How to Remove svchost.exe Virus | svchost.exe Malware Removal

What is Svchost.exe?

The svchost.exe is an executable file of Microsoft Windows and is tagged as a Generic Host Process for Win32 Services. This is an important Windows file and it is used to load the required DLL files that are used with Microsoft Windows and Windows programs that run on your computer. Some Malware often uses a process by the name “svchost.exe” to mimic the windows process.

The orginal file is located only in c:\windows\system32 or c:\winnt\system32 depending on versions of Windows OS. If the file that is located in any other location, then we can conclude that the system is infected with malware.

svchost.exe provides a service which is used by Windows Defender. There are multiple instances provided by svchost.exe which are used for many operations. One instance may provide single operation and other instance provide several service to windows.To know the service which are currently running. Go to Task Manager and click Processes tab. Click Show all process and Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Affected OS/Platform: Windows

How to find System is affected by Svchost.exe malware

Step 1: Open the Task Manager with a CTRL+ALT+DEL key combination

Step 2: Right click on the svchost.exe and Select Open File Location The Open File Location will be showing you the path where the file is actually located c:\windows\system32 or c:\winnt\system32.

If it gets open in some other folder or file location, then it is sure that the system is infected with svchost.exe malware.

How to remove the svchost.exe virus from the system using Comodo Antivirus?

Download our award-winning Comodo Antivirus software

Installation configuration frames will be displayed. Select the configuration you would like to apply

Select Customize Configuration option and arrange installers, configuration, and file location.

Once the Installation is Finished, restart your PC.

Comodo Internet Security starts to update the software for virus protection. It takes sometime to get updated.

After the update, a Quick scan is executed.

If threats are found upon completion of scanning, you will be prompted with an alert screen.

The Antivirus Software will clean all malware including svchost.exe virus.

Windows OS PC Security Softwares:

Related Resources:

Website Malware Directory Resources:

