svchost.exe is a system service process.
Because there are many services, so there will be many such process.
Because there are many services, so there will be many such process.
But,....
if we have svchost.exe is an uppercase letter, then you attention!
That should be a Trojan! ! !
the process who have the virus, posing as: svch0st.exe, schvost.exe, scvhost.exe. With the growing number of Windows system services, in order to save system resources, Microsoft has made many services share the way, by the svchost.exe process to start. The system service is a dynamic-link library (DLL) form of realization, they point to the executable program svchost, call the appropriate service from the svchost dynamic-link library to start the service. We can open the "Control Panel" → "Administrative Tools" → service, double-click them "ClipBook" service in its property panel can be found in the corresponding executable file path "C: \ WINDOWS \ system32 \ clipsrv.exe . " And then double-click the "Alerter" service, you can find the executable file path "C: \ WINDOWS \ system32 \ svchost.exe-k LocalService", and "Server" service's executable file path "C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs ". It is through this call, you can save a lot of system resources, so the system appears in multiple svchost.exe, is only the system services only. In the Windows2000 system, there is generally two svchost.exe process, one is RPCSS (RemoteProcedureCall) service process, while the other is shared by many services, one svchost.exe; while in WindowsXP, then in general there are more than 4 svchost . exe service process. If the svchost.exe process than the number six, we must be careful, there may be a fake virus detection method is very simple, using some process management tools such as Windows optimized master's process management functions, see svchost.exe in executable file path, if the "C: \ WINDOWS \ system32" directory outside, it can be determined that the virus has.
No comments:
Post a Comment