How to get rid of svchost. Virus How to remove svchost using avz

Beginning with Windows versions XP, one very unusual service appeared in the operating systems of this family - Svchost.exe (netsvcs). Initially, it was mainly responsible for network connections, but over time it has become more widely used. It's no secret that it is the Svchost.exe (netsvcs) process that loads the processor (Windows 7). How to fix the problem and disable unnecessary components will now be shown. But first, let's figure out what this process is and why it is needed.

Svchost.exe (netsvcs) service: what is this process?

Let's take Windows 7 as a basis, since the problem with this service is not so pronounced on systems with a higher rank.

It was starting with the seventh modification of Windows that the developers decided to make the system faster, using for this, as they believed, a universal solution, the essence of which was not to call the executable file of some system or user process, but to start it through one service in background.

How the service works

If you look at the list of processes in Task Manager, you can see several Svchost.exe services (netsvcs). What this is and why this is happening will become clear if you understand the basic principles of this component's operation.

In general, processes can contain from four (minimum) or more such components, but they all belong to the same group (netsvcs). The principle of the process is to launch system processes through special svc hosts using the Services.exe tool. In this case, the accompanying components of any program (for example, dynamic DLLs, which are not accepted for execution by the system in the usual way) are loaded into RAM. It is believed that this allows you to speed up the start of executable applications (including custom ones).

Why does the process load RAM and virtual memory?

But why, then, the Svchost.exe (netsvcs) process loads Windows memory 7? The decision to eliminate such a problem will have to be made based on the reasons for this behavior of the system. Among them, the following are called the main:

the impact of viruses masquerading as Svchost.exe processes;
malfunctions of the Windows update search and installation tool;
accumulation of computer garbage when surfing the Internet;
tunnel adapter problems;
Prefetch service enabled.

It should be noted that the Svchost.exe (netsvcs) process loads physical memory(operational and virtual, which uses the space reserved on the hard drive to load program components when there is not enough RAM).

In the simplest case, excessive load can be eliminated by a simple restart of the system. But this gives only a short-term effect, as well as the completion of each process in the same "Task Manager". Therefore, you will have to use drastic measures.

Scanning for the presence of viruses and malicious codes

First of all, you need to determine the presence of viruses masquerading in the system as Svchost.exe (netsvcs) processes, you can by their attributes in the "Task Manager". On started services with a username, the process description can only contain the Network Service, Local Service, or System attributes. If something else is specified (most often Admin), you need to start checking right away.

In the simplest version, you can use a standard scanner, but in most cases this does not work (after all, apparently, the antivirus has already missed the threat). Most experts recommend using independent utilities, among which one of the most powerful is Rescue Disk from Kaspersky Lab. Antivirus can be loaded from a disk or flash drive even before Windows starts, and at the same time it is able to find viruses, even those that are very deeply integrated into the system.

Svchost.exe (netsvcs) loads Windows 7 memory. Solution - System Update Service

Many experts cite problems with the Update Center as another common problem. It so happens that Svchost.exe (netsvcs) loads the processor (Windows 7) for no apparent reason (as it seems). But there is a reason. It consists in the fact that some updates could be underloaded, so the system tries to download and install them again and again.

Disabling the search and installation of updates through the "Update Center" called from the "Control Panel" may not work (even if you set the mode automatic search and installation suggestions at the discretion of the user). V this case best to use command line, launched as an administrator, in which three commands are written, followed by pressing the enter key after each of them (for any version of Windows):

to stop the service - net stop wuauserv;
to disable background intelligent transmission - net stop bits;
to deactivate delivery optimization - net stop bits.

Terminating related processes

Now let's look at another option for deactivating Svchost.exe (netsvcs) processes. How do I disable service-related components? First, you need to find out which processes are "attached" to it and are called at system startup, but are absent in the automatic boot menu.

To do this, in the "Task Manager" you need to find all the search lines containing Svchost.exe (netsvcs), sorting the processes in alphabetical order.

On the selected process, through the right-click menu, you need to go to services using the appropriate line for this.

