How to Remove the svchost.exe virus from PC

What is Svchost.exe?

The svchost.exe is an executable file of Microsoft Windows and is tagged as a Generic Host Process for Win32 Services. This is an important Windows file and it is used to load the required DLL files that are used with Microsoft Windows and Windows programs that run on your computer. Some Malware often uses a process by the name “svchost.exe” to mimic the windows process.

The orginal file is located only in c:\windows\system32 or c:\winnt\system32 depending on versions of Windows OS. If the file that is located in any other location, then we can conclude that the system is infected with malware.

svchost.exe provides a service which is used by Windows Defender. There are multiple instances provided by svchost.exe which are used for many operations. One instance may provide single operation and other instance provide several service to windows.To know the service which are currently running. Go to Task Manager and click Processes tab. Click Show all process and Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Affected OS/Platform: Windows

How to find System is affected by Svchost.exe malware

Step 1: Open the Task Manager with a CTRL+ALT+DEL key combination

Step 2: Right click on the svchost.exe and Select Open File Location The Open File Location will be showing you the path where the file is actually located c:\windows\system32 or c:\winnt\system32.

If it gets open in some other folder or file location, then it is sure that the system is infected with svchost.exe malware.

How to remove the svchost.exe file from system using Comodo Antivirus

Step 1: Download the Award-Winning Comodo Free Antivirus

Step 2: Installation configuration frames will be displayed. Select the configuration you would like to apply

Step 3: Select Customize Configuration option and arrange installers, configuration, and file location.

Step 4: Once the Installation is Finished, restart your PC.

Step 5: Comodo Internet Security starts antivirus bases update. It takes sometime to get updated.

Step 6: After the update, a Quick scan is executed.

Step 7: If threats are found upon completion of scanning, you will be prompted with an alert screen.

Step 8: It will clean all malware including svchost.exe.

