How to delete the svchost exe file. How to remove svchost using avz

Date of publication: 07/20/2010

Article updated 12/09/2011

Symptoms:
Your computer suddenly began to freeze and slow down the system. At the same time, you have an antivirus with the latest antivirus databases. Click Ctrl+Alt+Delete and click on the tab Processes. You will see a list of all processes that are currently running; at the same time, you will see that one of the processes is consuming a lot of computer resources (although you are not currently using any programs). Here you will see a certain process svchost(there will be several processes with the same name, but you need exactly the one that loads the system at 100%).

Solution:
1) First of all, try simply restarting your computer.
2) If after a reboot this process continues to load the system, then right-click on the process and, in the list that opens, select End process tree. Then restart your computer.
3) If the first two methods did not help you, then go to the folder Windows and find the folder there Prefetch(C:\WINDOWS\Prefetch). Delete this folder ( delete exactly the folder Prefetch; DO NOT accidentally delete the folder itself Windows!!!) Next, follow the second point (i.e. delete the svchost process tree). Restart your computer.

How many processes should there be in total?svchost.exe in the "Processes" tab?
The number of processes with this name depends on how many services are running through svchost. The quantity may depend on the version of Windows, the properties of your computer, etc. Therefore, there can be from 4 processes (the absolute minimum) to infinity with the name “svchost.exe”. On my 4-core computer with Windows 7 (including the services being launched), there are 12 svchosts in the “Processes” tab.

How to determine which one is a virus?
You can see in the screenshot above that in the “User” column next to each svchost there is the name of the source that launched this very process. In normal form, next to the svchosts it will be written “system”, or “network service”, or “local service”. Viruses launch themselves as “user” (can be written “user” or “administrator”).

What is a process anyway?svchost.exe?
In simple terms, the svchost process is an accelerator for the launch and operation of services. svchosts are launched through the system process services.exe

What happens if I click on “End process tree” and accidentally end a system process?svchost, and not the virus itself?
Nothing bad will happen. The system will give you an error and restart your computer. After a reboot, everything will fall into place.

What viruses masquerade assvchost.exe?
According to Kaspersky Lab, the following viruses are disguised as svchost.exe: Virus.Win32.Hidrag.d, Trojan-Clicker.Win32.Delf.cn, Net-Worm.Win32.Welchia.a
According to unconfirmed reports, some versions of Trojan.Carberp also disguise themselves as svchost.exe

How do these viruses work?
These viruses, without your knowledge, access special servers, from where they either download something else dangerous, or send information to the server (namely your passwords, logs, etc.)

Processsvchost.exe loads the system, but in the “User” column it says “system". What is it?
Most likely, this means that some service is working hard. Wait a little and this process will stop loading the system. Or it won't stop... There are some viruses (for example: Conficker) that use real svchosts to corrupt your system. These are very dangerous viruses, and therefore you should check your computer with an antivirus (or better yet, several at once). For example, you can download DrWeb CureIt - it will find such viruses and remove them.

Why do you need to terminate the process tree and delete the folder?Prefetch?
If you terminate the process tree of your system-slowing svchost, the computer will reboot immediately. And at startup, when the virus tries to start again, the antivirus (which you must have installed) will immediately detect and remove it. Although there are many modifications. For example, the original source of such a virus may be located in the Prefetch folder. This folder is needed to speed up the operation of services. Removing it will not harm your computer.

Your advice didn't help me. Processsvchost.exe continues to load the system.
First of all, check your computer with an antivirus. Better yet, check your computer with several antiviruses.
I can also advise you to clean out the System Volume Information folder. This folder contains restore points for your computer. Viruses register themselves in this folder, since the system does not allow the antivirus to delete anything from this folder. But this is unlikely to be of use to you. I have not yet heard of such modifications of viruses that pretend to be svchost.exe and are located in the System Volume Information folder.

If you have any more questions, I will be happy to answer them.

Latest tips from the Computers & Internet section:

Council comments:

I deleted the Prefetch folder and everything was OK! thank you, XPi system

userOK, you're right svchost.exe is one of the main processes. But there is a certain type of virus that masquerades as it. After all, svchost is just a name. Besides, terminating the process tree does not harm anything. Windows is enough good system, and restores most system files automatically.

what are you teaching children??????????svchost.exe in the family of operating systems Microsoft Windows(2000, XP, Vista, Seven) - the main process (English Host process) for services loaded from dynamic libraries. Using a single process to run multiple services can significantly reduce costs RAM and CPU time.

