How to Remove the svchost.exe virus from PC

What is Svchost.exe?

The svchost.exe is an executable file of Microsoft Windows and is tagged as a Generic Host Process for Win32 Services. This is an important Windows file and it is used to load the required DLL files that are used with Microsoft Windows and Windows programs that run on your computer. Some Malware often uses a process by the name “svchost.exe” to mimic the windows process.

The orginal file is located only in c:\windows\system32 or c:\winnt\system32 depending on versions of Windows OS. If the file that is located in any other location, then we can conclude that the system is infected with malware.

svchost.exe provides a service which is used by Windows Defender. There are multiple instances provided by svchost.exe which are used for many operations. One instance may provide single operation and other instance provide several service to windows.To know the service which are currently running. Go to Task Manager and click Processes tab. Click Show all process and Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Affected OS/Platform: Windows

How to find System is affected by Svchost.exe malware

Step 1: Open the Task Manager with a CTRL+ALT+DEL key combination

Step 2: Right click on the svchost.exe and Select Open File Location The Open File Location will be showing you the path where the file is actually located c:\windows\system32 or c:\winnt\system32.

If it gets open in some other folder or file location, then it is sure that the system is infected with svchost.exe malware.

How to remove the svchost.exe file from system using Comodo Antivirus?

Download our award-winning Comodo Antivirus software

Installation configuration frames will be displayed. Select the configuration you would like to apply

Select Customize Configuration option and arrange installers, configuration, and file location.

Once the Installation is Finished, restart your PC.

Comodo Internet Security starts to update the software for virus protection. It takes sometime to get updated.

After the update, a Quick scan is executed.

If threats are found upon completion of scanning, you will be prompted with an alert screen.

The Antivirus Software will clean all malware including svchost.exe.

Windows OS PC Security Softwares:

Related Resources:

Website Malware Directory Resources:

Malware Entries

First Seen: 06 February 2009 at 11:36 pm

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	Acoustica Inc.	Executable	1c80c1a7be5dd3b7 1e8205166d57f17a 7fc118af	4c9a59bcdb40e39f 0c72820f381b9ab2	TrojWare.Win 32.Injector. ADKK	No	2, 0, 18, 0	2, 0, 18, 0	United Kingdom	N/A
2	N/A	Executable	2a6c5f2d65f5b94c 2314d70dfd16a41f e9b81339	e9073adbf51ef5d7 e23ea5936bb9099d	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	179.26.129.169/32	N/A
3	1994	Executable	037eb1e7089e828a 3b9b45e032cff7b7 7ddf4a62	76f973ac86143f85 916d041389984e39	TrojWare.Win 32.Miser.I	No	2.04.0003	2.04.0003	10.224.1.116/32	N/A
4	N/A	Executable	4b7500bcfe7aa953 22a401fb28e239ba 39ed53fd	c47779304e5f4553 3e2edee65d8f63e8	Unclassified Malware	No	1.1.0.0	1.1.0.0	185.214.187.184/32	N/A
5	N/A	Executable	31478e6e996cb2f7 f9b0d4c2ce9ac088 28b0a2cb	e6d6685365d60593 5189f6512e03b19d	Application. Win32.Adware .RuKoma.A	Yes	N/A	N/A	185.150.154.131/32	N/A
6	Microsoft Corporation	Executable	a3c7aebc831b975e 54b9426db9edb27f d7f2a9f3	0181d6dc9b7b6fb2 c3ef01b545265e6e	Virus.Win32. Expiro.SR	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Russian Federation	N/A
7	N/A	Executable	9ca7f44804158b5d 198b8e8750de52c6 20f8536a	17854e338138076d 7540297adbefc217	Unclassified Malware	No	1.0.0.0	N/A	Internal Submission	N/A
8	N/A	Executable	98ec37b48031eecb 7f2a06eabd324b07 79373542	d15e8aff67a1efb7 78ad21e63ab8a4cf	Unclassified Malware	No	1.0.0.0	1.0.0.0	Internal Submission	N/A
9	Tencent	Executable	f904baffceb56a4d cbae23788066e290 963a380d	fa508241066ee437 5d8bcbe6b843baa5	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
10	N/A	Executable	0d2d9664df8ece53 bf037549123ffb5b 5a387d8a	ca40516db1c91895 64538a862bc7d17a	Application. Win32.Monito r.Spy.~OL	No	N/A	N/A	Internal Submission	N/A
11	N/A	Executable	08863c0a83bc71cb e2b839ef997dbdcb f3da71d4	92b1f95f8aeb4e19 b73a4ec1869a5fc9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	United States	N/A
12	N/A	Executable	74680ba67190d0cb 6ee7aff43e7b0fc4 29b9b2ed	839209fd255f1ee4 c00dbfc83f040d2b	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
13	N/A	Executable	b941c38fa47d26f9 7631da58b36f5d4a bb92af34	fa54d65cba28dd67 334c1782a6da887d	Virus.Win32. Virut.CE	No	N/A	N/A	154.136.237.94/32	N/A
14	Tencent	Executable	78bb1482113a230e dbf74c2fa68ebb3a 7d1bdb29	e6f22990f0bd3f45 e123bba6baf75b8f	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
15	N/A	Executable	9a8137cd92a60a00 5cb4830579b30b0e 3baefbc6	be5921701d8837d5 3e12ecd5e734229b	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Vietnam	N/A
16	N/A	Executable	a19bb56deee4f7d2 4a18a458865a8678 b28520d4	42642fceddaa60dd 81092ff5f4af1f65	Heur.Suspici ous	No	N/A	N/A	Internal Submission	N/A
17	Macromedia, Inc.	Executable	d4e5eb07b999ca47 cc3c1c8d465bb087 8a48b851	0fe56475f9e3e27b 330096616e2ee9c1	Virus.Win32. Ramnit.K	No	7,0,14,0	7,0,14,0	Philippines	N/A
18	N/A	Executable	7ad3262ee49ef7ed c10beb20580603c5 d98fda69	0970c6c557b7213d 6df7674eb8d76093	ApplicUnsaf. Win32.Server Proxy.CCProx y.ai001	No	6, 3, 0, 1	6, 3, 0, 1	China	N/A
19	N/A	Executable	a5fff2a5f8f5f188 b42ad708954dab11 7246511c	5533abf652f1022f 9ac8c8e818a89351	Heur.Suspici ous	No	N/A	N/A	United States	N/A
20	Tencent	Executable	8ec5556385246bf7 2249a2e06e7a2cb0 f4003f5c	70f101c523266235 5a91660a28651af4	TrojWare.Win 32.Zegost.IN A	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
21	N/A	Executable	6c1a3a9fae131bf0 d73c72d5c6068823 f3962c05	86c0eb7bc613ecb8 ff37a86af91e8c56	Unclassified Malware	No	N/A	N/A	United States	N/A
22	N/A	Executable	9ea0895228357066 1979a744eaa63014 7a70490a	5b119b76894bb201 626de1ddf527d202	Unclassified Malware	No	N/A	N/A	China	N/A
23	N/A	Executable	253894860de0301d 4e956ce1b7029143 cf16a267	5d3da46a1a40ba1b aff24c14af2a26e3	Win32.Jeefo. A	No	N/A	N/A	Poland	N/A
24	Cronosoft	Executable	c5a66c82ab502bdf 6322b18a2487435b 5338ee1d	7cc569dcc12f69f9 1dfc2af73c33966b	Virus.Win32. Virut.Ce	No	10.10	10.10	Trinidad and Tobago	N/A
25	N/A	Executable	ec5e37c2421efbab 463a67ff69171eab 74f86199	569c1c9484ce4ff5 c06ae212e98a737b	Backdoor.MSI L.Bladabindi .A	No	N/A	N/A	United States	N/A
