How to Remove the svchost.exe virus from PC

What is Svchost.exe?

The svchost.exe is an executable file of Microsoft Windows and is tagged as a Generic Host Process for Win32 Services. This is an important Windows file and it is used to load the required DLL files that are used with Microsoft Windows and Windows programs that run on your computer. Some Malware often uses a process by the name “svchost.exe” to mimic the windows process.

The orginal file is located only in c:\windows\system32 or c:\winnt\system32 depending on versions of Windows OS. If the file that is located in any other location, then we can conclude that the system is infected with malware.

svchost.exe provides a service which is used by Windows Defender. There are multiple instances provided by svchost.exe which are used for many operations. One instance may provide single operation and other instance provide several service to windows.To know the service which are currently running. Go to Task Manager and click Processes tab. Click Show all process and Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Affected OS/Platform: Windows

How to find System is affected by Svchost.exe malware

Step 1: Open the Task Manager with a CTRL+ALT+DEL key combination

Step 2: Right click on the svchost.exe and Select Open File Location The Open File Location will be showing you the path where the file is actually located c:\windows\system32 or c:\winnt\system32.

If it gets open in some other folder or file location, then it is sure that the system is infected with svchost.exe malware.

How to remove the svchost.exe file from system using Comodo Antivirus

Step 1: Download the Award-Winning Comodo Free Antivirus

Step 2: Installation configuration frames will be displayed. Select the configuration you would like to apply

Step 3: Select Customize Configuration option and arrange installers, configuration, and file location.

Step 4: Once the Installation is Finished, restart your PC.

Step 5: Comodo Internet Security starts antivirus bases update. It takes sometime to get updated.

Step 6: After the update, a Quick scan is executed.

Step 7: If threats are found upon completion of scanning, you will be prompted with an alert screen.

Step 8: It will clean all malware including svchost.exe.