Malware Entries

First Seen: 07 October 2011 at 7:23 pm

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	Microsoft Corporation	Executable	f97167f6d08d5028 f5f4a1e587b8b827 623705ed	c5e28f5b8060d6bb 6c0b279e989b50e3	Win32.Jeefo. A	No	5.1.0.0	5.1.0.0	Russian Federation	N/A
2	Acoustica Inc.	Executable	1c80c1a7be5dd3b7 1e8205166d57f17a 7fc118af	4c9a59bcdb40e39f 0c72820f381b9ab2	TrojWare.Win 32.Injector. ADKK	No	2, 0, 18, 0	2, 0, 18, 0	United Kingdom	N/A
3	N/A	Executable	31478e6e996cb2f7 f9b0d4c2ce9ac088 28b0a2cb	e6d6685365d60593 5189f6512e03b19d	Application. Win32.Adware .RuKoma.A	Yes	N/A	N/A	185.150.154.131/32	N/A
4	N/A	Executable	2a1cb085ff8e4edc ff35964ba12f29ed 1e24dcef	7cf84120c8478498 f9e5348469c496e7	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Indonesia	N/A
5	Microsoft Corporation	Executable	3ad556bc460e4985 f6535b280b50ba0b e13eb70e	ff4189b8f030a4b2 adaa2bfda1bcdbfe	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	Russian Federation	N/A
6	Tencent	Executable	f904baffceb56a4d cbae23788066e290 963a380d	fa508241066ee437 5d8bcbe6b843baa5	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
7	NULL	Executable	049c34d55d31e987 a204f536174b21a8 d5911601	f7f724517b39e2af 1fc8263d60afa177	Unclassified Malware	No	1.0.0.0	1.0.0.0	Internal Submission	N/A
8	Tencent	Executable	78bb1482113a230e dbf74c2fa68ebb3a 7d1bdb29	e6f22990f0bd3f45 e123bba6baf75b8f	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
9	Microsoft	Executable	9622009af9c88475 8bb931b738efd555 8c9eb9f6	e05a2aa0cc8bd29c 3b8695f73ebf7208	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
10	Microsoft Corporation	Executable	3652abe28b50c762 5bb3b98ccadd419e 405b78bb	c599583f031784ae b087b5d8996a2be6	Virus.Win32. Virut.Ce	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	197.49.125.236/32	N/A
11	Microsoft	Executable	669351addc575223 3442ee0118344eda 64b83159	bae4409ec3d6f8c8 cf7e00a3ce95095e	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Venezuela	N/A
12	Microsoft	Executable	ab607bf2b5b4ce04 f3b016e9f351453f eaae7fe0	6d0d68c0668eef2a f0ce4d8e875162c5	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
13	Microsoft	Executable	5d365e8083295c5e 4a1bc49545b89217 99488d4e	80e4295afde83ac1 6b35d6d2d8097a74	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
14	Macromedia, Inc.	Executable	d4e5eb07b999ca47 cc3c1c8d465bb087 8a48b851	0fe56475f9e3e27b 330096616e2ee9c1	Virus.Win32. Ramnit.K	No	7,0,14,0	7,0,14,0	Philippines	N/A
15	Microsoft	Executable	dc2a81ebf6375acb 54b08e714c2355c3 22c7312e	8e79ce1bacf5a500 f92c6fc2f140d8a2	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
16	N/A	Executable	a5fff2a5f8f5f188 b42ad708954dab11 7246511c	5533abf652f1022f 9ac8c8e818a89351	Heur.Suspici ous	No	N/A	N/A	United States	N/A
17	Tencent	Executable	8ec5556385246bf7 2249a2e06e7a2cb0 f4003f5c	70f101c523266235 5a91660a28651af4	TrojWare.Win 32.Zegost.IN A	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
18	N/A	Executable	9ea0895228357066 1979a744eaa63014 7a70490a	5b119b76894bb201 626de1ddf527d202	Unclassified Malware	No	N/A	N/A	China	N/A
19	N/A	Executable	253894860de0301d 4e956ce1b7029143 cf16a267	5d3da46a1a40ba1b aff24c14af2a26e3	Win32.Jeefo. A	No	N/A	N/A	Poland	N/A
20	N/A	Executable	680e039a272b43b4 fcad2b61d0ffd5d7 48a8575e	d40807c5cd880122 29ccbc8b94579fed	Backdoor.MSI L.Noancooe.J DE	No	N/A	N/A	154.151.124.133/32	N/A
21	Cronosoft	Executable	c5a66c82ab502bdf 6322b18a2487435b 5338ee1d	7cc569dcc12f69f9 1dfc2af73c33966b	Virus.Win32. Virut.Ce	No	10.10	10.10	Trinidad and Tobago	N/A
22	N/A	Executable	8491a47a61e28adf 7cc726b0754ef391 caacb68f	f3193985b18e69bd 9895a81fd2d5bce1	TrojWare.Win 32.Bancteian .AC	No	1.0.0.0	1.0.0.0	105.112.56.26/32	N/A
23	Microsoft Corporation	Executable	21e9e0bb48e67062 599f4a28d300994f 3150ec0c	17750b217ee388cc 128b7b990da4368f	TrojWare.Win 32.Spy.Banke r.Gen	No	N/A	1.0.0.0	Internal Submission	N/A
24	Microsoft	Executable	a154b72e037126a8 0ab30b18d368b57b 85d834a1	520ccdae6a91a45a 46329c0a8289ea1d	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Chile	N/A
