The svchost.exe program is a genuine Microsoft program that helps run various system services like Windows Updates, Network Connections and more, only and only if it is located in the C:\Windows\System32 folder (or whatever folder your %windir%\System32 points to). If this file is located in a folder different from this, then most probably it is a virus, trojan or some other malicious object. When there are dozens of svchost.exe processes running in your Windows system, how would you find which one of them is a virus? The freeware program Svchost Process Analyzer presents the solution by identifying the malicious svchost.exe processes easily.
You can download Svchost Process Analyzer from the Neuber Software website. The download is a portable application that you can run as soon as you have finished downloading it. As soon as you run this program, it leaps at analyzing all the svchost.exe processes being run on your system. In a short while, it gives you a message about how many such processes were detected and how many of them could be problematic.
Clicking on the Details button would show up a list of all the svchost.exe processes. The list shows the full path for each of the process, group to which it belongs and how many services it is running. Clicking on any of this svchost.exe process would display all the services handled by that process. You can quickly notice the malicious svchost.exe processes by noticing their file paths. If the file path is different from C:\Windows\System32\svchost.exe then it is malware. In the following screenshot, you can note a process located in C:\Firefox – this is malware.
Another thing that you should look out for is non-Microsoft svchost.exe file. If the svchost.exe is shown to belong to < No Microsoft File > group, then it is not the genuine Microsoft supplied file and could be a malware..
The big question comes is what to do if you actually locate a malicious svchost.exe process running on your system? The first thing you should do is scan your system with Eset Online Antivirus – it can detect and clean most of the malware. After this, you should install a good antivirus like avast! free antivirus on your system, update it and scan all your hard disks for malware. You can also install Malwarebytes Anti-malware, update it and scan your system with it.
Windows Task Manager does not show the full paths for the svchost.exe processes and so you may not know which of these processes are genuine and which of them are fake/malicious. The free Svchost Process Analyzer can help you find if you are being infested with fake svchost.exe related malware so that you can take further steps to alleviate your PC from malware.
You can download Svchost Process Analyzer from http://www.neuber.com/.