You can stop each service right here or open the service management section (you can also do this through the Run menu (Win + R), where you enter the services.msc command. But this option is somewhat inconvenient only because you have to remember the name of each service, and then look for it in the service tree.

Further, double click the settings menu is called up, where the service is either stopped by the corresponding button, or it is assigned a different start or complete shutdown priority. But you shouldn't overdo it, because you can disable important system processes, which can negatively affect the operation of the entire OS (up to a failure, after which you will have to restore or the so-called rollback to the previous operable state).

Removing computer junk and optimizing the registry

In some cases, the load on the system from the Svchost.exe (netsvcs) processes may be associated with a banal clogging of computer garbage.

Perform cleaning on their own- the activity is very troublesome, so to simplify the work it is worth using optimizers like CCleaner, Glary utilities, Advanced SystemCare, in which for scanning it is necessary to mark not only the deletion of temporary files or clearing the cache, but also enable the search for problems in the system registry, followed by correction or removal of incorrect keys and even defragmentation.

Troubleshooting Tunnel Adapter Issues

Uncommon, but there is a problem with the Teredo tunnel adapter. At the same time, even some of its controls can hang corny. The way out of this situation is to disable the corresponding protocol (especially if it is enabled by default, but not used).

To deactivate it, you need to start the command line with administrator rights and register two commands: netsh interface ipv6 set teredo disable and netsh interface teredo set state disable, and after they are completed, restart the computer terminal.

Checking the status of the SuperFetch service

Finally, another global problem, albeit partially related to Svchost processes, is the activated service for storing frequently used programs and applications to optimize or speed up their launch, which is called SuperFetch.

You can disable this component through the services management section (services.msc) with the choice of the desired startup type or perform similar actions in the system registry, which is not very convenient.

But it is believed to be the most simple method reducing the load on system resources in relation to this particular service is to delete the Prefetch folder, which is located in the Windows root directory in system partition... After that, it will be possible to terminate all Svchost processes in the standard "Task Manager" and perform a complete restart of Windows.

Outcomes

What can be said about the processes under consideration, if we summarize some results and draw conclusions? Among the main reasons for the increased use of system resources, and especially in Windows 7, the main ones are the problems of exposure to viruses, failures in the update service and the SuperFetch service. But this situation in most cases manifests itself on low-power computers that are too weak to simultaneously support startup optimization. a large number resource-intensive programs. And, what is most interesting, most often it is not the processor that takes the main blow, but RAM, the use of which in some cases can reach one hundred percent. The lack of RAM leads to the fact that the system begins to actively use virtual memory (hard disk space), which leads to a strong slowdown when accessing the hard drive.

As for solving this problem, you should use each of the above methods. But you have to be extremely careful not to complete some systemically important process (although in this case, a spontaneous reboot with recovery may simply follow). But the SuperFetch component on modern machines with large amounts of RAM and powerful processors should not be disabled. This solution is applicable only in the case of outdated computer equipment.

Many users have questions related to the "Host Process for Windows Services" svchost.exe process in the Windows 10, 8 and Windows 7 Task Manager. that svchost.exe loads the processor by 100% (especially important for Windows 7), thereby causing the impossibility of normal operation with a computer or laptop.

In this, in detail about what this process is, what it is for and how to solve possible problems with him, in particular, find out which service launched through svchost.exe loads the processor, and whether this file virus.

One of the most common problems associated with svchost.exe is that this process loads the system by 100%. The most common reasons for this behavior:

Any standard procedure(if such a load is not always) - indexing the contents of disks (especially immediately after installing the OS), performing an update or downloading it, and the like. In this case (if it goes "by itself"), you usually do not need to do anything.
For some reason, some of the services does not work correctly (here we will try to find out what kind of service it is, see below). The reasons for malfunction can be different - damage system files(may help), problems with drivers (for example, network) and others.
Problems with hard disk computer (worth doing).
Less commonly, it is the result of malware. Moreover, the svchost.exe file itself is not necessarily a virus, there may be variants when an outside malware program contacts the Windows services host process in such a way that it causes a load on the processor. Here it is recommended to check your computer for viruses and use separate ones. Also, if the problem disappears when (starting with a minimum set of system services), then you should pay attention to what programs you have at startup, perhaps they have an effect.

