Generic Host Process – Don’t shoot them all
If you heard somewhere that svchost.exe or Generic Host Process is a bad virus and found your Task Manager crowded with this nasty name, you might think that your system is badly infected. There might be about dozen svchost.exe processes running at the same time and shown it the Task Manager window.
DO NOT SHOOT THEM ALL!
I mean do not try to stop these processes without knowing what you are doing; otherwise, your system might be in a real trouble. There is a 99% possibility that none of these processes are guilty of some illegal activity. I would say that I am 100% sure that no one of them is “guilty” because svchost.exe virus typically wouldn’t let you stare at your Task Manager – it will just block this utility. However, no one can say for sure that a new sneaky variation of this virus won’t appear and silently hide among all of the looking alike processes.
THEY ARE PERFECTLY LEGAL
With Windows NT Microsoft moved all of the services from executable programs to DLL libraries. This libraries hold functions for system service, and Generic Service Host executable process just call these function as needed. This design is more appealing to programmers because components are easier to manage and maintain. Though, the programmers comfort isn’t the main goal of such a design. Generic Service Host process manages services to run without cross conflicts and preserves system resources eliminating the need for running a lot of EXEs at the same time.
Why there are that many Generic Host processes running at the same time? It is needed to make the system less vulnerable to possible service failures. Should all the services belong to one Host Process, the failure of a single one would bring all the services down at once. That is why related services are divided into groups and ran by multiple instances of the Generic Service Host process. Should one service fail for some reason, all other services would still be running and available.
Now, you might be puzzled. How can one find out “who is who”, and which one might be a “bad guy” that you had heard about? It is not that hard as it might look because Task Manager is hiding information from you, and the virus also cannot be hidden completely. There are things that you can easily figure out and the things that might make you overwhelmed with the virus hunt. If you don’t like puzzles, try to make a single click and let Svchost Fix Wizard do the job for you. It is a lot less time consuming way of solving problems related to Generic Host Process.
Well, it seems as you had ignored the temptation of letting professionals solve Generic Host Process problems for you. Then you need some information that will help you to solve the problem on your own if the problem is one that might be easily solved by smart person with a time available to play with puzzles.
First of all, you need to know some basics. The legal file for Generic Host Process is located at %SystemRoot%\System32\Svchost.exe. File with such a name shouldn’t appear in your autorun list because it is a standard system service. It also shouldn’t reside in some other folder. File that resides in your autorun or is placed in a folder that doesn’t belong to your system is a reason for being suspicious and running a full antivirus scan on your system. Smart man would probably try to make all the files visible and try to find all of them with the system Search utility. If some suspicious file is found, then it might be renamed and the system might be restarted. The absence of problems indicates that renamed file can be safely removed. If after restart the renamed file is found under its original name, but not in the right place for the legal one, than this file is a virus and need to be removed.
To find what the services are running behind some particular legal svchost.exe you can by right clicking on it with your mouse and then clicking “Go to Service” option. Services tab will open and show a list of services ran under one or another svchost.exe process. To see the svchost.exe processes in Processes tab you might need to toggle on the option for viewing all the running processes in Task Manager. Smart man would probably take all the processes from this window to Google search box trying to find out on possible virus entities hiding in. Not that fast, but usually this information can easily be found on the internet.
The possible presence of the virus might be indicated by a high activity shown in one of svchost.exe processes in Task Manager, or it might be indicated by the error pointing at Generic Host Process. However, there is no way to determine if the error is caused by the virus or by something else. It might be caused by the crash of some legal service DLL, unsuccessful system update, etc.
You might need to perform many test and tries before you can find out the truth and solve the problem. You can make a single click and wait for the automated utility performs all the needed things for you. Give it a try, unless you are sure that you don’t need it.