Fix SVCHOST.exe Error

SVCHOST.EXE is one of those mysterious processes that constantly runs in Windows and is utterly essential, yet you never know exactly what it is doing. So what is SVCHOST.EXE? Identifying the actual services and programs that are running inside each SVCHOST.EXE process is a task well worth knowing, especially when the process eats up 99 or 100 percent of your CPU.
So before we dive into solutions, let’s get a deeper understanding of what this process actually does and how you can go about fixing some of the problems that might occur. Firstly, svchost stands for “service host” and it does exactly what as the name suggest: helps to “host” services. A service in Windows is simply a program in the operating system that does a particular job and runs in the background at all times when your computer is on, even if you are not logged in.
Most programs that you are familiar with run as stand-alone executables, such .EXEs. However, most services are implemented in the form of DLLs, which cannot run on their own. Hence, svchost loads those DLLs and runs them itself. That’s why when you open the Windows Task Manager, you’ll see a bunch of svchost.exe processes running. If you want more info on the Task Manger, check out my articles on understanding the Task Manager.

You’ll notice that there are currently eight svchost processes running on my computer, all using up various amounts of memory and running under different user names. So let’s say one of them is running at an excessively high CPU usage of 100 percent, how can we identify the actual application running?
There are actually two ways to go about this: doing it all manually using the command prompt and Services tool or by using a third party application. I’m going to mention both here in case one does not work for you.

Identify svchost.exe processes using command prompt (hard way)

1. First, go ahead and click on Start and then Run and type in CMD and click OK

2. Type in the following into the command window and press Enter
tasklist /svc /fi “imagename eq svchost.exe
You should get an output as shown below with the name, PID, and service description

You’ll now see each svchost process along with it’s unique ID number and the services it is responsible for running. However, these names are still very cryptic and are all short hand names. In order to get some more useful information about the process, we can use the Services browser in Windows.
3. Right-click on My Computer, choose Manage. On the resulting screen, choose Computer Management and then choose Services and Applications. Finally, choose Services.

4. Now try to match the cryptic Windows service name with the easily readable names in the Services tab. This is a little and can take some time because if you take the process with ID 1436 and it’s name WudfSvc, you have to try to find it in the list. If you double-click on one the service names, you’ll see their cryptic name also, so that’s how you can match them up. In my case, I guessed that the W means the process starts with Windows… and opened them until I saw a match.

As you can see, the Windows Driver Foundation service is actually called WudfSvc also!

Use Process Explorer to find programs running as svchost.exe (easy way)

If you found to be too difficult, there is a much easier way! Check out the Process Explorer tool from Microsoft (originally from SysInternals). The tool is completely free and gives you detailed information for each process currently running.
Once you download it, just run the exe file as it does not have to be installed. Hover your mouse over the svchost process and you’ll get a popup showing you which service is running under that process.

Fixing SVCHOST high CPU usage

Now that you have figured out exactly which process is eating up all of your CPU, we can address how to fix it. If you have found that the process is not a Windows process, such as Windows Update or Windows Firewall, etc, then simply kill the process and uninstall the program.
However, most of the time that this problem occurs, it has something to do with a Windows process. The best solution in this case is to install all of the latest updates from Microsoft’s web site. If you’re not able to do so normally in Windows, try restarting the computer in safe mode and try it again.
Also, if you can get to the Services tab like we did above, go ahead and right-click on the service and choose Disable. Even if it’s Windows Update or the Firewall, don’t worry, you can re-enable it later. Then restart the computer and go to Microsoft’s web site and manually get the updates. Re-enable the service and restart the computer again and hopefully things are working!
In order to disable a service in Windows, right-click on it from the Services tab and choose Properties.

Next choose Disabled from the Startup type combo box located in the middle of the dialog box:

I have gone through this process a couple of times and it’s worked for me. So again, it’s disable the service, restart computer, install updates manually, re-enable service, and then restart computer again.

trace host name with ip address

go to command prompt

nbtstat -a (ipaddress)

How to remove scvhost.exe virus

Symptoms:

• When pressing Ctrl+Alt+Del it blocks to launch the Task Manager
• It blocks the Registry Editor.
• When you try to go to the command prompt CMD, it will restarts the computer.
• The shared folders will duplicates itself to different locations of. The duplicated virus uses a FOLDER icon with an .exe file extension. The configuration of your Yahoo Messenger has been changed.

How to Remove It
OK here we go, you must follow this step on how to remove this virus in manually method:

• Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
• And after you log-in the command prompt you must log-in as Administrator.
• Type cd C:\windows\system32
• Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
• Type ATTRIB -H -R -S SCVHOST.EXE
• Type ATTRIB -H -R -S BLASTCLNNN.EXE
• Type ATTRIB -H -R -S AUTORUN.INI
• Type DEL SCVHOST.EXE
• Type DEL BLASTCLNNNN.EXE
• Type DEL AUTORUN.INI
• Type CD\
• Type ATTRIB -H -R -S AUTORUN.INF
• Type DEL AUTORUN.INF

You are almost done, reboot your PC you may seat back and relax.. :) while loading...
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.

Look the location entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.

OK we are now done.. Please Restart your PC now and Enjoy!!! Thank you and hope this tips will help for everyone..Just post your comments about this problem.