25	Microsoft	Executable	2aeb731d4170711f df6c7a4ec6573eb3 7980a894	2bb0d605c0cc7751 79a0295420fb0db1	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
26	Microsoft	Executable	1deca7786469599d 52824edfa4e1d7c1 dd2e23d8	915ff38e7025f0e2 441e012daa4414fa	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
27	N/A	Executable	05d4048b588e3876 3d2acc4ae40d0d5b 6e27ae86	b09c8984b03e6533 82c862eb807319d9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Indonesia	N/A
28	Microsoft	Executable	2ad123bbc08e5878 44701460fcf4d5ab 1529569c	8ff7b2c5f36bb359 9ad71e6b386bfef3	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Cambodia	N/A
29	N/A	Executable	364af44f2b39c37e 409c929d86c0749f fdecc72a	5a0964e81183d51f ec51cd4ed1815d81	Worm.Win32.D ropper.RA	No	1.0.0.0	1.0.0.0	China	N/A
30	NULL	Executable	0df0281e26c13dc9 f1e6caed997baefa 73f58a6f	16129e19a5ae41f7 ccc8f8cb188784a0	Unclassified Malware	No	2.03.0001	2.03.0001	10.224.1.116/32	N/A
31	N/A	Executable	1c0f0079c329a054 51cc69cb9dac6eee 82974050	0b6bbdb71222a8f0 8b2b82578b8bdcd2	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
32	N/A	Executable	153add7e5c890081 e757c18740e9776e 53150e86	c913f0d586676c91 34b17c238f989e71	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Vietnam	N/A
33	N/A	Executable	7cb214b2dc8b861e 6ee26ac120e494d4 3035813b	a48efe002e755fc2 3f7275abd4ce400b	Unclassified Malware	No	N/A	N/A	10.224.25.177/32	N/A
34	Microsoft Corporati逧n	Executable	308aa5261be1874a 322f55d726515d75 767c8aec	5a4747fc864d58d6 3e06e24b00ef690d	TrojWare.Win 32.Kryptik.K AZ	No	5.2.3790.4 566 (srv03_sp2 _qfe.09080 5-1438)	5.2.3790.4 566	Internal Submission	N/A
35	Redondo	Executable	1ea5a0bb45789de5 1fd39fe1257767ce 1b022ede	c4b6d916790a34ee f6c71cfea4526d8f	TrojWare.Win 32.TrojanDro pper.Agent.V CC	No	3.45.0005	3.45.0005	Internal Submission	N/A
36	N/A	Executable	7052441d13ca41b1 6217d827b8ca821e 104d7879	911b3e7c3888136a 219062225d39af87	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
37	N/A	Executable	928c78130e958af0 7e3d07c1b44ba356 57b34442	004b6441e6d7356f 216495d43703623e	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	5.127.7.10/32	N/A
38	N/A	Executable	492bae04efd7049a 1dce8fdc5c616451 40ed202e	209ed86b9d6182ec 8ea95a331a02c4b3	Backdoor.Win 32.Amtar.vna	No	N/A	N/A	Brazil	N/A
39	Microsoft	Executable	95a2e40e36307194 7922c5963ae375a4 84f81269	7721ea3dae61a394 69d6a6f2e506685a	TrojWare.Win 32.Kryptik.G T	No	1.00	1.00	Vietnam	N/A
40	Microsoft	Executable	9d8fcc0cd64d5cba 054f0b8d49de0578 226339cf	5977abffcec6bc02 7fe7e7faea387d18	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
41	Tencent	Executable	42b319cf1ac38fc9 4159cd9636732e48 38314e2d	368fdb173eff682d 56a34c894014fc78	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
42	N/A	Executable	4c991b53f690edb9 d3f37610428bc8d6 f57bbca0	6dd2d5c6cf6faea8 9461f14708fbf906	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	United States	N/A
43	Microsoft Corporation	Executable	d8fc080c05e83294 593d53eb56005637 b25e0b8f	93c55e856ba9e8a0 a0e78f5ec0f432de	Virus.Win32. Sality.gen	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Russian Federation	N/A
44	Microsoft	Executable	9df51a1e4b20daf8 4404ad8ad6987c7b e454e5cf	92254a13b908c8a2 797fff11eb51e540	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Vietnam	N/A
45	Windows (R) Win 7 DDK provider	Executable	6439827587255651 66eaa02af1c52e1a 3c7424ef	f105258798f10531 e2df2a81f67a9d76	TrojWare.Win 32.Trojan.Ag ent.Gen	No	9.3.7800.2 1715	9.3.7800.2 1715	Brazil	N/A
46	NULL	Executable	42c26766d16cb9c2 1c3a95bac84b88bc 1469d7c5	a8caf03b50c424e9 639580cdcc28507b	Heur.Suspici ous	No	1, 0, 0, 1	1, 0, 0, 1	Internal Submission	N/A
47	N/A	Executable	8391cab8f849f95b 52146d0724d9d841 fcdc1f44	003c847c595f5f8b 2c9049806ae6018e	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	United States	N/A
48	N/A	Executable	484e004faf68965c 2e46ab92924a8593 f70a1496	3635790791dca6ad bdf464dcac14c480	TrojWare.Win 32.ButeRat.P P	No	N/A	N/A	Internal Submission	N/A