Malware Entries

First Seen: 30 October 2009 at 1:19 pm

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	N/A	Executable	de9fdda8062118fd daf8b2562627350e 3eb0d109	ce0dbbade0ae2e50 04abcf36ebbd3395	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
2	Microsoft Corporation	Executable	e02a45b674c4e8dd 2a033b7f06968b89 db0b4e03	98721c8cfb4f6266 7126ccd86c7d0037	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	156.211.202.122/32	N/A
3	N/A	Executable	89c02bc9fe3a8dde e11c1dfa06e0fa59 7c593e86	d00f8f9618c33ab7 a8162b23e8b9570a	ApplicUnwnt	Yes	1.336	1.336	Ukraine	N/A
4	N/A	Executable	3d289d9b7e3521f3 3b6cba1c1add5524 33fd7ce1	94cf4243082480da a79451bf855a8587	Unclassified Malware	No	1.0.0.0	1.0.0.0	United States	N/A
5	(c) MICR0S0FT corporation	Executable	1a9df04d920c4e24 587e6af7d2814a54 8889b91c	73a90e1ce0ef2432 76ffb05fb80e638e	Heur.Suspici ous	No	2.2.2	N/A	10.108.52.92/32	N/A
6	N/A	Executable	0c564fd078fe4b54 59879d9cbe6d9823 91f1ddfb	29263eb422f4bbf4 e80fe21aa2935357	Unclassified Malware	No	N/A	N/A	United States	N/A
7	N/A	Executable	89c02bc9fe3a8dde e11c1dfa06e0fa59 7c593e86	d00f8f9618c33ab7 a8162b23e8b9570a	ApplicUnwnt	Yes	1.336	1.336	Russian Federation	N/A
8	Microsoft	Executable	146ff38c111882fa 2ab7d7b00444f06d 6f605b50	0a2b413d6dd77653 e0d80832f1c37d17	Unclassified Malware	No	1, 0, 0, 1	1, 0, 0, 1	China	N/A
9	MS-xiaomuma-110	Executable	a68d1918137462b7 27504e026b9851ed e3a281f4	d98cc035eb239ed8 bbfe86d30ec19cbe	Unclassified Malware	No	1, 0, 0, 1	1, 0, 0, 1	128.75.146.130/32	N/A
10	N/A	Executable	26cc82383b2133b4 0c8c422cde8f4478 158bc659	10e4518f4780e4c8 b74d0c219c9b09d0	TrojWare.Win 32.TrojanDro pper.Injecto r.KAN	No	N/A	N/A	China	N/A
11	Microsoft Corporation	Executable	fac68219eca4708a 5f76ff096e999f2e a4a1ef09	0cdb64cd4595ee53 9b6d87141124925e	Unclassified Malware	No	6.00.3790. 0 (srv03_rtm .030324-20 48)	6.00.3790. 0	United States	N/A
12	N/A	Executable	941de4a278485535 cc5461a63b6a6654 c99c2c9e	614d23ac911980c4 4bad690d929b0b39	ApplicUnsaf. RiskWare.Bit CoinMiner.~	No	6.1.7600.1 6385	1.0.0.0	Russian Federation	N/A
13	N/A	Executable	c302f29cdc13ae31 dcfaeb3c062d49be 9c570ef3	ba794403bc61fabf 994b6e3dcf2019ae	ApplicUnwnt. Unclassified Malware	No	N/A	N/A	United States	N/A
14	N/A	Executable	4e80fa7d98c8e87f acecdef0fc7de0d9 57d809e1	8c80dd97c3752592 7c1e549cb59bcbf3	Unclassified Malware	No	N/A	N/A	United States	N/A
15	N/A	Executable	a3adf1f4120e149f 995e490220043b3f 39c23bf5	14c1da6782df8707 85b566508f4f4737	Application. Win32.Agent. zhzbl	No	N/A	N/A	Ukraine	N/A
16	N/A	Executable	c2dcc95d0c95184a 07a1f7ad9076c916 55ec0c38	c2668da2bb78d517 ed7ee6e935c2e5c9	Unclassified Malware	No	1.0.0.0	1.0.0.0	United States	N/A
17	幻想科技	Executable	8e26d71d338d91a9 71ef4fd9744ac96d ebf38642	ae73f0eab0982ada 4b2c3f1819231097	TrojWare.Win 32.TrojanDow nloader.VB.O CX0	No	1.00.0039	1.00.0039	China	N/A
18	N/A	Executable	e0dd8e83b5cf0cce fbace8fbfdb98cb2 ad353d41	e7f9370d79ebeb59 613bb9c537a6a407	TrojWare.Win 32.KeyLogger .Diztakun.A	No	15.00	15.00	United States	N/A
19	N/A	Executable	8985b3f2c16264f7 6b429c5dc1d9cd86 3ec580fb	fcd59452bd0542d0 577921692119ec59	Unclassified Malware	No	N/A	N/A	United States	N/A
20	N/A	Executable	295d31b002cf9255 099abc1d72efbd49 23aa3f48	a67cccdc0b3096e6 9a12112889bf9894	TrojWare.MSI L.PSW.Agent. oxf	No	3.20.0.17	3.20.0.17	United States	N/A
21	N/A	Executable	4b512a62d4d42dfb 09d32698af29690f 5a038114	174abc8c0de26cea 3f89319c97863ebf	Unclassified Malware	No	3, 3, 8, 1	N/A	China	N/A
22	N/A	Executable	ffff467279037867 7ec30d3634fc593c 10dfd37e	e3427d9f439aebef a3d9c299e2a94af3	ApplicUnwnt. Unclassified Malware	No	N/A	N/A	Kazakhstan	N/A
23	N/A	Executable	8a69e986b2785b3c a765749e98dae3bb ace8445c	cd88aaca4619a1a5 b23b3119433e1296	TrojWare.Win 32.KeyLogger .Diztakun.A	No	15.00	15.00	United States	N/A
24	N/A	Executable	f0a79cc255d16d0f 864f466b5adad342 f1348f7f	6e0fd7645d8d706e f7fcb2cd3c68bfb6	Unclassified Malware	No	1.0.0.0	1.0.0.0	United States	N/A
25	N/A	Executable	ce1fbf382e89146e a5a22ae551b68198 c45f40e4	eedb9d86ae8abc65 fa7ac7c6323d4e8f	Unclassified Malware	No	N/A	N/A	31.206.233.150/32	N/A
26	N/A	Executable	bc22d039cc3b3dd7 71a679a83ba8f356 bc70d497	b397efc0ce2a8def 5903e0868ab97851	Application. Win32.Agent. ydqzv	No	6.3.9600.1 6384	6.3.9600.1 6384	Russian Federation	N/A
27	N/A	Executable	89c02bc9fe3a8dde e11c1dfa06e0fa59 7c593e86	d00f8f9618c33ab7 a8162b23e8b9570a	ApplicUnwnt	Yes	1.336	1.336	37.192.177.36/32	N/A
28	N/A	Executable	b451ae2b33e593cf 309d55bcd53ec41b e4bfc06d	d46dd162e596e84b 583c4936ba023d6d	Unclassified Malware	No	N/A	N/A	United States	N/A
29	http://www.3lsoft.com	Executable	88e7bfdbfdfb903d f6ddec16eadd948d f86f97b2	4d7dfedf25c7f224 0eae04fb1e44f6f9	Backdoor.Win 32.Zegost.HA	No	1.00	1.00	China	N/A
30	N/A	Executable	7632c57c2da61f14 d695c7b7868056f0 d18dbfc3	6bfa9e2a39abb542 4f3786fef275d6cf	ApplicUnsaf. Win32.BitCoi nMiner.~A	No	N/A	N/A	United States	N/A
31	N/A	Executable	a16137f8c9b6079f 245de7222b5d5672 2a6f9f5e	a4e5d1c96ae8d85e 9d505ec50979c353	TrojWare.Win 32.Pfoenic.A	No	N/A	N/A	United States	N/A
32	Microsoft Corporation	Executable	fdbb5787cf76ad0d 8e982aa817d3e3cd 1633c4cc	67c3cbc598078068 374ef64b6ecb9023	TrojWare.Win 32.Spy.Banke r.Gen	No	6.3.9600.1 6384 (winblue_r tm.130821- 1623)	6.3.9600.1 6384	United States	N/A
33	Microsoft Corporation	Executable	320309726e4740d7 59c7af3eaa08f3e6 2f7c7627	a9c708e046c5c0c1 5cfb00100fa75c10	Unclassified Malware	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	105.168.2.190/32	N/A

