File svchost.exe

[Antares 531]

I frequently get a warning from my Norton security software that
something is using excess disk activity. When I click on the link that
it shows it takes me to a file svchost.exe but that is all I can
figure out. Is this a malware file, or is it a valid part of Windows
7? I am running Windows 7 Home Premium SP1 and all seems to be working
very well. I do notice some slow responses from time to time but I
think that may be caused by scan disc or some such background
activity.

 

[charlie]

I frequently get a warning from my Norton security software that
something is using excess disk activity. When I click on the link that
it shows it takes me to a file svchost.exe but that is all I can
figure out. Is this a malware file, or is it a valid part of Windows
7? I am running Windows 7 Home Premium SP1 and all seems to be working
very well. I do notice some slow responses from time to time but I
think that may be caused by scan disc or some such background
activity.

The way to start and try to figure out what is going on (Win 7)
Open task manager.
Go to processes
right click on the svchost.exe entry you suspect
Click on the Last selection in the drop down.
(Go to services)
This should give you at least some idea of what the incidence of svchost
is tied to. It seems that win 7 uses more simultaneous copies of
svchost than earlier versions.

 

[Big Steel]

I frequently get a warning from my Norton security software that
something is using excess disk activity. When I click on the link that
it shows it takes me to a file svchost.exe but that is all I can
figure out. Is this a malware file, or is it a valid part of Windows
7? I am running Windows 7 Home Premium SP1 and all seems to be working
very well. I do notice some slow responses from time to time but I
think that may be caused by scan disc or some such background
activity.

As its name implies 'host' svchost.exe hosts other programs running on
the computer. They can be other O/S programs or vendor programs being
hosted by svchost.exe. Svchost.exe can also host malware programs too.

To see what SVChost is hosting, you can use something like Sysinternal's
Process Explorer which is free.


The link talks about Process Explorer and how to use it.

<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>

It will tell you where a program is being run from on the HD. If you
highlight a program in the upper pane, it will tell you from what
directory the program is running from on the HD. If you right-click the
line and go to Properties, you can get more information about the
process and what it is hosting.

The lower pane tells you what programs are being hosted by any given
process that is running. You can right-click the line too.

If svchost.exe is not running out of the Windows\system32 directory,
then it's a trojan.

You might not even have malware running and everything is legit for any
given svchost.exe that is executing.

 

[robyn]

THANK YOU = SOLVED