49	Microsoft Corporation	Executable	e98f40b18a2984ee b5e42c22fe6bd7e7 f17d8714	9001915104053108 ed7ceae97303921b	Virus.Win32. Virut.Ce	No	5.7.0.1806 6	5.7.0.1806 6	197.49.212.180/32	N/A
50	NULL	Executable	253d0eaf957524a1 01ac4a07ed7bec5c 0896197d	c242eeff0c2f1e0b f6531079b74b10bb	Unclassified Malware	No	0.0.0.0	0.0.0.0	Internal Submission	N/A
51	N/A	Executable	c74770eb6797c546 e6a913d6bb0d3de4 2ebab1b3	24baf0a11ba33b1f c8c1f9575c38b408	Worm.Win32.D ropper.RA	No	1.0.0.0	1.0.0.0	China	N/A
52	NULL	Executable	951e1a7912e3019d 8e96ecf9098ff879 0dc98385	c2be33709a42b54a f6dd938eec6f337f	Heur.Suspici ous	No	1, 0, 48, 05	1, 0, 48, 05	Internal Submission	N/A
53	N/A	Executable	a0a3b7d3a7aa48eb b7f638cb65810433 d6f51e72	c95be3b51632de94 22be5855f4876bd9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
54	Microsoft	Executable	93dce710e768f106 caaee7f33ccd0a77 8ed54191	27bd0d5b8141f7d5 7332074cfafdd7f8	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Brazil	N/A
55	N/A	Executable	a2fb28cbe6b7940c 9178c8dc4f0c8f8a 4b906c1b	3d8478922f2a95c5 a5bf60a9a0f6795a	Unclassified Malware	No	N/A	N/A	United States	N/A
56	Microsoft	Executable	c7184e58ab453b58 5bfd3f8a7916de1e 8db7fedd	fe38406591e6ebee f02907ebc2e4f0eb	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
57	µßµµ	Executable	4e755fda05a7e5d2 f246f746d21ddb1e 1ab890a8	05a31eaadbb3b3ae 810d7415cffda041	Unclassified Malware	No	6.1.5.2	7.6.2.3	United Kingdom	N/A
58	Auto Debug System	Executable	9e6ee262006c3cab 0857bfa1ff020212 b5ebebe4	7facf547115b145b c20adf9f2e939147	TrojWare.Win 32.Buzus.rfg w	No	1, 1, 1, 10	1, 1, 1, 10	Russian Federation	N/A
59	N/A	Executable	5fda9be06756e6ed 0141ac8417fa3ff5 010c8fcd	7b992936a199e917 d565a38b4f4e530f	TrojWare.MSI L.Kryptik.ES	No	N/A	N/A	United Kingdom	N/A
60	N/A	Executable	05fb8d94d575b11d e034498839152f8e f1f4774b	5f4ad69baac91375 22e67abda0ff2d25	TrojWare.Win 32.PSW.Delf. ~JHN	No	N/A	N/A	105.67.0.219/32	N/A
61	Microsoft	Executable	a27d670b0ae6bfd4 6f1b482cec9894c6 5f232ba3	7869cdd77e6c08ee fdfa081361e1bbf2	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Spain	N/A
62	Macromedia, Inc.	Executable	d618e1def33fa4d9 625b2f67bdcc80b9 63d477a0	351c89f377a56002 39c4d715eb3e2f58	Virus.Win32. Ramnit.K	No	7,0,14,0	7,0,14,0	Turkey	N/A
63	N/A	Executable	d5acd5c887bf9174 6acec311f1c344a1 680059ed	61ae3d9f125c9056 d95da49d745c44ed	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	197.185.114.171/32	N/A
64	NULL	Executable	6af5a9e1cff63240 7262750b8b08e482 6b8dd0ed	be8fd6e6a370aa78 f9f7dd419af1e68a	Heur.Suspici ous	No	1.00	1.00	Internal Submission	N/A
65	Microsoft	Executable	c6526bcad0cdcf9f 756143d6e7968c86 f30320e9	e7f09b26c2e33255 f940004c1e7fead0	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
66	N/A	Executable	f0e3a64aaa93fac5 e47edc1ca03b7ca8 952b77e9	40cb8c34d3469b28 23aa0684aae730cd	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	168.211.92.13/32	N/A
67	Tencent	Executable	054841d53f269a96 94655af8cc463fa5 1c6f15f6	9aa8dbf276d35593 dfd1b36b22c95c17	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
68	Microsoft	Executable	ddfca8ca73fd9625 91ecfe9630da6bf1 d52223fe	6946f15394a613da aa54b74956a8e521	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Philippines	N/A
69	N/A	Executable	c83a914988115bb4 a2f5a41f7ac929b4 15a4faaf	fafc44ccfb015a9f 53e5c93e2861e197	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
70	N/A	Executable	02c900a4492e55a3 0503ea7fe4fa2336 0fcc63db	70817e13029001ab 63a7c0027a4aaecd	TrojWare.Win 32.Packed.PN C	No	N/A	N/A	Internal Submission	N/A
71	N/A	Executable	120a2146a9f78a19 8e8dfc0f817d771f a94bdeb8	31e2ef53c6ec0a88 3b9121a1eda3931e	TrojWare.Win 32.Magania.~ AAD	No	N/A	N/A	Internal Submission	N/A
72	N/A	Executable	c4f8a4ebfb078ba1 6665986daa07ace3 286afe50	c0b0e12768d07b23 5e58a274f0ad66d6	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	168.211.53.142/32	N/A
73	N/A	Executable	69b790920dc5b9ab c5decc25d754d84d 7cce8d3d	b858e9b1f80c285d 0cf7689f54d21b24	Backdoor.Win 32.RmtSvc.as d	No	N/A	N/A	Internal Submission	N/A