1 2 3...9

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 04 June 2008 at 6:11 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	Microsoft Corporation	Executable	bf15549a7ec01ac5 05ccac036aba5b9b ae688135	3794b461c45882e0 6856f282eef025af	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	Slovakia
2	N/A	Executable	c610179d1bf2e56c 58510f8e9aa452dc 5531eb9d	6e90ebf86ab0373f 7b76f1377f8ed2f3	No	N/A	N/A	United States
3	Microsoft Corporation	Executable	0dac68816ae7c09e fc24d11c27c3274d fd147dee	36f670d890407090 13f6a460176767ec	Yes	10.0.14393 .0 (rs1_relea se.160715- 1616)	10.0.14393 .0	United States
4	Microsoft Corporation	Executable	db9489d0f95f1adf f8061de8b42c4f80 ee0a3ea8	6a1212077c055902 9cdfb9c39580c835	Yes	10.0.10586 .0 (th2_relea se.151029- 1700)	10.0.10586 .0	United States
5	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	United States
6	N/A	Executable	6a23997a156bc8d2 a7fff6173eb81ace 92433c0d	06745f2d8e14aabc c2e9987df24c512c	No	N/A	N/A	United States
7	oxid.it	Executable	f59d7138396815d3 f32dced0ab0719ae bd473125	6d5f92ec615ea3da 90532fd514678e05	No	4.8	4.9	China
8	AutoIt Team	Executable	0bb74a9d3154d126 9e5e456aa41e94b6 0f753f78	e01ced5c12390ff5 256694eda890b33a	No	3, 3, 10, 2	3, 3, 10, 2	United States
9	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Venezuela
10	Microsoft Corporation	Executable	952b68cbf2654a62 08ef277d4300656a 18592889	a46dc432f81473f5 26e3994aa483e366	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	United States
11	Iain Patterson	Executable	ba457bfcdc1b6660 9f142c3578be647c 51d1356d	1e706b1e8d3bd376 4e3ee4bf5fe509d8	No	2.24-41-g1 b415c7	2.24-41-g1 b415c7	United States
12	N/A	Executable	8ac1aafa8266ecb8 327a79de0c67fda3 c1824bdc	0fec796cb2219e0f c5f961bd0fb9126d	No	N/A	N/A	United States
13	Microsoft Corporation	Executable	49083ae3725a0488 e0a8fbbe1335c745 f70c4667	27c6d03bcdb8cfeb 96b716f3d8be3e18	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	United States
14	Microsoft Corporation	Executable	8fe931b1eb696cf3 db0ca62f42df713e 933e51b1	d0abc231c0b3e88c 6b612b28abbf734d	Yes	6.3.9600.1 7415 (winblue_r 4.141028-1 500)	6.3.9600.1 7415	United States
15	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	United States

1 2 3 4

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Get Solutions

Comodo Internet Security Pro

Free Antivirus protection from hackers! Get the ultimate Antivirus solution to keep your PC clean and to remove viruses from a slow or infected PC. Improve the PC performance at home or use it on-the-go!

Slow or Infected PC?

Your search for a way to clean your PC of viruses once and for all has Ended. Our Security experts will fix your PC problems. Let's get started right now!

Malware Search Engine

How to Remove “svchost.exe”

What is Svchost.exe?

How to find System is affected by Svchost.exe malware