M
mholt
I see about four, most of the time.
Thanks.
Thanks.
M
Mike Cawood, HND BIT
Hmm I've got 12.
Regards Mike
Regards Mike
H
Hot-Text
svchost.exe is a good thing do not worry about it..
P
Paul
Those svchost entries, hold smaller things inside them.
Use Process Explorer, to see what's in them.
http://technet.microsoft.com/en-ca/sysinternals/bb896653.aspx
Hold your mouse over a "svchost" entry, to see a list of
services it contains.
I have seven svchost entries, and one is chock full of services
and has about 28 services running inside it. One of the other
svchosts, only contains a single service (WIA or Windows Image
Acquisition). There is no attempt to "balance the load".
They seem to be dispatched that way on purpose.
Paul
G
Guest
Same here, moreless barebones system (13 total processes shown in Taskmgr after boot).
C
Cheng Heng
See if this article helps:
<http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/>
hth
<http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/>
hth
J
Jose
Download Process Explorer so you can see what is "really" running,
especially behind those multiple svchosts you see running in Task
Manager.
You'll like PE when you get the hang of it. PE is the Windows Task
manager on steroids. PE installs nothing, and only runs on demand.
It looks a little intimidating at first, but you will start to like
the way it works.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Expand the columns, make the screen bigger, etc. so you can see the
most information as in the window.
The CPU column is usually the most interesting to get started with
performance issues - who is using the most? It is okay and normal to
have multiple svchost processes running, but there could be a problem
behind any one of them.
Malicious software can sometimes hide as a process behind a
svchost.exe process so you will not be able to see it in Task
Manager. All you will see in Task Manager is a svchost.exe process
gone wild.
You would like the most CPU to be associated with System Idle Process
If you see spikes (or not) double click the graph in the top left
corner to display the usage graph. Hover the mouse over any spikes to
see what causes them.
This will help once you get PE running, read this article and you will
be smarter than the average bear:
http://www.bleepingcomputer.com/tutorials/tutorial129.html
Then with some Googling, you can look at each thing running in PE and
behind your svchost processes and see what it is and decide if your
configuration needs it or not.
If you think you have a svcshost that is misbehaving, useing PE, you
can right click that offensive svchost, Properties and on the Services
and Threads tab you can see what is running under it. There is a CPU
column that will need expanding so you can see CPU. Perhaps you can
spot who is consuming so much CPU under there. Look around under the
svchost and you will find it.
You can see what is running under every svchost by hovering your mouse
over it. Some will have a couple things (hopefully legitimate XP
services) and some will have a lot of things. What is running under
your afflicted one?
No running process should defy reasonable explanation.
M
mscir
Great post Jose, thanks.
E
Elena D
I have 17 copies since all are running under SYSTEM, NETWORK SERVICE, LOCAL SERVICE I guess it's ok.
I found this forum I wanted to share http://www.file.net/process/svchost.exe.html It tells that some malware camouflage themselves as svchost.exe and needs to check svchost.exe path and size.
Submitted via EggHeadCafe - Software Developer Portal of Choice
Silverlight 3D Animated Topic Selector With Titled Menu Items
http://www.eggheadcafe.com/tutorial...ed-topic-selector-with-titled-menu-items.aspx
I found this forum I wanted to share http://www.file.net/process/svchost.exe.html It tells that some malware camouflage themselves as svchost.exe and needs to check svchost.exe path and size.
Submitted via EggHeadCafe - Software Developer Portal of Choice
Silverlight 3D Animated Topic Selector With Titled Menu Items
http://www.eggheadcafe.com/tutorial...ed-topic-selector-with-titled-menu-items.aspx
E
Etal
I currently have 3 on this WinXP machine.
Regarding "balance the load"
In 'Windows Task Manager' 6.1 (found in Win7), there is a an
extra tab 'Services' and one can flip back and forth between a
[SvcHost.exe] on the 'Processes' tab and the "Name" of the
services running in it will be marked. One can then see that the
number of [SvcHost.exe] listed are a result of that there are a
number of Groups they are grouped in and that there are
individual instances for each group for each "User Name" (
%UserProfile%, System, Network Service, ... ) one can see on the
Processes tab, on the machine. So it's an array of User-type vs.
Service-Group.
Each "User Name" have different permission-rights and
restrictions, and i suppose the different Service-groups (
NetworkService, LocalService, NetSvcs,
LocalServiceNetworkRestricted, ... ) also exist because they have
different permissions and restrictions as well.
( Welcome to WinNT )
So from how it looks to me, it looks like it can't be 'load
balanced', as the number of [SvcHost.exe] instances that is used
depends on the 'group' a service needs to belong to and what
'user' runs it.
Regarding "balance the load"
In 'Windows Task Manager' 6.1 (found in Win7), there is a an
extra tab 'Services' and one can flip back and forth between a
[SvcHost.exe] on the 'Processes' tab and the "Name" of the
services running in it will be marked. One can then see that the
number of [SvcHost.exe] listed are a result of that there are a
number of Groups they are grouped in and that there are
individual instances for each group for each "User Name" (
%UserProfile%, System, Network Service, ... ) one can see on the
Processes tab, on the machine. So it's an array of User-type vs.
Service-Group.
Each "User Name" have different permission-rights and
restrictions, and i suppose the different Service-groups (
NetworkService, LocalService, NetSvcs,
LocalServiceNetworkRestricted, ... ) also exist because they have
different permissions and restrictions as well.
( Welcome to WinNT )
So from how it looks to me, it looks like it can't be 'load
balanced', as the number of [SvcHost.exe] instances that is used
depends on the 'group' a service needs to belong to and what
'user' runs it.
T
Tim Meddick
Re: the reply given by "Etal".....
If you *not* fortunate enough to have Win7 (since this IS an XP newsgroup)
then you can download (for free) the excellent utility : Process Explorer
It's by sysinternals (now a division of Microsoft) and is similar in
functionality to the Task Manager but very much expanded. In fact, it even
has a function to replace your normal Windows Task Manager with itself so
it appears when you press Alt-Ctrl-Del!
But I just use it for (exactly what Mr Etal says about his Win7 Task Man)
investigating what process called [svchost.exe] and what the commandline
was that executed it.
Along with all he other information you would expect to see in a Task
Manager like CPU usage and memory stats, plus things like threads and
strings associated with the selected process.
Download "Process Explorer" from the link below :
http://download.sysinternals.com/Files/ProcessExplorer.zip
==
Cheers, Tim Meddick, Peckham, London.
If you *not* fortunate enough to have Win7 (since this IS an XP newsgroup)
then you can download (for free) the excellent utility : Process Explorer
It's by sysinternals (now a division of Microsoft) and is similar in
functionality to the Task Manager but very much expanded. In fact, it even
has a function to replace your normal Windows Task Manager with itself so
it appears when you press Alt-Ctrl-Del!
But I just use it for (exactly what Mr Etal says about his Win7 Task Man)
investigating what process called [svchost.exe] and what the commandline
was that executed it.
Along with all he other information you would expect to see in a Task
Manager like CPU usage and memory stats, plus things like threads and
strings associated with the selected process.
Download "Process Explorer" from the link below :
http://download.sysinternals.com/Files/ProcessExplorer.zip
==
Cheers, Tim Meddick, Peckham, London.
T
Tim Meddick
Sorry, I didn't read back beyond "Etal's" post, sorry "Paul", for repeating
information already given...
==
Cheers, Tim Meddick, Peckham, London.
information already given...
==
Cheers, Tim Meddick, Peckham, London.