How to find problematic svchost
Thursday, September 06, 2007 by Striker
Sometimes, WinXP got slow down extremely and barely respond. After you open the Task Manager you found that one of the svchost.exe is eating all CPU resource.
The difficult thing is that svchost.exe is used by Microsoft Windows Services and run many instances simultaneously. Sometimes, malware also run with the same name too. How can you differentiate which one is malware or which one is legitimate.
Ok, after you open Task manager,
Go to View-->>Select Columns -->> Check PID (Process Identifier)
You will see the Task manager as below:
Record the PID no. of the svchost process. After that, go to command prompt.
Type Tasklist /SVC
You will see the svchost with the PID. So that now you've got an idea of which process are actually associated with that svchost instance. If you want to know more info of that process you can google it. For example if you suspect CryptSvc, you google it and you'll know that cryptsvc is a module associated with Cryptographic Services from Microsoft Corporation. Ok, that's legitimate, you can try next one and hopefully you'll spot the spyware if there's one.
Reference : Microsoft
The difficult thing is that svchost.exe is used by Microsoft Windows Services and run many instances simultaneously. Sometimes, malware also run with the same name too. How can you differentiate which one is malware or which one is legitimate.
Ok, after you open Task manager,
Go to View-->>Select Columns -->> Check PID (Process Identifier)
You will see the Task manager as below:
Record the PID no. of the svchost process. After that, go to command prompt.
Type Tasklist /SVC
You will see the svchost with the PID. So that now you've got an idea of which process are actually associated with that svchost instance. If you want to know more info of that process you can google it. For example if you suspect CryptSvc, you google it and you'll know that cryptsvc is a module associated with Cryptographic Services from Microsoft Corporation. Ok, that's legitimate, you can try next one and hopefully you'll spot the spyware if there's one.
Reference : Microsoft
