Svchost.exe

Hi all.
I've had a look through the suggested posts and used the searcher, but can't find exactly what I'm after.
Firstly I chould say I'm running a regularly updated AVG antivirus and Spybot S&D as well as Ad-aware occasionally. They all show my system as clean.
It's an XP machine with SP2 installed.

In my efforts to reduce my running processes I'm cleaning out all the pre-instaled crap that came with my laptop (an Acer - go figure rolleyes) and I have it down from 65 to 52 including this browser

Now to my problem:
I have 6 instances of SVCHOST.EXE. Now I know that svchost.exe is all good, but I've read somewhere that if it's on upper case then it's infected. I have no instances of it in lower case, and they're only taking from 4-26MB of RAM, and as I have 2 gig that's not much of an issue, but if they're malicious I want rid! P.S they are all spelled correctly, just all in capital letters.
3 are attributed to SYSTEM, 2 to NETWORK SERVICES, and 1 to LOCAL SERVICE.
I am the only user of this machine.

Any help greatly recieved.

Tom.

 

If you suspect malware than your first step is to follow the instructions in the READ & RUN ME FIRST. Malware Removal Guide to make sure your system is free from nasties.

 

There are different kind of svhost on your pc, and viruses too. You can take a look at this link and check yur system ibidem.

 

Ok, I've tried all the steps in Mada's link (thank you), , and I've even got the full version of RegistryBooster2 (cheers Plaphon), and it certainly runs better but nothing picked up on SVCHOST.EXE and I still have the same 6 processes running.

Any other ideas?

Cheers
Tom.

 

Open up a command window and type the following:

tasklist /svc /FI "IMAGENAME eq svchost.exe"

It will show you what services have caused each one. Hope that helps you some.

P.S. I have 6 running myself.

I also recommend Process Explorer: http://www.majorgeeks.com/Process_Explorer_d4566.html

 

Thanks, it not the quantity I'm really worried about, just that they're all potentially malicious processes!
I typed your command, but it said:

'tasklist' is not recognized as an internal ir external command, operable program or batch file.

Are you sure of your instruction?

Cheers,
Tom.

 

For what it's worth it is normal to have multiple SVHOSTs running. For example, my computer has 5 examples, it is a core service.

I have, on another machine, had a virus masquerading as a SVHOST. It was on a 98 machine, so it stuck out like a sore thumb, and they chose the name to hide better because it is such a fundamental service.

 

Not sure what to say, it works for me on XP Pro SP2. Did you open a command window (Start - Run - type "cmd" and hit enter) and type it inside of that? Regardless, go ahead and download Process Explorer I linked to above, it is a really great tool and it will show you what all those tasks are doing.

UPDATE: XP Home does not have tasklist.

 

When you issue a command, Windows will check all the directories specified in the %PATH% environment variable to see if there is a program to match the command.

When it cannot find the command in any of these directories, you get the above error message.

This means 1 of 2 things:

1. The tasklist.exe file has been moved to a directory that is not the in %PATH%, or deleted.
2. The %PATH% has been corrupted. (more likely)
edit: 3. You don't HAVE the tasklist utility, as per Jamiko's post

Let's check the %PATH% first. Here's how:

1. Hit Windows key + break (or right-click 'My Computer' and select 'Properties')
2. On the 'System Properties' dialog, select the 'Advanced' tab
3. Press the 'Environment Variables' button
4. Under 'System Variables' locate the 'Path' variable.

The path variable should have AT LEAST c:\windows, and c:\windows\system32 in them.

The default location for the tasklist executable is c:\windows\system32. If it is not there, or this directory is not in your %PATH%, then the command will fail with this error message.

 

Unless he has XP Home which I've been told does not actually have tasklist.

 

...