How to Remove svchost.exe Virus | svchost.exe Malware Removal

What is Svchost.exe?

The svchost.exe is an executable file of Microsoft Windows and is tagged as a Generic Host Process for Win32 Services. This is an important Windows file and it is used to load the required DLL files that are used with Microsoft Windows and Windows programs that run on your computer. Some Malware often uses a process by the name “svchost.exe” to mimic the windows process.

The orginal file is located only in c:\windows\system32 or c:\winnt\system32 depending on versions of Windows OS. If the file that is located in any other location, then we can conclude that the system is infected with malware.

svchost.exe provides a service which is used by Windows Defender. There are multiple instances provided by svchost.exe which are used for many operations. One instance may provide single operation and other instance provide several service to windows.To know the service which are currently running. Go to Task Manager and click Processes tab. Click Show all process and Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.

Affected OS/Platform: Windows

How to find System is affected by Svchost.exe malware

Step 1: Open the Task Manager with a CTRL+ALT+DEL key combination

Step 2: Right click on the svchost.exe and Select Open File Location The Open File Location will be showing you the path where the file is actually located c:\windows\system32 or c:\winnt\system32.

If it gets open in some other folder or file location, then it is sure that the system is infected with svchost.exe malware.

How to remove the svchost.exe virus from the system using Comodo Antivirus?

Download our award-winning Comodo Antivirus software

Installation configuration frames will be displayed. Select the configuration you would like to apply

Select Customize Configuration option and arrange installers, configuration, and file location.

Once the Installation is Finished, restart your PC.

Comodo Internet Security starts to update the software for virus protection. It takes sometime to get updated.

After the update, a Quick scan is executed.

If threats are found upon completion of scanning, you will be prompted with an alert screen.

The Antivirus Software will clean all malware including svchost.exe virus.

Windows OS PC Security Softwares:

Related Resources:

Website Malware Directory Resources:

Malware Entries

First Seen: 07 October 2011 at 7:23 pm

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	Acoustica Inc.	Executable	1c80c1a7be5dd3b7 1e8205166d57f17a 7fc118af	4c9a59bcdb40e39f 0c72820f381b9ab2	TrojWare.Win 32.Injector. ADKK	No	2, 0, 18, 0	2, 0, 18, 0	United Kingdom	N/A
2	N/A	Executable	104103acce42e624 41d5d07b184109f0 0bc0d680	6b622b140b8bc461 e2bab60a2ae22a9c	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	United States	N/A
3	Microsoft	Executable	22b54234b5e639ae 5cd427b61ddfccbd dd590759	7f395a68dab91de0 90f49ada09a3ad4b	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Brazil	N/A
4	Microsoft	Executable	366ce82af2fda45d 5c2505f430593f15 548598c4	1a65bcdad4d122c5 bea5e5ccdd2d2d21	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
5	N/A	Executable	31478e6e996cb2f7 f9b0d4c2ce9ac088 28b0a2cb	e6d6685365d60593 5189f6512e03b19d	Application. Win32.Adware .RuKoma.A	Yes	N/A	N/A	185.150.154.131/32	N/A
6	Microsoft	Executable	46a34eef3f67e736 f2807a1efdeb8778 d9392ce1	7e12b38a0e81bef9 0c380f6e86899cbb	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
7	N/A	Executable	8c67c381d4f95b63 1e8b1dff5dcef449 ed8b88bc	86443c9992c3b866 42b2506c54519a67	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	United States	N/A
8	Tencent	Executable	f904baffceb56a4d cbae23788066e290 963a380d	fa508241066ee437 5d8bcbe6b843baa5	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
9	NULL	Executable	049c34d55d31e987 a204f536174b21a8 d5911601	f7f724517b39e2af 1fc8263d60afa177	Unclassified Malware	No	1.0.0.0	1.0.0.0	Internal Submission	N/A
10	Tencent	Executable	78bb1482113a230e dbf74c2fa68ebb3a 7d1bdb29	e6f22990f0bd3f45 e123bba6baf75b8f	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
11	Microsoft	Executable	c02417d4073672c6 f4385e18a08a4c29 e7a34cf5	c8757801666fda70 69d52f80ee38b2d0	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Indonesia	N/A
12	Microsoft	Executable	26a6dc7afeef1ea1 c140b3062f01385b 1c7d1628	2443228d9bcb1f8e 539e8cfaeb379212	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.7.193.76/32	N/A
13	Microsoft	Executable	e1c738dc2e749969 9a520c956f578d77 1c847d69	15128aec203f2612 243ee9ecdcdc7a8b	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.32.67/32	N/A
14	Microsoft	Executable	409506e60b718d0e c73a1d6ec3d9c654 7d98ddff	5afe0d8dba825113 f82d8397ab28d809	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	154.124.53.122/32	N/A
15	Macromedia, Inc.	Executable	d4e5eb07b999ca47 cc3c1c8d465bb087 8a48b851	0fe56475f9e3e27b 330096616e2ee9c1	Virus.Win32. Ramnit.K	No	7,0,14,0	7,0,14,0	Philippines	N/A
16	N/A	Executable	a5fff2a5f8f5f188 b42ad708954dab11 7246511c	5533abf652f1022f 9ac8c8e818a89351	Heur.Suspici ous	No	N/A	N/A	United States	N/A
17	Tencent	Executable	8ec5556385246bf7 2249a2e06e7a2cb0 f4003f5c	70f101c523266235 5a91660a28651af4	TrojWare.Win 32.Zegost.IN A	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
18	N/A	Executable	253894860de0301d 4e956ce1b7029143 cf16a267	5d3da46a1a40ba1b aff24c14af2a26e3	Win32.Jeefo. A	No	N/A	N/A	Poland	N/A
19	Cronosoft	Executable	c5a66c82ab502bdf 6322b18a2487435b 5338ee1d	7cc569dcc12f69f9 1dfc2af73c33966b	Virus.Win32. Virut.Ce	No	10.10	10.10	Trinidad and Tobago	N/A
20	N/A	Executable	8368b16af7b07f25 e947fd1d89759072 7ed83123	efff1ee07daf2b40 dc0792fbea7d142e	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
21	N/A	Executable	e59e59376dbf52c0 38b1cdd859ab2bc2 a023ec82	ce6d1758e0669b01 73b1563209b94a3e	Win32.Jeefo. A	No	N/A	N/A	Turkey	N/A
22	Microsoft Corporation	Executable	21e9e0bb48e67062 599f4a28d300994f 3150ec0c	17750b217ee388cc 128b7b990da4368f	TrojWare.Win 32.Spy.Banke r.Gen	No	N/A	1.0.0.0	Internal Submission	N/A
23	N/A	Executable	8d19bcb33d1eb98c 4dc64d899932a2ad dc90497c	228eb050c0d28e16 c068c23018f64cee	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	181.61.132.10/32	N/A
24	N/A	Executable	7f42a80e70ee8e25 282e6616eecd269c 91d88585	40e41bdcae3b728b 013bc85433c4546a	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Philippines	N/A
25	N/A	Executable	46e5a338a2cc32a0 7974069724153b87 92e4843a	f8b06b3bf119164c 1ad84d18d472c073	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
26	N/A	Executable	f8a8594823a81fa7 f51fbb3862583e72 7d44cb61	44db4f5710ff499b 2f4991bb354eb0c0	Unclassified Malware	No	0.0.0.0	0.0.0.0	10.224.25.40/32	N/A