Malware Entries

First Seen: 05 February 2009 at 4:03 pm

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	http://www.3lsoft.com	Executable	d8bacaddc131b70e d3635217911b2d44 338c511c	2b381e96f59c9b17 403dc12943ea83de	Backdoor.Win 32.Zegost.HA	No	1.00	1.00	China	N/A
2	N/A	Executable	16bb05586b55fb6e b42d7e98ea409e7e a7d451db	720a762d95586b96 ebe23c3dc1e19dc7	TrojWare.MSI L.Spy.Agent. CP	No	N/A	N/A	Korea, Republic of	N/A
3	N/A	Executable	549ebccd141f0dd4 bf104712014be481 57f8c3fa	4f9533621ee88646 e2e76d230f5a9733	TrojWare.Win 32.TrojanDro pper.Sysn.CH	No	N/A	N/A	China	N/A
4	N/A	Executable	4880a79b9b58dbdc ca350f064911ac99 cd53aa55	a2117dec531b682b 4bf8c0694804cbb9	Unclassified Malware	No	1, 0, 0, 1	1, 0, 0, 1	China	N/A
5	N/A	Executable	d503253b304cbe43 d4b3c25dd6574ce6 dce8bada	5c282cc69b8932ab 64e6dd2f29f64309	TrojWare.Win 32.Kryptik.I QC	No	N/A	N/A	10.108.55.52/32	N/A
6	N/A	Executable	12484ab9276a6717 f864b594df71bb6e be324575	8c5a0e2d315d1e1c 35874e32dae6e607	Unclassified Malware	No	N/A	N/A	China	N/A
7	N/A	Executable	31e62e7c7d3c8d2c d742d73867eabd8e 5c6447aa	550f0577972fb3d1 fe8d625c94ec1406	Unclassified Malware	No	7.0.1.0	7.0.1.0	United States	N/A
8	Microsoft Corporation	Executable	5a708f8c09b4c4be 576cef56df8f6bf0 d6f3d038	fd4dc3a44e008005 bb882cc76f34d25c	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Vietnam	N/A
9	N/A	Executable	37dcf0d7ca7fbe8a 3ef2c710994f7b6a ef5b1772	a30713271c6b283c 39aeeba45c37adcf	TrojWare.Win 32.AdWare.Ru Koma.gedai	Yes	1.286	1.286	Kazakhstan	N/A
10	N/A	Executable	f0a79cc255d16d0f 864f466b5adad342 f1348f7f	6e0fd7645d8d706e f7fcb2cd3c68bfb6	Unclassified Malware	No	1.0.0.0	1.0.0.0	United States	N/A
11	Microsoft	Executable	48913dfe1e2c4037 ab3f7190f82c2f3d 9b57611b	70919429895ae4f8 24c88054417c69e6	Virus.Win32. Sality.gen	No	1.00	1.00	Mexico	N/A
12	Microsoft	Executable	ab29526ac9430630 3d365971f451cce2 1f79329c	8632e7433fd46a49 1d4fb8cad11ab8c5	Unclassified Malware	No	1.0.0.0	1.0.0.0	5.129.88.151/32	N/A
13	N/A	Executable	1854e3ab76433a26 82f78ba457b51321 ee600578	cf08a1bafe8f7c60 4638592c3c9d18d2	TrojWare.Win 32.Agent.OWW	No	N/A	N/A	Kazakhstan	N/A
14	N/A	Executable	a645b3f5956aba16 8437ed7368c6584d b130b6bb	e685219f5704bd85 4d5ed6668b0e9146	ApplicUnwnt	No	N/A	N/A	United States	N/A
15	N/A	Executable	dce884e037ad1f95 7a6c5f8acfaf16d8 16bf80af	d119e25c9077b470 394921e55f72e35f	TrojWare.MSI L.Spy.Agent. CP	No	N/A	N/A	China	N/A
16	N/A	Executable	7632c57c2da61f14 d695c7b7868056f0 d18dbfc3	6bfa9e2a39abb542 4f3786fef275d6cf	ApplicUnsaf. Win32.BitCoi nMiner.~A	No	N/A	N/A	United States	N/A
17	N/A	Executable	7a1cec5d1612c3b1 303b4d444175eb52 7d668ba4	2dd57e4023aed029 3f57570598a89cc0	Backdoor.MSI L.Bladabindi .A	No	N/A	N/A	China	N/A
18	Microsoft	Executable	ab29526ac9430630 3d365971f451cce2 1f79329c	8632e7433fd46a49 1d4fb8cad11ab8c5	Unclassified Malware	No	1.0.0.0	1.0.0.0	Ukraine	N/A
19	N/A	Executable	b451ae2b33e593cf 309d55bcd53ec41b e4bfc06d	d46dd162e596e84b 583c4936ba023d6d	Unclassified Malware	No	N/A	N/A	United States	N/A
20	N/A	Executable	37dcf0d7ca7fbe8a 3ef2c710994f7b6a ef5b1772	a30713271c6b283c 39aeeba45c37adcf	TrojWare.Win 32.AdWare.Ru Koma.gedai	Yes	1.286	1.286	Ukraine	N/A
21	Microsoft Corporation	Executable	a0526f57ed119249 45111736a6587e94 60b9189b	7a7700848cc49d96 a771035637fa9f11	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	Algeria	N/A
22	N/A	Executable	37dcf0d7ca7fbe8a 3ef2c710994f7b6a ef5b1772	a30713271c6b283c 39aeeba45c37adcf	TrojWare.Win 32.AdWare.Ru Koma.gedai	Yes	1.286	1.286	Russian Federation	N/A
23	N/A	Executable	37dcf0d7ca7fbe8a 3ef2c710994f7b6a ef5b1772	a30713271c6b283c 39aeeba45c37adcf	TrojWare.Win 32.AdWare.Ru Koma.gedai	Yes	1.286	1.286	91.250.60.235/32	N/A
24	N/A	Executable	00c6f9801c6bdea3 56d42c6306518b24 21b9458d	342c695b36bf4b39 f6642810bab7ac64	Unclassified Malware	No	N/A	N/A	Korea, Republic of	N/A
25	Microsoft Corporation	Executable	cb0a1b37aadacd6f 4856a6308b9c9630 d0cdb77b	5e9c99f51f29421d b33590a4f891768e	Application. Win32.Monito r.Spy.~OM	No	3.08.7400	3.08.7400	Italy	N/A