For none of Windows users It’s no secret that when your computer freezes or slows down, you first need to look at the “Task Manager” in order to end the processes that are weighing down the system. The task, let’s say, is for first-graders: it seems like we were swimming and we know what’s there and how. However, looking once again into the notorious dispatcher, many users, to their surprise, notice almost for the first time that the process svchost.exe is leading to overload of the central processor, which, attention, is displayed in not one, but 4 at once , or even more lines:

Well, think for yourself, what other reaction could there be at this moment, other than panic at the thought that a virus has settled on your favorite PC? In my memory, there has never been a time when system processes were duplicated in the “Task Manager”! However, before looking in horror for a solution on how to quickly remove svchost.exe from your computer, you need to figure out whether it is actually a virus or not.

Step No. 1: Detecting viruses

Perhaps it’s worth noting right away that the svchost.exe process itself does not pose any threat to Windows, no matter how strange it may seem. In fact, it is designed to run services built into the system, services and various programs that use special DLL libraries in their work. However, based on the fact that such system services There are often quite a lot on a computer; executing them in one process can be very difficult. This is why svchost.exe is often launched several times, serving individual Windows services.

It is clear that deleting such processes does not make any sense, since to disable them it will be enough to simply restart the computer. At the same time complete removal The svchost.exe system file may cause problems with Windows work, the appearance of all sorts of errors and other problems with Windows. That’s why, having discovered a whole fan of svchost.exe in the “Task Manager”, there is no need to rush to say goodbye to it right away: everything can be much simpler.

However, you shouldn’t relax in this case either. The fact is that viruses often disguise themselves as svchost.exe, bringing with them very unpleasant gifts in the form of:

• random exit of the computer from sleep mode;
• a system error appears when launching applications, opening a disk drive, or reading a disk;
• automatic reboot Windows;
• turning off the computer for no reason;
• PC slowdown due to CPU load of more than 90%;
• spontaneous opening of applications, etc.

The question arises, how can you determine in this case where the virus is and where the normal system process svchost.exe is? The answer is simple - take a closer look at it.

So, the first sign that svchost.exe is a virus will be the execution of this process on behalf of the user (normally it is launched on behalf of LOCAL SERVICE, SYSTEM (system) or NETWORK SERVICE). To determine this, just press Ctrl+Shift+Esc on your keyboard at the same time, thereby calling up the “Task Manager”, then select the “Processes” tab in the window that opens and, finally, look at the data specified in the “User” column for the process svchost.exe:

I note that for the same purpose, if you wish, you can use a special program Process Explorer, which displays complete information about all processes running on the computer, including svchost.exe:

At the same time, the location of such a file can help determine whether there is a threat from svchost.exe. Remember: normally it is stored only in one of 4 folders located on the hard drive, namely in the directory:

• WINDOWS\Prefetch
• WINDOWS\ServicePackFiles\i386
• WINDOWS\system32
• WINDOWS\winsxs

Accordingly, if svchost.exe is located in some other place, for example, separately in the WINDOWS folder, rest assured: this is a real virus. At the same time, the “Task Manager” can again help you check whether this is actually the case. In this case, after starting it, you will need to right-click on the line with the process name svchost.exe, select “Properties” in the menu that opens, and then pay attention to the “Location” field:

In addition, the name of the process itself can be a clue. Thus, any deviations from the spelling of svchost.exe in the image name can be safely regarded as a hidden virus threat. Therefore, if you see in the “Task Manager” processes such as svhost.exe, svehost.exe, svxhost.exe, svchos1.exe, svchest.exe, svch0st.exe and other misspelled values, you can safely delete them: these are viruses.