26	Adobe Systems Incorporated	Executable	0d469d5fae195401 ef1d7ec0e3cd4da1 b5b1b6f6	a89b6947a95974d6 300a85bdc59ab4a8	Unclassified Malware	No	8.0.0.2006 102300	8.0.0.2006 102300	United States	N/A
27	N/A	Executable	0df0281e26c13dc9 f1e6caed997baefa 73f58a6f	16129e19a5ae41f7 ccc8f8cb188784a0	Unclassified Malware	No	2.03.0001	2.03.0001	10.224.1.116/32	N/A
28	Cronosoft	Executable	442d82f7d67c3aaf 1c202a0fa5c00e2b cbee596b	7bdd5953f97f0fef 308c69b0be4d833a	TrojWare.Win 32.Patched.H N	No	1.3	1.3	Bulgaria	N/A
29	Microsoft	Executable	734fdb0adef84928 f9bc3f2e655a7e89 c31a1ef4	ae2840c267e5049c 76eedc81abdba75a	Virus.Win32. Sality.gen	No	1.00	1.00	Argentina	N/A
30	Maxthon International ltd.	Executable	5f05f7ae248701f8 0c19eabb30816096 8393a149	78790f3a226939a0 aaa1ef2b4969e2b7	Unclassified Malware	Yes	3.0.19.100 0	N/A	United States	N/A
31	N/A	Executable	bc59e9d4fa51af20 2fded61f84a4c6c2 49639664	366c86d1eb850b20 44af12d5577d1e22	TrojWare.Win 32.TrojanCli cker.Cycler. IM	No	N/A	N/A	Italy	N/A
32	N/A	Executable	a67ea957ddf64654 5569115c8a092f04 d3399e60	cc26df51e4592762 3d8b998cd07ed243	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
33	N/A	Executable	c13005a682c18e26 2e17e10531e3be98 7e5034fd	e4da678a7795d53b 03ad010c549bbab4	Backdoor.Win 32.Bifrose.A DR	No	N/A	N/A	Internal Submission	N/A
34	Microsoft Corporation	Executable	21e9e0bb48e67062 599f4a28d300994f 3150ec0c	17750b217ee388cc 128b7b990da4368f	TrojWare.Win 32.Spy.Banke r.Gen	No	N/A	1.0.0.0	Internal Submission	N/A
35	Casa	Executable	7349fdbc5a1aa1e7 874452502dbb009e 998e03c8	c689ec7d5c391da8 4529596dfef5b579	TrojWare.Win 32.TrojanDro pper.Agent.G OK	No	1.02.0001	1.02.0001	Cyprus	N/A
36	N/A	Executable	cccb917150f4d918 d673cf960f3a0eab 6c691416	c05255b466f7d50b d381f03b61e5f26f	TrojWare.Win 32.CoinMiner .RB	No	N/A	N/A	Italy	N/A
37	N/A	Executable	5aa778fddf4805a4 9c27619e1855d844 e1eb3e29	7b549c8e4001017b 20e4abf7279bf94a	Unclassified Malware	No	1.0.0.0	1.0.0.0	Internal Submission	N/A
38	N/A	Executable	1c0f0079c329a054 51cc69cb9dac6eee 82974050	0b6bbdb71222a8f0 8b2b82578b8bdcd2	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
39	N/A	Executable	54c9adf2cc72b6f8 df095864973e3a85 7b738fea	4f4c42c907e3960b a1aebf17f7ccde83	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
40	Microsoft Corporation	Executable	d56973b7f2a9420d 3a767e9e17b728af 1ec606c6	1681a0bd18785371 4ae1822ad5fa7db3	Virus.Win32. Expiro.R0	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	Ukraine	N/A
41	N/A	Executable	590b56f79da9e227 3398ae45f7d88955 878e003a	d5513d51a07b2571 f5e868b6102c8ecb	Application. Win32.Adware .RuKoma.A	Yes	N/A	N/A	185.150.154.131/32	N/A
42	N/A	Executable	7fa0befb3f69c4c6 e7b14a5c58348e4a 0f7054ef	c1a92f68f4f96f6c 444f4e96118b3769	Win32.Jeefo. A	No	N/A	N/A	Ukraine	N/A
43	N/A	Executable	049c34d55d31e987 a204f536174b21a8 d5911601	f7f724517b39e2af 1fc8263d60afa177	Unclassified Malware	No	1.0.0.0	1.0.0.0	Internal Submission	N/A
44	N/A	Executable	99c52467ac32d25f 2733a8757ebb818f 168ee074	629a68de78a1d891 49ab4874fd270ef4	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Canada	N/A
45	N/A	Executable	b99096da743324b1 8da42c6c2b04de28 eb67d31e	398c153889f6026c d78186a678f6f6f0	TrojWare.Win 32.Malex.EQ	No	N/A	N/A	168.235.64.207/32	N/A
46	Microsoft Corporati逧n	Executable	308aa5261be1874a 322f55d726515d75 767c8aec	5a4747fc864d58d6 3e06e24b00ef690d	TrojWare.Win 32.Kryptik.K AZ	No	5.2.3790.4 566 (srv03_sp2 _qfe.09080 5-1438)	5.2.3790.4 566	Internal Submission	N/A
47	Redondo	Executable	1ea5a0bb45789de5 1fd39fe1257767ce 1b022ede	c4b6d916790a34ee f6c71cfea4526d8f	TrojWare.Win 32.TrojanDro pper.Agent.V CC	No	3.45.0005	3.45.0005	Internal Submission	N/A
48	N/A	Executable	85d384a5c00aa41c bbf312dacf65d3cb 765a49bd	6203f00e41f3d42f fdf4cae3c0154f60	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	191.177.184.34/32	N/A
49	N/A	Executable	6af5a9e1cff63240 7262750b8b08e482 6b8dd0ed	be8fd6e6a370aa78 f9f7dd419af1e68a	Heur.Suspici ous	No	1.00	1.00	Internal Submission	N/A
50	Microsoft Corporation	Executable	79cae5666b7eea04 f56c95a72360132a eea11cff	3e550c872523cbf8 762cadde9a9ef914	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	197.210.44.199/32	N/A