1 2 3...7

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 03 June 2008 at 5:30 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	Microsoft Corporation	Executable	086fc8c82ba9e1f3 f764e15ffbe402a6 529ef323	c09ccfe81dec9b16 2533d7184d705682	No	5.2.3790.3 959 (srv03_sp2 _rtm.07021 6-1710)	5.2.3790.3 959	United States
2	N/A	Executable	c610179d1bf2e56c 58510f8e9aa452dc 5531eb9d	6e90ebf86ab0373f 7b76f1377f8ed2f3	No	N/A	N/A	United States
3	Microsoft Corporation	Executable	619652b42afe5fb0 e3719d7aeda7a549 4ab193e8	c78655bc80301d76 ed4fef1c1ea40a7d	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	United States
4	Microsoft Corporation	Executable	82379592eca11173 86e97f7a0500b3f3 4204d92e	e948a9079d0e6350 be92d4d3e0077f81	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	United States
5	Microsoft Corporation	Executable	b73dfc550dc27562 683284fb51661200 f31419f9	425e22d9f5c01616 afc92987791b19e9	Yes	6.3.9600.1 6384 (winblue_r tm.130821- 1623)	6.3.9600.1 6384	Azerbaijan
6	Microsoft Corporation	Executable	952b68cbf2654a62 08ef277d4300656a 18592889	a46dc432f81473f5 26e3994aa483e366	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	Poland
7	Microsoft Corporation	Executable	db9489d0f95f1adf f8061de8b42c4f80 ee0a3ea8	6a1212077c055902 9cdfb9c39580c835	Yes	10.0.10586 .0 (th2_relea se.151029- 1700)	10.0.10586 .0	United States
8	Microsoft Corporation	Executable	bf15549a7ec01ac5 05ccac036aba5b9b ae688135	3794b461c45882e0 6856f282eef025af	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	India
9	Microsoft Corporation	Executable	952b68cbf2654a62 08ef277d4300656a 18592889	a46dc432f81473f5 26e3994aa483e366	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	Turkey
10	Microsoft Corporation	Executable	27dacbb2d894d42f 2bb5e4385e7c4ef1 03993ec3	ede27eace742ee28 88c5dd36400a2ec0	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	Poland
11	Microsoft Corporation	Executable	8306f3e86107fe1b a1fc8ff6133b3575 70206d06	cda9f1373805af88 f6fa4f2064bba24d	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	Poland
12	Microsoft Corporation	Executable	bcae71ba4068be87 f9d5739afec8f708 1d00a97e	a412dedac6a1ff7b a06feb3b6725495e	Yes	10.0.10240 .16384 (th1.15070 9-1700)	10.0.10240 .16384	Canada
13	Microsoft Corporation	Executable	bf15549a7ec01ac5 05ccac036aba5b9b ae688135	3794b461c45882e0 6856f282eef025af	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	Poland
14	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	United States
15	Microsoft Corporation	Executable	619652b42afe5fb0 e3719d7aeda7a549 4ab193e8	c78655bc80301d76 ed4fef1c1ea40a7d	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Russian Federation
16	Microsoft Corporation	Executable	db9489d0f95f1adf f8061de8b42c4f80 ee0a3ea8	6a1212077c055902 9cdfb9c39580c835	Yes	10.0.10586 .0 (th2_relea se.151029- 1700)	10.0.10586 .0	Australia
17	Microsoft Corporation	Executable	b73dfc550dc27562 683284fb51661200 f31419f9	425e22d9f5c01616 afc92987791b19e9	Yes	6.3.9600.1 6384 (winblue_r tm.130821- 1623)	6.3.9600.1 6384	Romania
18	Microsoft Corporation	Executable	619652b42afe5fb0 e3719d7aeda7a549 4ab193e8	c78655bc80301d76 ed4fef1c1ea40a7d	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Poland
19	Microsoft Corporation	Executable	7897c01736bf9153 421da9621a325662 fcf9b7a5	ecdb182f88529214 5826c58252b53000	No	6.1.7601.1 7568 (win7sp1_g dr.110228- 1616)	6.1.7601.1 7568	United States
20	Microsoft Corporation	Executable	952b68cbf2654a62 08ef277d4300656a 18592889	a46dc432f81473f5 26e3994aa483e366	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	United States
21	Microsoft Corporation	Executable	82379592eca11173 86e97f7a0500b3f3 4204d92e	e948a9079d0e6350 be92d4d3e0077f81	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	Poland
22	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Italy
23	Microsoft Corporation	Executable	8fe931b1eb696cf3 db0ca62f42df713e 933e51b1	d0abc231c0b3e88c 6b612b28abbf734d	Yes	6.3.9600.1 7415 (winblue_r 4.141028-1 500)	6.3.9600.1 7415	Canada
24	N/A	Executable	8ac1aafa8266ecb8 327a79de0c67fda3 c1824bdc	0fec796cb2219e0f c5f961bd0fb9126d	No	N/A	N/A	United States
25	Microsoft Corporation	Executable	bf15549a7ec01ac5 05ccac036aba5b9b ae688135	3794b461c45882e0 6856f282eef025af	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	United States
26	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Poland
27	Microsoft Corporation	Executable	8fe931b1eb696cf3 db0ca62f42df713e 933e51b1	d0abc231c0b3e88c 6b612b28abbf734d	Yes	6.3.9600.1 7415 (winblue_r 4.141028-1 500)	6.3.9600.1 7415	United States
28	Microsoft Corporation	Executable	4af001b3c3816b86 0660cf2de2c0fd3c 1dfb4878	54a47f6b5e09a77e 61649109c6a08866	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	130.180.217.148/32
29	Microsoft Corporation	Executable	27dacbb2d894d42f 2bb5e4385e7c4ef1 03993ec3	ede27eace742ee28 88c5dd36400a2ec0	No	6.2.9200.1 6420 (win8_gdr. 120919-181 3)	6.2.9200.1 6420	United States
30	Microsoft Corporation	Executable	8306f3e86107fe1b a1fc8ff6133b3575 70206d06	cda9f1373805af88 f6fa4f2064bba24d	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	United States
31	N/A	Executable	8ac1aafa8266ecb8 327a79de0c67fda3 c1824bdc	0fec796cb2219e0f c5f961bd0fb9126d	No	N/A	N/A	United States
32	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	United States

1 2 3...8

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Comodo Internet Security Pro

Free Antivirus protection from hackers! Get the ultimate Antivirus solution to keep your PC clean and to remove viruses from a slow or infected PC. Improve the PC performance at home or use it on-the-go!

Slow or Infected PC?

Your search for a way to clean your PC of viruses once and for all has Ended. Our Security experts will fix your PC problems. Let's get started right now!

Malware Search Engine

How to Remove “svchost.exe”

What is Svchost.exe?

How to find System is affected by Svchost.exe malware