Step No. 2: Remove viruses from svchost.exe

It must be said that due to the numerous varieties of svchost.exe viruses, there is currently no universal way to remove them from a computer. In particular, a full check can help solve this problem Windows installed on PC antivirus program. The main thing in this case is not to forget before starting it:

• disconnect from local network and the Internet;
• end suspicious svchost.exe processes in the Task Manager;
• clear startup of svchost.exe files. In this case, we first need to press ÿ+R on the keyboard, then enter the msconfig task into the “Run” utility that appears, click OK, and then after selecting the “Startup” tab in the window that opens, check for the presence of svchost.exe in it:

At the same time, so that the effect of treating your computer does not turn out to be temporary, you must take care of installing and updating a powerful antivirus and firewall in Windows. This is the only way to be sure that the problem with the malicious Trojan file svchost.exe will not return to the system.

It is important for a modern Internet user to understand that today in global network there are a huge variety of different threats. When infecting a PC, viruses are often disguised as normal system processes. This article will discuss how to remove the svchost.exe virus.

This process is not the only one during system operation. In the task manager you can see more than a dozen processes with the same name at once.

In normal mode, no one pays much attention to these processes, but as soon as the computer starts to get pretty busy, it turns out that svchost.exe “eats” half of the system resources, or even more, on an ongoing basis. Of course, you can take drastic measures and do a system restore. But these measures will not always help solve the current problem.

svchost.exe– is a system process responsible for running various types of services on a PC. This process allows you to run multiple services simultaneously, while helping to save system resources. Thus, several lines with this name are displayed in the task manager at once.

Viruses and Trojans can masquerade as the svchost.exe process, thereby causing a heavy load on the computer hardware.

To determine whether a given process is malicious code, you must first press Ctrl+Atl+Delete. In the processes tab, the first column displays all running processes, and the next column shows whether the process belongs to a specific user. svchost.exe can only be launched as NETWORK SERVICE, SYSTEM and LOCAL SERVICE. If during the analysis it was noticed that this process was launched under a different name, for example, from USER (or another name), then it means that a virus is operating in the system.

To disable the launch of malware, you need. For this you can use standard means OS or free. To avoid installing additional programs, you need to execute the command msconfig. After this, a window will open in which you need to go to the “” tab. If the analysis reveals the svchost.exe process, then it is 100% a virus.

The real system svchost.exe can only be launched from the C:\WINDOWS\system32 or C:\WINDOWS\SysWOW64 folder. If the startup process is launched from the WINDOWS folder, then this indicates a virus code.

The creators of these viruses disguise them in the following folders:

C:\Users\your-username\svchost.exe

C:\WINDOWS\windows\svchost.exe

C:\WINDOWS\sistem\svchost.exe

C:\WINDOWS\system\svchost.exe

It is very easy to determine in which folder the currently active svchost.exe processes are located. To do this, follow these steps:

In operating rooms Windows systems 8 and Windows 10, you can view the list of services that use the svchost.exe process through the Task Manager. This is easy to do - you need to right-click on the suspicious process and select “Go to services”. It is worth noting that the names of many services are unlikely to tell the average computer user anything.

The svchost.exe process may not be a virus, and if it loads the system, then 2 scenarios should be considered here:

• The computer is infected with a virus that sends spam, mines cryptocurrency for its creators, or transfers other data to attackers;
• Due to inattention, the user does not notice that the malicious process is only hiding under the guise of the svchost.exe system library, but in fact it is not one.

If your computer is infected with a virus and because of this the svchost.exe process loads Windows 10 or an earlier version operating system, then you should check your computer popular antiviruses. Be sure to install a Firewall, which will ensure your computer's network security.

In the second case, you should recognize the malicious file svchost.exe, which is not such, and then delete it.

How to distinguish svchost.exe virus from a system file

If the svchost.exe process is using up memory or CPU, then you should make sure that the file it references is valid. To do this, carefully check the name of the executing process. Below we present several tricks of attackers who replace the svchost.exe process with another one, but similar in name. The following schemes are most often used to disguise the virus:

Listed above are only the most common options for masking the virus, but there may be others. Make sure that the process is called svchost.exe and that all letters are written in Latin letters.

If you find a process that masquerades as svchost.exe, but is not one, you should delete it. This is quite easy to do if you use the AVZ program.

How to remove svchost.exe using AVZ program

The well-known anti-virus utility AVZ is capable of detecting and removing unwanted programs, including viruses. It is distributed free of charge and has many useful features. The advantage of the AVZ program is that it does not need to be installed on the system drive. AVZ can be launched from a flash drive, external hard drive, or directly from a downloaded archive.