The most common of these options is the malfunctioning of any service in Windows 10, 8 and Windows 7. In order to find out which service is causing such a load on the processor, it is convenient to use Microsoft program Sysinternals Process Explorer, which can be downloaded for free from the official website https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx (is an archive that you need to unpack and run the executable file from it).

After starting the program, you will see a list of running processes, including the problematic svchost.exe, which is loading the processor. If you hover over the process with the mouse pointer, a tooltip will display information about which specific services are running by this instance of svchost.exe.

If this is one service, you can try to disable it (see). If there are several, you can experiment with disabling, or you can by the type of services (for example, if all this is network services) assume possible reason problems (in this case, these may be incorrectly working network drivers, antivirus conflicts, or a virus using your network connection using system services).

How to tell if svchost.exe is a virus or not

There are a number of viruses that are either masked or downloaded using the real svchost.exe. Although, nowadays they are not very common.

The symptoms of infection can be different:

The main and almost guaranteed malicious svchost.exe is the location of this file outside the system32 and SysWOW64 folders (to find out the location, you can right-click on the process in the task manager and select "Open file location". In Process Explorer, you can see the location similarly - right click and the Properties menu item). Important: v Windows file svchost.exe can also be found in Prefetch folders, WinSxS, ServicePackFiles is not malicious file, but, at the same time, there should not be a file from these locations among the running processes.
Among other signs, it is noted that the svchost.exe process is never started as a user (only as "System", "LOCAL SERVICE" and "Network Service"). In Windows 10, this is definitely not the case (Shell Experience Host, sihost.exe, is launched from the user and through svchost.exe).
The Internet works only after turning on the computer, then it stops working and the pages do not open (and sometimes you can observe an active traffic exchange).
Other manifestations common for viruses (advertising on all sites, the wrong thing opens, changes system settings, etc.)

If you have any suspicions that there is a virus on your computer that has svchost.exe, I recommend:

It should be noted that 100% CPU utilization caused by svchost.exe is rarely caused by viruses. Most often this is still a consequence of problems with Windows services, drivers or other software on the computer, as well as the "curvature" of the "assemblies" installed on the computers of many users.

If you are reading this article, then you probably already paid attention to the system process, which has the name "Svchost.exe"... Moreover, he is usually not alone, and he is accompanied by several more processes of the same name:

In a normal situation, the performance of the computer does not suffer from this process, and ordinary users do not pay attention to it. The situation is completely different when the process begins to "devour" from half to 100% of the computer's resources. And not occasionally, but constantly. In this case, the radical solution to the problem sometimes becomes either rollback of the system to the moment when it was working normally. These methods are not only superfluous, but also do not always help, so today we will tell you about more simple solutions problems when the svchost.exe process loads the computer processor to the full.

What is svchost.exe

Let's start with theory. Svchost.exe- systemic Windows process, which is responsible for starting various services on the computer (for example, Print Service or Windows firewall ). With it, several services can be started on a computer at the same time, which can reduce the consumption of computer resources by these services. In addition, the process itself can be run in multiple copies. That is why more than one svchost.exe process is always running in the Task Manager.

So why can svchost.exe create a high load on the computer's processor and memory? On the Internet, you can find the opinion that the svchost.exe process is initiated by a virus or is even a virus. This is not true. Strictly speaking, some viruses and Trojans can disguise under it, creating an additional load on computer resources, but they are quite easy to calculate and neutralize.

How to remove a virus disguised as the svchost.exe process

Launch the "Task Manager" (using the keyboard shortcut Control + Atl + Delete or from the menu Start> Programs> Accessories> System Tools) and open the "Processes" tab. In the first column you will see the names of the processes, and in the second - the indication on whose behalf it was launched. So, please note that svchost.exe can only be run on behalf of the LOCAL SERVICE, SYSTEM (or "system") users, as well as NETWORK SERVICE.

