svchost.exe - Generic Services
When Windows boots, various system services are loaded based on values found in the machines local Registry. These are executed via the svchost.exe process, which is part of the Generic Host Services subsystem of the Windows OS. Svchost.exe is a generic name for services that run from Dynamic Link Libraries, or DLLs.This file is a critical component of the Windows OS, and should not be deleted or altered in any way. Absence of this file will cause these services to fail at boot time, potentially crippling the machine.
According to Microsoft, "at startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started." Users should note that multiple instances of svchost.exe processes are common on the Windows OS, so the presence of such should not be misconstrued as evidence of a virus or other malware.
These processes should not be terminated manually. If a user needs to terminate a running service, the proper method involves use of the systems Services control panel (services.msc).
The legitimate copy of svchost.exe is found in C:\windows\system32. Copies found in other locations should be treated with suspicion, since they may be malware applications attempting to masquerade as legitimate system services.
In general, svchost.exe runs under the SYSTEM, NETWORK SERVICE, or LOCAL SERVICE user ID. Copies running under other user ID names may indicate the presence of malware, though its also possible for such malicious software to appear under one of the built-in administrative user accounts.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.
windowshelp.net