To remove the svchost.exe file using the AVZ utility, you must perform the following steps:

begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile("path to virus ",""); DeleteFile("path to virus"); BC_ImportAll; ExecuteSysClean; ExecuteWizard("TSW",2,3,true); BC_Activate; RebootWindows(true); end.

Instead of the words “Path to the virus” highlighted in red, you must specify the location of the svchost virus process. Above, we have already described how to determine where the virus file is located, which is masquerading as svchost.exe. Copy the path to it (or write it manually) and paste it instead of the words highlighted in red. Attention: Quotes cannot be removed from the script - only letters highlighted in red.

After successfully removing the file that pretended to be svchost.exe, we strongly recommend that you scan your computer for viruses. There is a high probability that one of the programs generates new files that automatically run in processes and pretend to be svchost.exe.

Malicious website blocked svchost.exe virus ?

SvcHost stands for the service node. svchost.exe is an executable file marked as Generic Host Process for Win32 Services or, in other words, the SvcHost process runs a bunch of Windows services, each of which has a specific purpose. svchost.exe is nothing more than an executable file that groups related Windows services. A process is used to store one or more operating system services and it requires Windows file, which comes in handy when loading the required DLL files. So far so good right? Nothing stated to date entails the reaction of “Oh, no! I found svchost.executable on my computer!” Well here's where it gets tricky. Yes, there is svchost.executable, which is legal and necessary. But there is one which is fake, which only harms your system and compromises your privacy. So how can you tell which is which? There is a way. The legitimate one should only be found in the C:WindowsSystem32 folder. If you find a file with the same name anywhere, it's a fake one! Do everything you can to get rid of fake files placed on your computer! To get rid of it as soon as possible! But keep in mind that manual removal will be quite difficult, if not impossible. Think of the file as a plague that refuses to go. It simply refuses to leave your system. Even if you are sure that you got rid of it today, you may be unpleasantly surprised by its appearance the very next day. They refuse to leave. The easiest way to do them is to seek help from a legitimate tool. Do what you should, but remove the fake, harmful file as soon as possible.

How to get infected by this malware?

A fake SvcHost may represent a computer Trojan horse. But as sneaky as it can be, it can't just pop up on your screen one day as if by magic. There's nothing magical about his sudden appearance. Infections like the one using a fake .exe file as a front usually show up on your PC by resorting to old but gold infiltration methods. Their usual antics include the most common methods like hitching with freeware or corrupted links or sites. Moreover, the annoying infection can slither its way in by copying its executable file into the Windows folder or Windows system. After this, it moves on to the next step, which makes changes to the registry to run this file with every startup unified system. Whatever method of infection, the infection decides to turn to, once it invades your computer, you will be bombarded with questions. Don't waste a ton of time and energy going about your daily dining routine by stopping it from getting there in the first place. Do your best to keep it away from your computer. Be careful and attentive about what exactly you are allowing into your system. Take your time when you install a tool or update and always do your due diligence. Who knows? Perhaps with a little luck, you will be able to keep the fake svchost.executable from your system.

Why is Tiza dangerous?

SvcHost is Windows component important. This may be why many malicious tools choose to disguise themselves as the SvcHost process. But don't despair! There are ways you can determine the authenticity of this process. The best thing is to look at where exactly the .exe file is located. Original system file- this can be found in the C:WindowsSystem32 or c:winntsystem32 folder, or even in the DLL cache folder, depending on the Windows version you are using. Any other file with the same name located in a different location is an impostor. It's more like malware, using a name as a front to hide, and wreak havoc undetected. Well once you determine the .exe file on your computer is fake, don't let it stay and wreak havoc. The bad thing is that any virus can load itself into memory using the legitimate windows process svchost.exe The most important thing is to identify all the services running on your computer and determine if there is one sneaky one.

