What is the svchost.exe Windows services host process and why is it loading the processor

What is the svchost.exe Windows services host process and why is it loading the processor

Many users have questions related to the process "Host process for Windows services" svchost.exe in Task Manager of Windows 10, 8 and Windows 7. Some get confused by the large number of processes with this name, others face the problem expressed in the fact that svchost.exe loads the processor to 100% (especially relevant for Windows 7), thus causing the inability to work properly with a computer or laptop.

In this detail about what this process is, what it is needed for and how to solve possible problems with it, in particular to find out - what exactly is the service running through svchost.exe loads the processor, and if this file is not a virus.

Svchost.exe - what kind of process (program) is it

Svchost.exe in Windows 10, 8 and Windows 7 is the main process for loading Windows operating system services stored in dynamic DLLs. That is, the Windows services that you can see in the list of services (Win + R, type services.msc) are loaded "through" svchost.exe and for many of them a separate process runs that you see in the Administrator of homework.

Windows services, and especially those for which svchost is responsible, are essential components for the operating system to function fully and are loaded when the operating system starts (not all, but most). In particular, such necessary things as:

  • Dispatchers for different types of network connections, thanks to which you have access to the Internet, even via Wi-Fi
  • Plug and Play and HID device services that support USB keyboards, webcams and mice
  • Update Center Services, Windows 10 Defender and 8 others.

Consequently, the answer to why there are so many "svchost.exe Windows Services Host Process" items in Task Manager is that the system needs to run many services whose operation looks like a separate svchost.exe process.

In this case, if this process does not cause any problems, chances are you should not touch anything, worry that it is a virus or rather try to remove svchost.exe (as long as you find the file in C: {WindowsSystem32 o C: {WindowsNsysWOW64If not, in theory it could be a virus, which will be mentioned later).

What to do if svchost.exe loads the CPU to 100%

One of the most common problems associated with svchost.exe is that this process loads the system to 100%. The most common reasons for this behavior are:

  • Some standard procedure is running (if not always such a load) - indexing the contents of the disk (especially right after the installation of the operating system), performing an update or downloading it and the like. In this case (if you go "alone") it is usually not necessary to do anything.
  • Some service is not working properly for some reason (here we will try to find out what that service is, see below). The causes of the malfunction can be different: corrupt system files (checking the integrity of system files can help), driver problems (for example, network drivers) and others.
  • Problems with your computer's hard drive (worth a hard drive error check).
  • Less often, it is the result of malware. And not necessarily the svchost.exe file itself is a virus, there may be variants in which a third-party malicious program accesses the Windows Services Host process in such a way that it causes a load on the processor. In this case, it is recommended to check your computer for viruses and use independent malware removal tools. In addition, if the problem disappears when you start Windows cleanly (running with a minimal set of system services), it is worth paying attention to what programs you have on automatic startup, as they may be influencing.

The most common of the above options is that some Windows 10, 8 and Windows 7 service does not work correctly. To find out which service is causing this load on the processor, it is convenient to use the Microsoft Sysinternals Process Explorer program, which can be downloaded for free from the official website https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx (It is a file that you have to unzip and run the executable file from it).

After starting the program, you will see a list of running processes, including the problematic svchost.exe, which is loading the processor. If you hover over the process, a tooltip shows what specific services the svchost.exe instance is running.

If it is a service, you can try to disable it (see What services can be disabled in Windows 10 and how to do it). If there is more than one - you can experiment with their deactivation, or you can guess from the type of service (for example, if it is all network services) the possible cause of the problem (in this case it could be the malfunction of the network drivers, antivirus conflicts, or a virus that uses your network connection while engaging in system services).

How to know if svchost.exe is a virus or not

There are various viruses that masquerade or are loaded with the real svchost.exe. Although, at the moment, they are not very common.

Symptoms of infection can vary:

  • The main and almost guaranteed indication that svchost.exe is malicious is the location of this file outside of the system32 and SysWOW64 folders (to find out the location, you can right-click on the process in Task Manager and select “Open file location.” In Process Explorer you can see the location similarly - right click and the Properties menu item). It is important: On Windows, svchost.exe can also be found in Prefetch, WinSxS, ServicePackFiles folders - it is not a malicious file, but at the same time the file in these locations should not be among the running processes.
  • Among other indications, note that the svchost.exe process is never run as a user (only as "System", "LOCAL SERVICE" and "Network Service"). In Windows 10 this is definitely not the case (Shell Experience Host, sihost.exe, runs exactly as a user and through svchost.exe).
  • The Internet only works after turning on the computer, then it stops working and the pages do not open (and sometimes you can see the active traffic exchange).
  • Other common manifestations of viruses (ads on all sites, not opening what is needed, system settings change, computer slows down, etc.)

In case you suspect that there is a virus on your computer that has svchost.exe, I recommend:

  • Using the aforementioned Process Explorer program, right-click on the problematic instance of svchost.exe and select the "Check VirusTotal" menu option to check this file for viruses.
  • In Process Explorer, see which process is running the problematic svchost.exe (that is, it is "at the top" of the "tree" showing the program in the hierarchy). Check for viruses in the same way as described in the previous paragraph if it is suspicious.
  • Use an antivirus program to fully scan your computer (since the virus may not be in the svchost file itself, but only in its use).
  • See the descriptions of the viruses here https://threats.kaspersky.com/ru/. Simply type "svchost.exe" in the search box and you will get a list of viruses that use this file in their work, as well as a description of exactly how they work and how they are hidden. However, this is probably unnecessary.
  • If you can tell from the file and task names that they are suspicious, you can see exactly what svchost is running using the command line by entering the command Things to do /SVC

It should be noted that the 100% CPU load caused by svchost.exe is rarely caused by viruses. Most often, it is the result of problems with Windows services, drivers or other computer programs, as well as the "warp" of the "builds" installed on many users' computers.