svchost.exe

[lemmy]

hi.
I use panda firewall/virus programme on my vista preinstalled laptop.
Recently, the firewall is alerting me that it has blocked a dangerous
programme, Svchost.exe found within system32. It is blocking it so i don't
think i have anything to worry about but, i just wondered what it was. when
i have googled it it says that it is a really important part of windows or
some have said a virus ?? (I have scanned the sytem and there is no virus)
why would the firewall block it if it is needed? This has only been
happening for a few days. I have used a sytem restore point for another
issue but i still get this warning message. In total, it has been blocked
52 times in the last 3 days. Could someone explain please in simple terms?
TIA

 

[Tom Porterfield]

hi.
I use panda firewall/virus programme on my vista preinstalled laptop.
Recently, the firewall is alerting me that it has blocked a dangerous
programme, Svchost.exe found within system32. It is blocking it so i
don't think i have anything to worry about but, i just wondered what it
was. when i have googled it it says that it is a really important part
of windows or some have said a virus ?? (I have scanned the sytem and
there is no virus) why would the firewall block it if it is needed? This
has only been happening for a few days. I have used a sytem restore
point for another issue but i still get this warning message. In total,
it has been blocked 52 times in the last 3 days. Could someone explain
please in simple terms? TIA

Unfortunately there is no simple explanation for svchost. It is the
process that a number of services run under. It sounds like your
firewall is not sophisticated enough to identify which process under
which instance of svchost is trying to access the internet. This is one
of the flaws of many outbound blocking firewalls - they don't provide
enough information in their messages for you to make an informed decision.

 

[Ian]

http://repair-svchost.org/?gclid=CMCI7KPFoo0CFSdPEgodzCr36w

Go to the above link for an explanation of svchost.

Open your panda by clicking the icon in the Tray and click on the blue
Protection Settings and then on Firewall Settings and then on Connection
Settings. Take the tick out of the auto assign box and then click each
setting in the list and change the settings in the drop downs so that both
ingoing and outgoing is allowed on those programs you trust.

 

[Mr. Arnold]

hi.
I use panda firewall/virus programme on my vista preinstalled laptop.
Recently, the firewall is alerting me that it has blocked a dangerous
programme, Svchost.exe found within system32. It is blocking it so i
don't think i have anything to worry about but, i just wondered what it
was. when i have googled it it says that it is a really important part of
windows or some have said a virus ?? (I have scanned the sytem and there
is no virus) why would the firewall block it if it is needed? This has
only been happening for a few days. I have used a sytem restore point for
another issue but i still get this warning message. In total, it has been
blocked 52 times in the last 3 days. Could someone explain please in
simple terms? TIA

Svchost.exe is the messenger for the Operating System programs and other
non O/S programs so that they can communicate with each other over the LAN
(Local Area Network) or WAN (Wide Area Network/Internet).

Svchost.exe does the hosting/provides the plumbing/provides the conduit for
the communications.

Yes, malware can use Svchost.exe on its behalf too so that it can
communicate. So you should always be aware of what remote IP/Internet IP
svchost.exe is trying to connect too, with possible dubious connections.

If svchost.exe is not running out of the Windows/System32 directory, then
it's a Trojan.

Svchost.exe is just the messenger. Should you kill the messenger or try to
find out what is using the messenger and kill that, if need be?

 

[Lawrence Abrams]

Not sure what regcure is supposed to cure about svchost, but as stated by
others, svchost.exe is a program that launched other services (typically
DLLs and manages them). C:\Windows\System32\svchost.exe is a perfectly
legitimate program and should be left alone.

It is possible, though, that there is a program running under a SVChost
process that is not. You can find out what services are running under each
svchost.exe by reading the following tutorial:

http://www.bleepingcomputer.com/tutorials/tutorial129.html

-L