Your computer is most likely infiltrated by a virus or Trojan. And said virus or Trojan for the appearance of fictitious Windows services. Once the infection service you are stuck with starts, you can choose to connect to the malicious website and either transfer the personal information it stole from you or download additional malware. So the question is: are you ready to play with your personal and financial information? Are you willing to risk it falling into the hands of unknown third parties with hidden agendas? Are you ready to open your system to more unwanted malicious tools? And how long do you think it will last before he gives and greets you with blue screen death? Are you ready to find out? Here's a hint: don't. Protect yourself and your system, and do what's best for you and your future PC: remove fake executables right away! This is for the best.

svchost.exe virus removal procedure

Warning, multiple antivirus scanners have detected possible malware in svchost.exe.

Antivirus software	Version	Detection
Tencent	1.0.0.1	Win32.Trojan.Bprotector.Wlfh
Malwarebytes	v2013.10.29.10	PUP.Optional.MalSign.Generic
NANO AntiVirus	0.26.0.55366	Trojan.Win32.Searcher.bpjlwd
VIPRE Antivirus	22702	Wajam (fs)
Baidu-International	3.5.1.41473	Trojan.Win32.Agent.peo
VIPRE Antivirus	22224	MalSign.Generic
Dr.Web		Adware.Searcher.2467
ESET-NOD32	8894	Win32/Wajam.A
Kingsoft AntiVirus	2013.4.9.267	Win32.Troj.Generic.a.(kcloud)
K7 AntiVirus	9.179.12403	Unwanted-Program (00454f261)
McAfee	5.600.0.1067	Win32.Application.OptimizerPro.E
Qihoo-360	1.0.0.1015	Win32/Virus.RiskTool.825

svchost.exe behavior

• svchost.exe deactivates installed software.
• General behavior of svchost.exe and some other text emplaining som information related to behavior
• Change desktop and browser settings.
• Browser redirection to infected pages.
• Distributes via pay-to-install or bundled with software third party manufacturers.
• Internet connection slows down
• Steals or uses your confidential data
• Shows fake security alerts, pop-ups and advertisements.
• svchost.exe shows commercial advertisements
• Installs itself without permissions
• Changes user Home page

svchost.exe is carried out by Windows OS versions

• Windows 10 30%
• Windows 8 40%
• Windows 7 19%
• Windows Vista 7%
• Windows XP 4%

Geography svchost.exe

Eliminate svchost.exe from Windows

Remove svchost.exe from Windows XP:

Remove svchost.exe from your Windows 7 and Vista:

Erase svchost.exe from Windows 8 and 8.1:

Remove svchost.exe from your browsers

svchost.exe Removal from Internet Explorer

Erase svchost.exe from Mozilla Firefox

Terminate svchost.exe from Chrome

Svchost is a Windows system module that is used to run various services. In the Task Manager, any of the services launched using this module is identified as “svchost”.

But there are many viruses that masquerade as svchost, the most common of which is called RAT. It will be quite difficult for an inexperienced user of a personal computer to recognize such a virus in the Manager, as well as to detect it in the entire system as a whole. Therefore, it is worth noting that an important sign of the presence of this virus in the system may be a message informing you about an error that is associated with svchost.exe and notifying the user that “the memory cannot be read.” In this case, you need to take steps that will tell you how to remove svchost. Otherwise, your computer will be subject to serious failure. So, let's take a step-by-step look at how we can get rid of this virus.

How to protect yourself from re-infection

First, you need to protect your computer from re-infection with a virus by installing an anti-virus program on it.

Don't be afraid of this, because this method very simple. To begin, go to the registry editor and look for the HKEY_Software_Microsoft\Windows\CurrentVersion\RunServices "PowerManager"="%WinDir%svchost.exe" key there, and then delete it.

Svchost exe will tell you the next step on how to remove it. To do this, open the module designed to manage Windows services, find PowerManager in the list and call context menu on this service, stop it.

Terminating the virus program process

The third step is to end the virus program process.

When deleting virus files, be extremely careful not to mistakenly delete the “real” svchost, which is located in the %WINDIR%system32 folder. It must not be deleted under any circumstances. Therefore, before you start deleting, check yourself once again for errors.

The next step will tell you how to remove the Svchost virus completely. Now you need to remove the automatic launch of this program from the registry. To do this, launch the registry editor, find and delete “svchost” = “%WinDir%svchost.exe” in it. Then find the key and change it from %WINDIR%svchost.com "%1" %* to "%1" %*.