51	N/A	Executable	492bae04efd7049a 1dce8fdc5c616451 40ed202e	209ed86b9d6182ec 8ea95a331a02c4b3	Backdoor.Win 32.Amtar.vna	No	N/A	N/A	Brazil	N/A
52	Microsoft	Executable	95a2e40e36307194 7922c5963ae375a4 84f81269	7721ea3dae61a394 69d6a6f2e506685a	TrojWare.Win 32.Kryptik.G T	No	1.00	1.00	Vietnam	N/A
53	Tencent	Executable	42b319cf1ac38fc9 4159cd9636732e48 38314e2d	368fdb173eff682d 56a34c894014fc78	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
54	Windows (R) Win 7 DDK provider	Executable	6439827587255651 66eaa02af1c52e1a 3c7424ef	f105258798f10531 e2df2a81f67a9d76	TrojWare.Win 32.Trojan.Ag ent.Gen	No	9.3.7800.2 1715	9.3.7800.2 1715	Brazil	N/A
55	N/A	Executable	6de9d05822de4bd0 44d94770448793ac 3bbe3754	a05207fd3aab9628 4360689a25b6f950	Win32.Neshta .A	No	N/A	N/A	37.255.254.102/32	N/A
56	N/A	Executable	484e004faf68965c 2e46ab92924a8593 f70a1496	3635790791dca6ad bdf464dcac14c480	TrojWare.Win 32.ButeRat.P P	No	N/A	N/A	Internal Submission	N/A
57	Synaptics	Executable	8cebfba69ecedd6b 0a6b81535a8ef095 a41db64c	b3dc61078f197e5a d0ed590f92155d5e	Virus.Win32. Agent.DE	No	1.0.0.4	1.0.0.0	Turkey	N/A
58	N/A	Executable	a0a3b7d3a7aa48eb b7f638cb65810433 d6f51e72	c95be3b51632de94 22be5855f4876bd9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
59	Microsoft	Executable	7ec574be6f59d588 9df24377333a424f f1607c6e	63dd83d886f3492b cccdae1c231c41af	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
60	N/A	Executable	951e1a7912e3019d 8e96ecf9098ff879 0dc98385	c2be33709a42b54a f6dd938eec6f337f	Heur.Suspici ous	No	1, 0, 48, 05	1, 0, 48, 05	Internal Submission	N/A
61	N/A	Executable	a2fb28cbe6b7940c 9178c8dc4f0c8f8a 4b906c1b	3d8478922f2a95c5 a5bf60a9a0f6795a	Unclassified Malware	No	N/A	N/A	United States	N/A
62	Microsoft	Executable	2b374b5342a95433 505db74880225bdf d0e72bec	3a3e9964f108cc21 4602048b8226b60b	Virus.Win32. Sality.gen	No	1.00	1.00	Argentina	N/A
63	N/A	Executable	42c26766d16cb9c2 1c3a95bac84b88bc 1469d7c5	a8caf03b50c424e9 639580cdcc28507b	Heur.Suspici ous	No	1, 0, 0, 1	1, 0, 0, 1	Internal Submission	N/A
64	N/A	Executable	b64ec3ff34a5e148 b1748ee6e79f7b22 77341b35	4129b88f1d82ca3d 5bc47dba2bf2ad91	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Paraguay	N/A
65	N/A	Executable	253d0eaf957524a1 01ac4a07ed7bec5c 0896197d	c242eeff0c2f1e0b f6531079b74b10bb	Unclassified Malware	No	0.0.0.0	0.0.0.0	Internal Submission	N/A
66	Microsoft	Executable	daaff67e0d5d50ed 87924980fa7bb686 f816f8d5	14569bbd9c629b4b c5ca1eaa69eb6c73	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	168.227.97.194/32	N/A
67	µßµµ	Executable	4e755fda05a7e5d2 f246f746d21ddb1e 1ab890a8	05a31eaadbb3b3ae 810d7415cffda041	Unclassified Malware	No	6.1.5.2	7.6.2.3	United Kingdom	N/A
68	Auto Debug System	Executable	9e6ee262006c3cab 0857bfa1ff020212 b5ebebe4	7facf547115b145b c20adf9f2e939147	TrojWare.Win 32.Buzus.rfg w	No	1, 1, 1, 10	1, 1, 1, 10	Russian Federation	N/A
69	N/A	Executable	5fda9be06756e6ed 0141ac8417fa3ff5 010c8fcd	7b992936a199e917 d565a38b4f4e530f	TrojWare.MSI L.Kryptik.ES	No	N/A	N/A	United Kingdom	N/A
70	N/A	Executable	2041a0c65cc5737b 07e382ed8eadaefb e5b55f1c	ab83d63bc49baf70 29b0399e1fc8ed5e	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Spain	N/A
71	Tencent	Executable	054841d53f269a96 94655af8cc463fa5 1c6f15f6	9aa8dbf276d35593 dfd1b36b22c95c17	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
72	N/A	Executable	c83a914988115bb4 a2f5a41f7ac929b4 15a4faaf	fafc44ccfb015a9f 53e5c93e2861e197	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
73	N/A	Executable	02c900a4492e55a3 0503ea7fe4fa2336 0fcc63db	70817e13029001ab 63a7c0027a4aaecd	TrojWare.Win 32.Packed.PN C	No	N/A	N/A	Internal Submission	N/A
74	N/A	Executable	120a2146a9f78a19 8e8dfc0f817d771f a94bdeb8	31e2ef53c6ec0a88 3b9121a1eda3931e	TrojWare.Win 32.Magania.~ AAD	No	N/A	N/A	Internal Submission	N/A
75	N/A	Executable	69b790920dc5b9ab c5decc25d754d84d 7cce8d3d	b858e9b1f80c285d 0cf7689f54d21b24	Backdoor.Win 32.RmtSvc.as d	No	N/A	N/A	Internal Submission	N/A
76	SkhEayqmyP	Executable	ef8bf0f188778c8a 7314d73edf9e1d77 35191a67	869ef4c63be3dd01 cde9c9c91b4d889e	Unclassified Malware	No	7.12.0082	7.12.0082	Internal Submission	N/A