If you notice that the process is launched on behalf of your user (for example, on behalf of User), then you have a virus in front of you. Since the real svchost.exe can only be started by system services, it cannot be in the "Startup" of the current Windows user... Therefore, it is there that we will try to find a virus disguised as the svchost.exe system process. You can get to Startup in two ways: through third party program for example, or standard means Windows.

To get into Startup without installing additional programs, open Start and in the program search bar (in Windows XP - in Start> Run) write msconfig and then press OK... The System Configuration window appears. Click on the tab and carefully review the list of programs that start at system boot. If in this list you find the process svchost.exe then you can rest assured of its viral origin.

Real svchost.exe can be launched only from folder C: \ WINDOWS \ system32 where "C" is the drive where Windows is installed. (In a 64-bit operating system, the 32-bit version of svchost.exe is located in the C: \ WINDOWS \ SysWOW64 folder, and theoretically the process can also be started from there. However, by default, all system processes, including svchost.exe, in 64-bit Windows are started from C: \ WINDOWS \ system32.) In the screenshot above, you can see that the file is located in the WINDOWS folder, and even called "svhost.exe", not "sv c host.exe ", which directly speaks of its viral origin.

The list of the most favorite folders for masking a virus looks like this:

C: \ WINDOWS \ svchost.exe
C: \ WINDOWS \ config \ svchost.exe
C: \ WINDOWS \ drivers \ svchost.exe
C: \ WINDOWS \ system \ svchost.exe
C: \ WINDOWS \ sistem \ svchost.exe
C: \ WINDOWS \ windows \ svchost.exe
C: \ Users \ your-user-name \ svchost.exe

The file of the viral process may not only be located in one of the folders listed above (and not in standard folder where the real svchost.exe is located), but also have a different name:

svhost.exe
svch0st.exe
svchost32.exe
svchosts.exe
syshost.exe
svchosl.exe
svchos1.exe

So, you found the svchost.exe virus in Startup. The first thing to do is to disable its autorun by unchecking the checkbox opposite it in the "Startup item" column. Now you need to end its process through the "Task Manager" (right mouse button on the process> End the process) and delete the file itself. The full path to the file, as in the screenshot above, is always indicated in the "Command" column. It is quite possible that the process file will not allow itself to be deleted - in this case, try first restarting the computer and repeating the operation, or use the program to remove such "unrecoverable" Unlocker files.

After that, it will not be superfluous to also conduct an anti-virus scan of the computer. If you still do not have antivirus installed on your computer, we recommend that you read our article.

There are no viruses in the system, but does svchost.exe load the computer anyway?

Have you found and neutralized all the viruses in the system or made sure that there are no viruses on the computer, and svchost.exe still interferes with your work? Try to find out which program or service is using this process... This can be done easily with a simple free software Process Explorer. Very often the svchost.exe process uses the service Windows Update that automatically installs updates to your computer:

In this case, you can either wait until all Windows updates will be downloaded and installed, or temporarily disable automatic Windows updates. This can be done through Control Panel In chapter System and Security> Windows Update by opening Parameter settings(in the side menu of the window) and selecting the item in the drop-down list Don't check for updates:

If disconnection automatic update did not help, then you can check all other Windows services in the same way. Stop or disable any windows service can be done through the Services snap-in. It's easy to get into it: click Start> click on A computer right-click, in the drop-down menu select Management> go to Services and Applications> Services... After selecting the desired service, right-click on it and select Stop... If it was she who created the load on the computer, then after stopping the service, the svchost.exe process will stop loading your computer by 100%.

Svchost.exe is the name of a system process that masquerades as a number of viruses. As a result of the appearance of this malware, the Internet connection can be lost or a serious system failure can occur. Therefore, it is important to know how to uninstall svchost exe before the computer stops working.

Revealing

It is quite difficult to detect the svchost.exe virus on a computer. The problem is that svchost is a Windows system module that starts services. Disabling these services can result in errors and incorrect work systems.