The key also needs replacing. Its value should become "Userinit"="%Sustem%userinit.exe".

Well, the last key that requires changes is this.

The operation of the Windows operating system is a complex process that is only possible with the proper functioning of all software components. MacOS is no less complex, but in it users do not have the ability to monitor system processes. On Windows see all executable files you can in the “Task Manager”, and inexperienced users some of them can be scary. A prime example of a file that is causing concern is svchost.exe. Quite often in Windows, svchost.exe loads memory or CPU, and there is a feeling that it is a virus. Is this really true? Let's figure it out.

Svchost.exe: what is this process, what functions does it have and why is it needed?

There is a basis for the widespread belief that svchost.exe is a virus, but in reality, most often, this process does not pose any threat. If you understand the functional responsibilities assigned to this file, it is necessary to connect dynamic DLLs for programs and services that cannot work without them. Each program uses its own svchost file, which can be located in different folders of the Windows operating system.

Most often, the svchost.exe file can be found at the following addresses:

• C:\WINDOWS\system32
• C:\WINDOWS\Prefetch
• C:\WINDOWS\winsxs\ amd64_microsoft-window
• C:\WINDOWS\ServicePackFiles\i386

If the svchost.exe file is located in other folders, this is a reason to sound the alarm, but it is far from an indication that it is a virus. This rule also applies in the opposite direction; if svchost.exe is even located in one of the above folders, it may well turn out to be virus software.

It is very easy to determine in which folder the currently active svchost.exe processes are located. To do this, follow these steps:

In the Windows 8 and Windows 10 operating systems, you can view the list of services that use the svchost.exe process through the Task Manager. This is easy to do - you need to right-click on the suspicious process and select “Go to services”. It is worth noting that the names of many services are unlikely to tell the average computer user anything.

The svchost.exe process may not be a virus, and if it loads the system, then 2 scenarios should be considered here:

• The computer is infected with a virus that sends spam, mines cryptocurrency for its creators, or transfers other data to attackers;
• Due to inattention, the user does not notice that the malicious process is only hiding under the guise of the svchost.exe system library, but in fact it is not one.

If your computer is infected with a virus, and because of this the svchost.exe process loads Windows 10 or an earlier version of the operating system, then you should scan your computer with popular antiviruses. Be sure to install a Firewall, which will ensure your computer's network security.

In the second case, you should recognize the malicious file svchost.exe, which is not such, and then delete it.

How to distinguish svchost.exe virus from a system file

If the svchost.exe process is using up memory or CPU, then you should verify the authenticity of the file it refers to. To do this, carefully check the name of the executing process. Below we will present several tricks of attackers who replace the svchost.exe process with another one, but similar in name. The following schemes are most often used to disguise the virus:

Listed above are only the most common options for masking the virus, but there may be others. Make sure that the process is called svchost.exe and that all letters are written in Latin letters.

If you find a process that masquerades as svchost.exe, but is not one, you should delete it. This is quite easy to do if you use the AVZ program.

How to remove svchost.exe using AVZ program

The well-known anti-virus utility AVZ is capable of detecting and removing unwanted programs, including viruses. It is distributed free of charge and has many useful functions. The advantage of the AVZ program is that it does not need to be installed on system disk. AVZ can be launched from a flash drive, external hard drive or directly from the downloaded archive.

To remove the svchost.exe file using the AVZ utility, you must perform the following steps:

begin SearchRootkit(true, true); SetAVZGuardStatus(True); QuarantineFile("path to virus ",""); DeleteFile("path to virus"); BC_ImportAll; ExecuteSysClean; ExecuteWizard("TSW",2,3,true); BC_Activate; RebootWindows(true); end.

Instead of the words “Path to the virus” highlighted in red, you must specify the location of the svchost virus process. Above, we have already described how to determine where the virus file is located, which is masquerading as svchost.exe. Copy the path to it (or write it manually) and paste it instead of the words highlighted in red. Attention: Quotes cannot be removed from the script - only letters highlighted in red.

After successfully removing the file that pretended to be svchost.exe, we strongly recommend that you scan your computer for viruses. There is a high probability that one of the programs generates new files that automatically run in processes and pretend to be svchost.exe.