SVSHOST.EXE

In the task manager,i have noticed 5 processes listed as SVCHOST.EXE ,with details as follow

PID                                      USER NAME

728,868 SYSTEM
812,1032 NETWORK SERVICES
1072 LOCAL SERVICES

As there are trojans also with the same name,how to check whether these are genuine microsoft processes or trojans in the system.

Another thing i noticed,during scan with SPYBOT-S&D(which I do almost daily) that during the whole time of scan(about 5-6 minutes) the CPU usage is at 100%.IS it normal to happen or there is something fishy going on?

PLEASE ENLIGHTEN A NEWBIE,WHO SAYS THANKS N ADVANCE

CHEERS

Hi qrius2noall,

Multiple instances of Svchost.exe can run at the same time.

http://support.microsoft.com/kb/314056

When you start the avast! AV scanner it will scan memory processes and should detect any Trojans running as svchost.exe.

Run a memory scan with AVG Anti-Spyware (Ewido) or a-Squared Free as a double check.

It’s normal for an anti-malware scanner to take up 100% CPU- it’s a very intensive process.

It isn’t unusual for there to be multiple svchost entries (currently I have five occurrences) in the Task Manager and for those User Names, provided the only location or the file is c:\windows\system32 (windows XP, other OSes may have it in a different location) then it should be OK.

Do a system search for svchost.exe and report the locations it is found.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.