SVCHOST.EXE What kind of process is loading the processor/memory so much?


Why are there several svchost.exe processes on the system?

Precisely because many services operate simultaneously.


Multiple svchost.exe processes

If the processes are not displayed, in the task manager, click the “Show processes of all users” button, because all these processes run on behalf of other users (for example, “NT_AUTHORITY\system”). And also pay attention to the command line from which the process was launched - there is a full path there. If there is something different from \Windows\System32\svchost.exe, this is a reason to pay more attention to such a process, because Various malicious software is often disguised as this process.

PS If you don’t see the “command line” or other column, click on the “View -> Select Columns” menu and check the necessary boxes next to the column names.

Why is the CPU loaded to 100%

You can always say: “The system loads 100% hardware because it is weak.” Of course, you can’t argue with this, but the “svhost” file can load even powerful processors, albeit in the short term. This is usually due to the fact that:

  1. The standard procedure is temporarily performed (if the load appears and disappears) - scanning the contents of the drive (including the system partition, which loads memory in addition to the CPU), updating the system (loads the CPU and memory), and so on. If the computer lags are temporary, you should wait until the system finishes the work it has begun. No additional action is required.
  2. One of the services has failed and is not operating normally, loading the system alternately or constantly. There could be a lot of reasons. The most common are conflicting drivers. In this case, you can try to find out what kind of service it is. How to do it? – read below!
  3. The hard drive crashed or caught a lot of bad things. In this case, checking the hard drive with the Victoria program for bad sectors and bad tracks will help.
  4. Virus software has disguised its activity as a local process. This is rare, but it does happen. In this way, the virus accesses svchost.exe and loads the CPU. A good antivirus can detect malicious code. If you don’t have one at hand, starting Windows in safe mode will help. Thanks to the minimal set of components loaded into the OS, you can check whether there is such a heavy load on the CPU or not. If it is missing, look for “malware” among the installed software with suspicious activity.

Since the most common option for a full load on the CPU cores is the incorrect operation of any service of the “svchost” file, you need to find out what kind of process it is, what it is responsible for and whether it is realistic to restart it.

Is svchost.exe a virus or not?

Let's do this, below there will be a series of questions - if you answered “no” to any of them, then you should pay close attention. And the more such answers, the more attention needs to be paid.

  1. Can you launch Task Manager and go to the Processes tab?
  2. Do you see multiple svchost.exe processes when displaying all user processes?
  3. The names of all these processes look the same (exactly “svchost.exe” without any “0” instead of “o”, etc.)?
  4. Are their launch parameters similar? “-k LocalService” or something like that...
  5. Are all processes running from the same directory? “\Windows\system32\” by default.
  6. Are all svchost.exe processes running under system accounts?


svchost virus or not
Of course, these are not all possible cases, but most Trojans can be weeded out this way. Go ahead.

Stop Windows Update to fix the problem

1. Press the Win + R keys simultaneously to open the Run window.

2. Enter the command services.msc. and click OK.

3. Find “Windows Update” in the list and right-click on this item. Click Stop.

4. Now in Explorer, go to This PC → Local Disk (C:) → Windows.

5. Find the SoftwareDistribution folder and delete it.

6. Restart your computer.

♥ BY TOPIC: How to configure Windows to remove USB flash drives and drives without using “Safely Remove”.

svchost.exe is using up CPU or memory

This is a very common problem. And the course of action here is very interesting.

  1. You need to determine the name of the service that consumes system resources. So, let's go step by step. For Windows 7, you need to display the process “Process ID” or “pID” - will display the process identifier in the task manager so that you can uniquely identify and distinguish one svchost.exe from another. For Windows 8, for example, in the manager all processes are already grouped by PIDs.


    Processes are grouped by PID

  2. We remember the PID and for Windows 7 go to the “Services” tab.


    Services by PID of processes
    There we sort by PID and look for our ill-fated PID, study the list of services...

  3. If you don’t need the service, you can safely disable it. If necessary, try setting it up. The age-old question “Which services are needed and which can be safely disabled?” – There are a million instructions on the Internet, my answer is – if you are firmly convinced that you don’t need it – stop, work. Make a note of what you disabled. All configurations are different, someone working without a network at all can turn off a lot. Someone without a printer, file search, design - turns off the other. From my personal experience, the computer began to breathe more freely when I disabled the update service, firewall, Windows Defender (since I use a third-party antivirus solution), indexing service and themes. You can also safely disable others, but it’s better to read the corresponding manuals. The list of services is not so large - you only need to look at those that relate to a given process, which consumes a lot of resources.
  4. PROFIT. That's all.

Practice has shown that such optimization is quite effective. Well, some services can not be disabled, but switched to manual start.

Solution and acceleration

For the purity of the experiment, you can compare processes loaded in safe mode (with a minimum number of drivers pulled up) and their impact on the processor. If the problem persists in safe mode, there are several options left:

  • We look at the instructions for eliminating the load precisely because of this file - at this link.
  • Comprehensive measures to clean and speed up the system. Read the instructions: Windows 7 and Windows 10.
  • Reinstall Windows (you can install a simpler version) - the most extreme case.
  • Change system components (typical for computers with outdated and weak hardware by today's standards).

At one's own risk

However, if the real problem is Svchost.exe netsvcs (Windows 7 most often has problems with it), but you don’t really like the prospect of reinstalling the system, you can try to act at your own peril and risk. You will need to delete the folder called Prefetch. It's on Windows.

Next, visit the Tasks folder. All documents in it should be cleared. Next, get rid of Svchost.exe. You can restart your computer and look at the result. This is a very risky business. And often you will still need to reinstall Windows after this. So it’s better not to try to deal with the problem in this way.

