# [SOLVED] 10 svchost.exe procceses running at once!!!



## holy07 (Jan 15, 2008)

Ok, In windows task manager, i have svchost.exe 10 times listed as a SYSTEM, LOCAL SERVICE, and NETWORK SERVICE. not sure if it's a virus or something, but i also have some procceses im not sure should be there. plz, any help is appreciated. each svchost.exe is also eating up CPU performance, each running 4,000K + :upset:


thanx again!


----------



## Nemesis_SA (Sep 6, 2007)

*Re: 10 svchost.exe procceses running at once!!!*

Are you conneted to a domain or network?


----------



## holy07 (Jan 15, 2008)

*Re: 10 svchost.exe procceses running at once!!!*

by domain or network do you mean wireless network or router?
im using a ethernet cord going toa LinkSys Wireless G router.

my problems gone though, weird?

i gots another SERIOUS one though.
every time i click on something, i get a message from my Avira AntiVirus Software saying "TR/Vundo.Gen" is trying to access computer and stuff.

i ran vundofix twice
the first time, it found a bunch and deleted them, then i restarted

the next time, you virus message popped up WHILE it was runnign another scan, and it didn't find it. I really can't afford for my system to go down, and I only want to restore it as a last resort. 

you guys are the best, so help a friend out? =D


----------



## Nemesis_SA (Sep 6, 2007)

*Re: 10 svchost.exe procceses running at once!!!*

The thing with viruses that some people dont know, is they climb into your windows "System Restore". No matter how much times you do a system restore on your machine, the virus will keep coming back!

So if you dont find any other way to get rid of that virus, i suggest a doing a clean copy of windows. And as soon as you installed windows, DISABLE SYSTEM RESTORE!!


----------



## holy07 (Jan 15, 2008)

*Re: 10 svchost.exe procceses running at once!!!*

i ran vundo again, but this time in safe mode, and it got rid of like 6 trojans, but IT COULDN't GET THIS: C:/WINDOWS/system32/mljkijj.dll

It told me to reboot, and it would try to remove again, but it didn't work both times i tried.
So i guess im forced to do a whole new Windows.

thanx for the help, I'ma be much more carefull bout my DL's now


----------



## Nemesis_SA (Sep 6, 2007)

*Re: 10 svchost.exe procceses running at once!!!*

Cool man, but just remember to disable your system restore when you've loaded a fresh copy of windows.


----------



## paulabear (Nov 4, 2007)

*Re: 10 svchost.exe procceses running at once!!!*

You *need *to post this problem in a HJT forum.
You can try the HJT forum here, but I got help in removing sypware/trojans etc here:

http://www.bleepingcomputer.com/forums/forum22.html


----------



## holy07 (Jan 15, 2008)

*Re: 10 svchost.exe procceses running at once!!!*

well thanx for the help guys, all fixed up!
had to do clean install, but it's actually much nicer having fresh windows


----------



## blah789 (Aug 25, 2008)

*Re: 10 svchost.exe procceses running at once!!!*

svchost.exe is a normal program. It loads services for Windows. I'm not sure how it works - I think you call it with the proper parameters and it loads said services.
Services are "higher" than normal programs, and can't be stopped simply by clicking end process in task manager. They can only be stopped from the service console (and even then, some critical services can't be stopped because they're necessary for the proper operation of Windows).
Task Manager is retarded however, and you're not going to know which service it is by just looking at Task Manager. If you have Vista you can look in Windows Defender's advanced utilities and it will list the running processes with the process ID, which you can check against the process ID you see in task manager. Another way to check which svchost is which is by going to services (control panel, administrative tools) and turning off the services while you monitor task manager. This is NOT a recommended method, because some system services are critical and/or can't be stopped, but it will work for some non-critical services.
And yes, sometimes malware will disguise itself as svchost.exe. Normally those aren't difficult to spot as they run with user privileges instead of system ones, and they're just regular processes, not services, and can be stopped via end process.


----------



## blah789 (Aug 25, 2008)

*Re: 10 svchost.exe procceses running at once!!!*



holy07 said:


> by domain or network do you mean wireless network or router?
> im using a ethernet cord going toa LinkSys Wireless G router.
> 
> my problems gone though, weird?
> ...


Make sure you have all your Windows Updates, firewall on, and data execution prevention (DEP) enabled.
Windows Update will patch up any known security holes. Firewall will block unwelcome incoming packets. And DEP will protect you from buffer overflow attacks.

Here's what I think it is: you have one or more of the three not completely up-to-date, so you're getting attacked over and over again - however your AV program was smart and saved your butt by alerting you that the program was trying to reload.
Understand the way that some malware gets to your computer: sometimes you're sitting there doing nothing but surfing the web and your computer crashes or gets malware - that's usually because someone is sending packets exploiting a known vulnerability (usually buffer overflow conditions) that will load malware into memory without your intervention. It's like people walking around a neighborhood turning the knob on every door to see if it's open. If it's open they come in and wreck the house. Same thing with bad packets - hackers scour the internet all the time for unsecured computers to break into, that's why you need the 3 items I said above + antivirus + antispyware.

P.S: it's also possible to get malware from surfing the web - with purposedly malformatted web pages, or pages with malicious code in them.


----------



## jcgriff2 (Sep 30, 2007)

*Re: 10 svchost.exe procceses running at once!!!*

Hi. . .

For info - re: svchost - 13 running on this Vista SP1 x64 system right now.

*svchost* is the Windows generic host process that combines system services that run from Dynamic Link Libraries (DLL). 

The screenshot below shows the services that are running under 2 of them.

Regards. . .

jcgriff2

.










.


----------