1 2 3...19

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 06 May 2008 at 1:41 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	N/A	Executable	a802bd37b91accba 45391bfd50b337bb 15d44efb	7bef0e87abecbe18 e50835c0839906db	No	N/A	N/A	Internal Submission
2	Microsoft Corporation	Executable	da0ff4006859a758 0aba81f486f692de ad2014fe	8f078ae4ed187aaa bc0a305146de6716	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
3	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
4	N/A	Executable	95d4bcbf60a3a489 0858c7c39faaaa83 ee569c8b	9ea1560c138be592 e5a38f46689916e3	No	N/A	N/A	Internal Submission
5	N/A	Executable	7f6bbc2631938496 74021e1add533a96 5002bcf5	37a3c03034e0db21 bd11248f728c0a16	No	3, 3, 6, 1	N/A	Internal Submission
6	Microsoft Corporation	Executable	6d43a102a1646197 85ed33ad87cb59ec 3f047ce5	dda2d46da1f0bd25 d6eb0194cb3ab3e4	No	5.2.3790.3 959 (srv03_sp2 _rtm.07021 6-1710)	5.2.3790.3 959	Internal Submission

1 2

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “svchost.exe”

What is Svchost.exe?

How to find System is affected by Svchost.exe malware

How to remove the svchost.exe virus from the system using Comodo Antivirus?