Various viruses just take this name for themselves, hiding among really useful processes in the "Task Manager".

Attention! The fact that the svchost.exe process is present in the Task Manager does not mean that the computer has been infected with a virus! Such processes must be started, because without them the system cannot work correctly!

But how can you identify a malicious one among the active processes if they all have the same name? It is necessary to refer to the "Username" field, where it is indicated who is the initiator of the process launch.

System modules run as "System", "Local Service" or "Network Service". If you see that the svchost.exe process is running on behalf of the user, you should know that you have a virus in front of you, acting undercover.

Deleting

Unfortunately, a virus disguised as a system module can be completely removed in only two ways: complete reinstallation system or by cleaning the registry.

Programs to remove url mal virus will not help here. SpyHunter, a utility that can be used to remove ads by offerswizard, will not cope with a task of this kind.

It makes no sense to talk about reinstallation separately: this is an extreme measure, when other methods have already been tried and found to be inoperative.

It is better to go straight to cleaning the registry, but first you can try to install a more powerful anti-virus package or use the Dr.Web CureIt curing utility, which helps to remove trovi com and cope with other similar virus applications.

It's great if you can do both - check the system using an antivirus with updated signatures, and then launch Dr.Web CureIt and scan it HDD again.

Don't forget to check the Windows startup list as well.

Press Win + R, enter the command "msconfig" and go to the "Startup" tab. Make sure svchost exe is not in the startup items list. If a virus is detected, uncheck it and then remove it from the list.

If these steps did not help, proceed to cleaning the registry.

Working with the registry

Open up system registry using the "regedit" command. There are a number of entries that need to be edited and deleted here, so please be patient.

Go to HKEY_Local Machine → Sоftwаre → Micrоsоft → Windоws → CurrеntVеrsion → Run. Find the key "PowerManager" = "% WinDir% svchost.exe" and delete it.

Now you need to delete other entries related to the virus. Go to HKLM -> Software -> Microsoft -> Windows NT -> CurrentVersion -> WinLogon. Find the "Userinit" key and check its value. Make it look like "C: \ Windows \ system32 \ userinit.exe,". To do this, right-click on the key and select "Change".

Use the search function (Ctrl + F) and find other entries with the value "svchost". Delete them all.

As you can see, you will have to suffer a little with the registry entries. Therefore, if possible, reinstall the system or try to roll back its previous state using control point recovery.

In Windows 7, the most important process in the OS is Svchost.exe... Very often, Windows 7 PC users encounter a problem when this process heavily loads the processor. The load of processor cores can reach from 50 to 100 percent. Svchost.exe is an the host process responsible for starting the group services from dynamic libraries DDL... That is, the system uses this host process to start a group of services without creating unnecessary processes. This approach reduces the load on the processor and RAM. If the system slows down and Svchost.exe loads the processor heavily, this means that the OS is not working properly. This behavior of the system can be caused by malware, as well as malfunctions in the operating system itself. To deal with this problem, in this article we will look at all the ways to solve the problem with a high CPU load caused by the Svchost.exe process.

First steps to troubleshoot Svchost.exe process

If you have a situation where the Svchost.exe host process is heavily loading the processor, then you should not immediately think that it is a virus. In addition to the virus, the OS itself may be the culprit for this problem. Below we will consider list of problems, and methods of fixing them:

Restoring normal processor operation using antivirus

If the above methods did not help, then most likely your Windows 7 infected with a virus... Typically, virus infection occurs from the outside. That is, via the Internet or via external storage data. If you have good antivirus, then most likely the virus will not pass. But there are times when antiviruses do not see new versions of viruses and let them pass. If your computer is infected, the Svchost.exe host process will load the processor up to 100 percent, and in the username you will see not the system names "LOCAL" and "NETWORK SERVICE", but a completely different name.

