So you suddenly face some lag in your PC, curiously you check the task manager and found that Svchost.exe process is using 100% of your CPU or Memory. But wait it is a Microsoft service, is it compromised? You started to think may be it’s a virus which is going to make your PC sluggish and slow. Well before removing Svchost.exe virus, first lets check out what Svchost file is and what it does.
Contents
What is Svchost.exe?
SvcHost or Service Host is a Windows process used to host one or more Windows services. It is a common system file which is required to load the needed DLL files that are used for the Windows programs or Windows OS.
Since SvcHost is an important Windows process, Some Malwares tries to inject its service into an already running Svchost process. That’s why you sometimes face high CPU or Memory usage.
But sometimes the Service Host actually uses some Windows resources. If you are running a low-end PC then you might face this issue. You can read more about Svchost here.
If you are facing high memory/CPU usages from Service Host- Windows push notifications service then you can check our video on how to fix it.
If you are facing Service Host Superfetch high disk usage then you can read our guide on – Fix High Disk Usage in Service Host SuperFetch
How to Know if Svchost is Malicious?
The Svchost virus often installs itself by copying their exe files in the system folder and then it tries to modify the registry values. These malwares are distributed by downloading files from untrusted websites or installing unknown programs.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
The above path is modified by the Svchost virus.
Since Svchost is a common Windows process, it becomes difficult to differentiate between the malware and the original file.
The only way to check if Svchost is compromised is by checking the file location. Well, the real Svchost.exe file is located in C:\Windows\System32 folder. You can check if the Svchost file is malicious by going to the task manager. Right-click the Svchost.exe file and select the open file location.
If the file is located in C:\Windows\System32 folder then it’s not a virus.
If you find any other location then immediately follow the below guide to remove it instantly.
How to Remove Svchost.exe Virus?
You can use any malware removal tool, but if the malware tool doesn’t detect the virus then you can try the below guide.
Since your PC is compromised with virus/malware. The first step we will do is try to terminate any suspicious background process which might interfere in the scanning process. To do this we will use a tool called R Kill.
Using R Kill
R kill is a tool which will search your PC for a suspicious process which keeps running in the background and tries to terminate them. It’s important to terminate these process as they might interfere in the Svchost removal process. Follow the below steps to use R Kill.
- Download R kill from this link.
- Once it’s downloaded run the program, it will start scanning for malware and terminate any malicious programs running in the back
- A log file will be created on your desktop, you can find all the processes that are terminated and it’s details.
- Once we have terminated some suspicious background processes it’s time to scan for malwares.
Note – Don’t restart you PC after using R Kill, as it will again start all the background services.
Using Malware Bytes
Malware Bytes is a popular software used to remove malwares and adwares from your computer. Follow the below guide to remove Svchost.exe virus using malware bytes.
- First Download and install malware bytes on your computer. Download Malware Bytes
- Install it just like a normal software., once it’s installed launch it.
- Now go to settings and in the protection tab, enable scan for rootkits. This will ensure that Malware bytes tries to deeply scan your files.
- Now click on the scan button to scan your PC.
- Once the scan is completed it will show the threats that are found.
- You can quarantine those threats and delete them later.
- In the treats sections, it will highlight what kind of threats are found. You should delete the treat which is tagged with malware flags. You can ignore the potentially unwanted programs if you want.
In case you want to be totally sure you can scan your PC again with a different tool. This will make sure that we have completely removed the Svchost.exe virus.
This time we are going to use Zemana AntiMalware, which is a premium malware removal tool which you can use for free with a 30-day trial.
Zemana AntiMalware
This is another free anti-malware tool. You can also use these tool to remove the svchost.exe virus.
- Download and install Zemana Antimalware on your PC.
- Once installed, launch it and click on the scan button.
- It will then start scanning your PC for viruses.
- It any viruses found then it will show them and you can delete them.
These were few tips to remove Svchost.exe virus from your PC. Hope you have successfully removed it.