Computer problems associated with a lack of RAM have been, remain, and most likely in the near future will still be relevant for most ordinary users. However, in our case we will consider a specific situation: “Svchost is loading the memory of Windows 7,” the solution of which can be used in a number of other cases when the OS is in need of RAM resources.

Today we will look at:

Reboot

The first scenario is a banal reboot of the computer. This is very important if you haven’t turned off the operating system for a long time. In this case, your memory will be filled not only with Svchost.exe netsvcs, but also with other functions that are important for work. Alternatively, you may simply have experienced a minor system glitch. It does not pose a danger to the data, but it does have a significant impact on the performance of the computer and its memory.

It is in this situation that the most common reboot will help. A complete system restart will occur, after which you will be able to work normally. This is how many users struggle with the problem. But this only helps in the listed cases. If the problem that Svchost.exe netsvcs loads the memory of Windows 7 lies elsewhere, then a different approach is needed to eliminate the “hot spot”. Which one?

Why is Tiza dangerous?

SvcHost is an essential Windows component. This may be why many malicious tools choose to disguise themselves as the SvcHost process. But don't despair! There are ways you can determine the authenticity of this process. The best thing is to look at where exactly the .exe file is located. Source System File - This can be found in the C:WindowsSystem32 or c:winntsystem32 folder, or even in the DLL cache folder, depending on the Windows version you are using. Any other file with the same name located in a different location is an impostor. It's more like malware, using a name as a front to hide, and wreak havoc undetected. Well once you determine the .exe file on your computer is fake, don't let it stay and wreak havoc. The bad thing is that any virus can load itself into memory using the legitimate windows process svchost.exe

The most important thing is to identify all the services running on your computer and determine if there is one sneaky one.

Your computer is most likely infiltrated by a virus or Trojan. And said virus or Trojan for the appearance of fictitious Windows services. Once the infection service you are stuck with starts, you can choose to connect to the malicious website and either transfer the personal information it stole from you or download additional malware. So the question is: are you ready to play with your personal and financial information? Are you willing to risk it falling into the hands of unknown third parties with hidden agendas? Are you ready to open your system to more unwanted malicious tools? And, how long do you think it will last before it gives up and greets you with the Blue Screen of Death? Are you ready to find out? Here's a hint: don't. Protect yourself and your system, and do what's best for you and your future PC: remove fake executables right away! This is for the best.

Reasons for CPU Overload

Loading the RAM and processor leads to freezes, incorrect operation of the computer, some sluggishness during operation, the computer stops starting normally, and more. An unreasonable percentage makes it impossible to work on a laptop.

The main reasons why the processor is 100% loaded are:

  1. Software conflict;
  2. Errors have appeared on the system disk;
  3. The running application requires serious technical characteristics of the computer;
  4. The system is updated automatically;
  5. Presence of viruses.

If an unknown process occurs, turn off all programs, close the browser and check the task manager for the presence of these processes. If you see it working, but not sure which application specifically (not needed), then you can disable svchost exe.

This situation, with unknown processes, sometimes occurs due to incorrect termination of programs. The program was closed, but the processes it used were not completed and continue to operate.

If malfunctions appear after downloading driver updates, it is recommended to roll back to the previous version of the driver.

Description

But first, it’s worth understanding what we’re talking about. Initially, all computer processes are not dangerous. But only for the time being. They perform certain functions. Such safe processes include Svchost.exe netsvcs.

Initially, this is the name of the processor hosts, which are launched dynamically using plug-in libraries. In other words, this item is responsible for computer libraries. More precisely, for their launch and performance. Of course, the more libraries there are, the more resources are needed. But there is a limit to everything. So, over time, many users begin to notice that Svchost.exe netsvcs is using up memory. Windows 7 is an unsurpassed leader in this regard. What to do in this situation?

Rollback

Occasionally it can help. However, this option is relevant when the process loads your computer for a short time. In order to perform this action, go to “Start” and select “All Programs” there. Find "Special" and then "Service". In this list you will have to find “System Restore”.

Review the information in the window that appears. For example, you will have to take into account that this process is irreversible. And it cannot be interrupted. Agree with the information, and then select the so-called rollback point. By default, they are created automatically from time to time. Click "Next" and then wait until the process completes. During this period, the computer will reboot itself several times. Don't be alarmed, this is how it should be.

After approximately 30 minutes, the rollback will be completed. And you will no longer have a CPU and memory load on Svchost.exe. You should agree to this action only if you are completely confident that, overall, the system is working normally. Otherwise, your rollback may be critical for your computer.

How to get infected by this malware?

A fake SvcHost may represent a computer Trojan horse. But as sneaky as it can be, it can't just pop up on your screen one day as if by magic. There's nothing magical about his sudden appearance. Infections like the one using a fake .exe file as a front usually show up on your PC by resorting to old but gold infiltration methods. Their usual antics include the most common methods like hitching with freeware or corrupted links or sites. Moreover, the annoying infection can slither its way in by copying its executable file into the Windows folder or Windows system. After this, it moves on to the next step, which makes changes to the registry to run this file with every single system startup. Whatever method of infection, the infection decides to turn to, once it invades your computer, you will be bombarded with questions. Don't waste a ton of time and energy going about your daily dining routine by stopping it from getting there in the first place. Do your best to keep it away from your computer. Be careful and attentive about what exactly you are allowing into your system. Take your time when you install a tool or update and always do your due diligence. Who knows? Perhaps with a little luck, you will be able to keep the fake svchost.executable from your system.

Rating
( 2 ratings, average 5 out of 5 )
Did you like the article? Share with friends:
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]