 100% of my CPU ?

April 5, 2004 9:48 AM

should both be helpful.

Good luck.


April 5, 2004 10:41 AM

Tracy: sounds like the windows messenger *service* is still running and being attacked. This article: has instructions for turning that service OFF, which you should do. Or visit Gibson Research ( ) and grab "Shoot the Messenger" which does the same thing ... disables the service.

Good luck!


April 9, 2004 12:07 AM

I have SVCHOST and SVCHOST running in my system whenever i boot the system. And windows task manager shows 100% of my CPU is being used by these 2 process. when i disable / set the priority to below normal,the system doesn't allow the operations like COPY/PASTE/MOVE FOLDERS, etc.
Can you please help me ? And if you reply plz send me an email so i can see what is the problem :P btw. maybe there is a way to look why this process use 100% of my CPU ?

April 9, 2004 9:23 AM

SVCHost is a required system component, so you can't adjust it's priority, or kill it. You either have or are being attacked by a virus. Check out the various comments in - in short: update and patch Windows, update and run virus checking, and make sure you've got some kind of firewall in place.


April 10, 2004 6:29 PM

windows xp pro,, i have a free DL of ad ware for finding spyware,,, i find about 7 per 24 hrs, always comet cursor and tracking something,, both are called data miners,, they arein my registy key and files,, ad ware get rid of them but they always come back,, how can i stop them from coming back

April 10, 2004 6:47 PM

Well, step one is simply to take care in what sites you visit and software you download ... typically these downloads are given to you transparently be less-than-reputable vendors.

Second, tighten up your browser's security settings. This will prevent many.

Finally, Spy Bot does have have a monitoring function that will watch for, and block at your option, many of the bigger offenders. AdAware may also have something like this in their pay version. There's also a tool called StartupMonitor which can keep reins on what gets added to your startup ( ).


Allmen Quester
April 12, 2004 10:10 AM

Running in a command window (WinXP home) the "NET START" command works; however, when I type "tasklist /svc" I get the folllowing error message"
['tasklist' is not recognized as
operable program or batch file.]
What am I doing wrong?
Allmen Quester

April 12, 2004 4:13 PM

Nothing. You probably have XP Home, which apparently doesn't have the tasklist command. I'll be writing up an article shortly on how to use Sysinternals Process Explorer ( ) to get the same information. In a nutshell, run procexp, doubleclick on a svchost instance, and then select the "services" tab, and it'll show what services that instance of svchost is hosting.


John K
April 15, 2004 1:45 PM

Over the last few months, with increasing frequency, I receive the following message on my screen. It's in Norton Internet Security, but it's not the usual Alert Tracker screen I get when Norton detects an attempt to hack in. It's more like the screen I get when a new programme - like RealPlayer for example - tries to connect to the internet for the first time.

The message says:
A remote system is attempting to access Generic Host Processes for Win32 on your computer.
Application: C:\WINDOWS\system32\svchost.exe
Protocol: TCP (Inbound)

It also tells me the IP addrss of the computer from which the attempt is being made - I think it's diferent each time.

I have always asumed it's someone trying to hack in or plant a trojan or whatever it is these people do, and refused the connection, but, before I set a rule to always forbid such connections, I just wondered if it is a legitimate programme or something which I ought to be allowing for the good running of the computer.

April 15, 2004 1:51 PM

I'd set that always forbid rule. A remote computer should not be attempting to initate a conversation that way ... they're probably attempting to exploit a vulnerability in Windows (that's since been patched as well).

If you're curious, you can enter the IP address into a "reverse DNS" tool, such as and see a) if there is a host name for that address, and b) if the host name is something you recognize.


Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.