svchost.exe ?????

gapeach · Jan 10, 2005

I just installed windows XP service pack two and i see a process running svchost.exe. I have read the posts and am still a little confused. One post says it's ok and another says its a worm. Which is it? Also, I am running Zone Alarm and an alert window has come up that says "generic host process for win32 services is trying to use liveupdate svchost.exe". This sounds shady....is this a normal process? Also, I did run a full system scan with Norton 2005 and all was ok. Can someone please sort this out for me.
Thanks!

chaslang · Jan 10, 2005

c:\windows\system32\svchost.exe is a normal Windows process. However if it is running from another folder it could be a piece of malware. Also watch the name carefully. There are many that try to confuse you. Some example (all bad) names are:
svhost.exe
svchostc.exe
svchostd.exe (you get the point?)
svdhost.exe
c:\windows\svchost.exe

The bad version of svchost.exe (which does not run from the system32 folder) is a process which is registered as the W32.Welchia.Worm.

gapeach · Jan 10, 2005

Thanks Chaslang...that clears it up!

chaslang · Jan 10, 2005

You're welcome!

Log in or Sign up

svchost.exe ?????

gapeach Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

gapeach Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member