I know svchost is a windows process but are you supposed to have 5+ running at once? Some are started by the System, some by Network Service and some by Local Service. Are all of those supposed to be running? Screenshot of my processes: Thank you.
It is normal. svchost.exe is a simple service that launches dll files. Instead of making executable files and program everything to make it as a service and also set it up in Windows, Microsoft laser developer, decided "Hey lets make 1 service, that can launch dll and exe files as services, this way we can save time!". So this is what it does. Moreover, it offers a API code with events, so that the dll files or executable file knows when you shut down the computer, and if the system is in idle or not, etc... The downside on it, is that you don't know what dll is being executed form the task manager. To help clear that mess up, Vista has a section with running services and their description, in the task manager.
Yeah, it seems to vary, i am a bit doubtful at times myself of possible viruses using that as its process name. i got about 6 to.
Yeah, it's common for malware to run under the svchost.exe since it's such a generic process that's required for windows. one method for determining if svchost.exe is viral or not is to use a program such as tcpview or activeports to determine what port is being opened and where the file is executing from. while a virus could still disguise itself this will give you more information that the task manager.
Also, what you can do, however you have to dig yourself: Under Vista, you can right click on a Service process so "svchost.exe", and their is a menu item called "Go to Service", and it will go to the Service tab and select it. You can see the description of it. So if it is a normal EXE then, you won't select you the service in the list of Services. However the virus could run svchost and make itself run as a service and invent some kind of description that look sfancy, and make you wonder if Windows needs it or not.