To get rid of the virus in the system, you need run full scan computer in Windows 7 to search for malware. Below we will look at an example of running a full computer scan using Comodo antivirus. Internet Security... Also, before running any anti-virus to check the OS, update its anti-virus database. Let's move on and launch the antivirus Comodo Internet Security.

In the main window of the antivirus, go to the bottom tab “ Scanning”And a menu will open where you can select scan options.

In our case, you need to select the item " Full scan ". This option will scan the entire hard drive, identify malware and neutralize her... Shown below is the Comodo Internet Security scan window.

In others antivirus programs the principle of running a full PC scan is as similar as possible to the one discussed. Therefore, if you have a problem with the Svchost.exe host process, then feel free to run a full PC scan.

For this example, we chose Comodo Internet Security antivirus for a reason. This antivirus has a built-in module called KillSwitch(this module is currently part of the free set of utilities COMODO Cleaning Essentials, which you can download).

This module is a task manager that has advanced functionality. For example, KillSwitch can stop the process tree and revert back the changes made after that.

Also a feature of KillSwitch is checking running processes for trust... That is, if the process is untrusted, KillSwitch will find it and indicate this in the third column “ Grade". This feature of the KillSwitch module will help you more quickly identify the issue related to Svchost.exe and CPU usage.

It is also worth mentioning when the virus infects the antivirus itself or reliably disguises itself from it, as a result of which it does not see it installed antivirus... In this situation, the user will come to the rescue boot disk... This disk is a Linux-based portable operating system that boots from it. After booting from this disk, the user will be able to run a PC scan directly from the loaded operating system.

Such a check should find and neutralize viruses that force Svchost.exe to load processor cores. Most known viruses which load the processor with Svchost.exe are:

« Virus.Win32.Hidrag.d"- is a virus written in C ++. Once in the system, he replaces Svchost.exe... After that, it searches for files with the "* exe" extension and infects them. The virus is harmless, it does not harm the system and does not steal information. But constant infection of files with the "* exe" extension puts a heavy load on the processor.
« Net-Worm.Win32.Welchia.a"- this virus is an internet worm that overloads the processor through internet attacks.
« Trojan-Clicker.Win32.Delf.cn» - a primitive Trojan that registers a new Svchost.exe process on the system to open a specific page in the browser, thereby loading the system.
« Trojan.Carberp» - a dangerous Trojan that also disguises itself as Svchost.exe... The main purpose of this virus is search and theft of information from large retail chains.

High CPU usage due to Windows Update

On computers running Windows 7, a situation is often observed where the Svchost.exe process loads the processor and memory because of the update center... To check what exactly the update center is loading memory and processor, you need to go to " Task Manager"And with the help of Svchost.exe go to the services that this moment he rules. An example of such a transition is shown in the image below.

After such a transition, a window with services should open, where the service " wuauserv».

This particular service responsible for downloading and installing updates seven. The fix for this problem is quite simple.

In the service window of the Task Manager, you can completely stop "wuauserv" or disable checking for updates in the control panel.

But disabling the "wuauserv" service is an ugly way out of this situation.

Disabling this service violates the security of the OS as a whole, since the installation of updates through the update center will be disabled.

You can solve this problem by installing updates manually. In order not to download dozens of updates from www.microsoft.com and then install them for a long time, it is best to use a set of updates UpdatePack7R2... The developer of this set is “ simplix», Who is also known by this nickname and is a moderator on the www.oszone.net forum. You can download this set at http://update7.simplix.info. Currently posted on the site latest version under the number 12/17/15. After downloading the kit, you can start installing updates. To do this, run the installer.

In the window that appears, click the Install button. After that, the process of installing updates will begin.

This process can take quite a long time and depends on the amount already installed updates... Update so offline Windows way 7 is possible constantly, since the author of the project is constantly releasing new sets. Also, after completing the installation of updates, you can restart the update center. This time, the memory and cpu issues should go away as these updates contain a fix.

Conclusion

In this article, we have covered quite extensively the problem associated with high CPU utilization due to the Svchost.exe process. Based on this, our readers will certainly be able to solve this problem and ensure the normal operation of the computer.