1 2 3...19

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 06 May 2008 at 1:41 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	N/A	Executable	a802bd37b91accba 45391bfd50b337bb 15d44efb	7bef0e87abecbe18 e50835c0839906db	No	N/A	N/A	Internal Submission
2	Microsoft Corporation	Executable	da0ff4006859a758 0aba81f486f692de ad2014fe	8f078ae4ed187aaa bc0a305146de6716	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
3	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
4	N/A	Executable	95d4bcbf60a3a489 0858c7c39faaaa83 ee569c8b	9ea1560c138be592 e5a38f46689916e3	No	N/A	N/A	Internal Submission
5	N/A	Executable	7f6bbc2631938496 74021e1add533a96 5002bcf5	37a3c03034e0db21 bd11248f728c0a16	No	3, 3, 6, 1	N/A	Internal Submission
6	Microsoft Corporation	Executable	6d43a102a1646197 85ed33ad87cb59ec 3f047ce5	dda2d46da1f0bd25 d6eb0194cb3ab3e4	No	5.2.3790.3 959 (srv03_sp2 _rtm.07021 6-1710)	5.2.3790.3 959	Internal Submission
7	N/A	Executable	1239bbd299df3675 33f479a851e3a029 f76b3308	d582a51cf51bd619 bab6aa8ae2ed7428	No	3, 3, 6, 1	N/A	Internal Submission
8	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	United States

1 2

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “svchost.exe”

What is Svchost.exe?

How to find System is affected by Svchost.exe malware

How to remove the svchost.exe file from system using Comodo Antivirus?