Friday, January 8, 2010

What is svchost.exe and how to fix it ?

The svchost.exe has always been the mystery for most users because many of such processes are ran at the same time, each using different amount CPU resource and memory usage. "Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. At startup, Svchost.exe checks the services portion of the registry and constructs a list of services that it needs to load.

Note: The svchost.exe file is located in the folder C:\Windows\System32. In other cases, svchost.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Virus with same name:
Symantec Security Response - W32.Welchia.Worm
Symantec Security Response - W32.Assarm@mm
McAfee - W32/Jeefo

Here is a problem I have been coming across more and more these days. About 30secs to 1 minute after booting into Windows the computer starts lagging heavily. When CTRL+ALT+DEL is pressed it shows that svchost.exe is using up maximum CPU resources and only occurs when Automatic Updates is enabled. Microsoft has recognized this problem and has released a patch. However, on all computers I have worked on with this problem, the Microsoft patches don’t fix the problem. This is a guide on how to fix this problem with svchost using maximum CPU.

First of all, to identify if you have this problem you need to press CTRL+ALT+DEL all at the same time.

Now, go to the “Processes" Tab and then press “Mem Usage”. If you have this svchost.exe memory leak bug after about 1 minute you will see that the amount of memory usage svchost.exe uses will keep increasing until CPU becomes 99 or 100%.

Below is an example of what this looks like:

Here is one of Windows major annoyances that never fails to baffle and frustrate you. The cause(s) are to numerous to list. (For Windows XP Users)

Download this file: Windows Update v3 WindowsUpdateAgent30-x86.exe and save it to your C:\ drive.

Download this file: fix_svchost.bat and save it to your C:\ drive.

Download this file: WindowsXP-KB927891.exe and save it to your C:\ drive.

Reboot the computer and log in to Windows XP in safe mode. To do this, press F8 just before the Windows XP logo shows up during boot and choose “Safe Mode.”

Once Windows has loaded in Safe Mode and you have the option of which user account to use, log on as “Administrator”.

Open Windows Explorer to the root of C:\ drive then double-click the fix_svchost.bat file you saved before.

A black screen will pop up and white text will scroll past. Wait for this process to finish as it could take several minutes. It will close itself when its finished.

Once the black screen disappears, double-click the WindowsUpdateAgent30-x86.exe file you saved before. Follow the prompts as it installs.

When Windows Update Agent finishes installing, double-click the WindowsXP-KB927891.exe file you saved before. Follow the prompts as it installs.

Reboot the computer.

For Windows Vista Users
Cannot see any svchost.exe in Windows Vista? If your system is consistently hitting 100% usage but yet the total CPU usage added up from what you seen in Task Manager is much lesser (probably less than 50%), click on Show processes from all users button, and click “Continue” on User Account Control dialog. You will definitely see a lot of svchost.exe running, with probably one of them hogging high CPU resource.

When opening up Task Manager, there are plenty of svchost.exe instances and also data on running by who (System, Local Service, Network Service, etc.), however, that so much information you get about the svchost.exe session. Previously in Windows earlier than Vista, users can use tasklist (for Windows XP/2003) or tlist (for Windows 2000) in command prompt to list out what is actually the services that are in charged by a particular svchost.exe based on the PID. Windows Vista enhances this feature and makes lookup a little easier.

Here’s how to identify the services behind a svchost.exe process.
Right click on a blank space on TaskBar and click on Task Manager to open up the Task Manager.
Click on Processes tab.
Click on "Show processes from all users" button down on task manager.

Click Continue button when prompted with User Account Control dialog.
There will be a long list of svchost.exe shown in elevated Task Manager.
Locate the svchost.exe that you want to find out what’s the services running behind it, such as those with high CPU usage or high memory usage, right click on it, and choose Go to Service(s).

The focus tab will be switched and transferred over to the Services tab, with a few services been selected and highlighted. These are the services that are associated with the particular svchost.exe

Once identify the services that are possibly causing the svchost.exe to hogging system resources, carefully work out the services that you suspect may cause the issue. Once determined a suspected service, right click on it, and select Stop Service. Before you stopping any service, make sure that no other services rely on that particular services. You can click on Service… button to launch Services applet in Control Panel, and the see the properties of the service to view its dependencies. Also be warned that disabling any wrong service may destabilize Vista system.

The method to locate associated services for scvhost.exe in Vista a above is already much more easier than non-Vista Windows OS. However, if you still find the steps too troublesome, there is an even easier way. Download Process Explorer from Sysinternals (now belongs to part of Microsoft). No installation required. Just unpack and run procexp.exe, and then move and place mouse over on top of a svchost.exe process. A tooltip balloon message will pop up with information of all services running behind that svchost.exe.

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

No comments:

Post a Comment

Hey Guys! Thanks for visiting my blog. Hope you enjoy reading. Just leave your comments if you think this post is a worth readable! Your valuable comments are always welcomed. Please don't spam! and No abusive language would be tolerated. I would moderate your feedback and then it would be published. If you have any query I will try to give feedback as soon as possible.