27	N/A	Executable	99813a88b96d9a42 2a06c3a3d7a8dc08 d8be6e84	e7749ea44364dff0 c0e79a59d07ab704	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
28	NULL	Executable	0df0281e26c13dc9 f1e6caed997baefa 73f58a6f	16129e19a5ae41f7 ccc8f8cb188784a0	Unclassified Malware	No	2.03.0001	2.03.0001	10.224.1.116/32	N/A
29	N/A	Executable	1c0f0079c329a054 51cc69cb9dac6eee 82974050	0b6bbdb71222a8f0 8b2b82578b8bdcd2	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
30	N/A	Executable	712bef4a40aaed4d 711816e264685ac2 1835b0f4	91949f97397a6f9c cff055a083936d4c	Unclassified Malware	Yes	N/A	N/A	Taiwan	N/A
31	N/A	Executable	e2cbc7dcebebf649 be05a30e1bc16dd5 300e2dfb	7827f033f0b2073c 79e02e2b665061f9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Mexico	N/A
32	N/A	Executable	7377adb5f1f214b6 3dceeb08ca4410e3 fad436b9	61e17cce7ccb68bb ce24b7262cfcf5ba	Unclassified Malware	No	1.4.0	1.4.0	Mexico	N/A
33	Microsoft Corporati逧n	Executable	308aa5261be1874a 322f55d726515d75 767c8aec	5a4747fc864d58d6 3e06e24b00ef690d	TrojWare.Win 32.Kryptik.K AZ	No	5.2.3790.4 566 (srv03_sp2 _qfe.09080 5-1438)	5.2.3790.4 566	Internal Submission	N/A
34	Microsoft	Executable	c5f09b4e9a6973d3 421f2efc637caac9 e30bc203	fb7f66de63e0eba0 8eb30ebc5e8d79f8	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.32.67/32	N/A
35	Microsoft	Executable	7a41186881291e85 b14b8c725d747ef9 956834b6	1b308cd495c0e6a8 2dab4c0eeacbee6a	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Mexico	N/A
36	Redondo	Executable	1ea5a0bb45789de5 1fd39fe1257767ce 1b022ede	c4b6d916790a34ee f6c71cfea4526d8f	TrojWare.Win 32.TrojanDro pper.Agent.V CC	No	3.45.0005	3.45.0005	Internal Submission	N/A
37	Microsoft	Executable	5cde6781bfdbdaab cf2bc9730d1b7b0b 21d0706d	007384bc012ed236 0fa973218ff8aafe	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
38	N/A	Executable	fc25802f140a6ca9 6e38ca8b4f3a5707 0be0565e	bbcbc4d35a7b82c2 b6a4c9a4ed580c1a	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Indonesia	N/A
39	Microsoft	Executable	23116241354ef916 709452bc0b93632d 4faa2b18	afa32074c81b4374 8ee33d2784bfc2d8	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	31.4.241.10/32	N/A
40	N/A	Executable	12b5d578537b9a31 cc4f8cccd1f0d968 52002eb8	ff4cc9133ab29781 0d705ec1266e38e4	Win32.Mkar.E	No	N/A	N/A	Ukraine	N/A
41	N/A	Executable	492bae04efd7049a 1dce8fdc5c616451 40ed202e	209ed86b9d6182ec 8ea95a331a02c4b3	Backdoor.Win 32.Amtar.vna	No	N/A	N/A	Brazil	N/A
42	Microsoft	Executable	95a2e40e36307194 7922c5963ae375a4 84f81269	7721ea3dae61a394 69d6a6f2e506685a	TrojWare.Win 32.Kryptik.G T	No	1.00	1.00	Vietnam	N/A
43	Microsoft	Executable	0ddeda3c5eb13f00 7ce1467ed5140ccf 8c27b07d	cce7a33304c2902a eabb81f30ea317bc	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
44	Microsoft	Executable	671e482cbfe28080 1eda76b2bbe7bfe1 1ed3e008	26da5b57c80b3f7b 32b7b03a40acef72	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.32.67/32	N/A
45	Tencent	Executable	42b319cf1ac38fc9 4159cd9636732e48 38314e2d	368fdb173eff682d 56a34c894014fc78	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
46	N/A	Executable	e8ac6d9c010a277a 231f0b961c605f38 3035f817	e1591c3a6e54ce51 5ed05bbf06240816	Unclassified Malware	No	N/A	N/A	197.241.145.75/32	N/A
47	Windows (R) Win 7 DDK provider	Executable	6439827587255651 66eaa02af1c52e1a 3c7424ef	f105258798f10531 e2df2a81f67a9d76	TrojWare.Win 32.Trojan.Ag ent.Gen	No	9.3.7800.2 1715	9.3.7800.2 1715	Brazil	N/A
48	NULL	Executable	42c26766d16cb9c2 1c3a95bac84b88bc 1469d7c5	a8caf03b50c424e9 639580cdcc28507b	Heur.Suspici ous	No	1, 0, 0, 1	1, 0, 0, 1	Internal Submission	N/A
49	Microsoft	Executable	78c126bf72538d80 8fc930930016a2fe 63e54186	dc354b59717d81c6 51acf21d5b556dfe	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Brazil	N/A
50	N/A	Executable	484e004faf68965c 2e46ab92924a8593 f70a1496	3635790791dca6ad bdf464dcac14c480	TrojWare.Win 32.ButeRat.P P	No	N/A	N/A	Internal Submission	N/A
51	N/A	Executable	dc3b50c7ecc27841 82835e5d263f3adb 57e9407b	0e4e75046fa768f0 668bddc8ca32533d	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Europe	N/A
52	Microsoft Corporation	Executable	abab4a6c17e4ea4a d6d296eb470c57eb 0c9ca7f6	8f973a788a683a77 14d2a036f104e425	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	India	N/A
53	NULL	Executable	253d0eaf957524a1 01ac4a07ed7bec5c 0896197d	c242eeff0c2f1e0b f6531079b74b10bb	Unclassified Malware	No	0.0.0.0	0.0.0.0	Internal Submission	N/A
54	N/A	Executable	f38219b92d58aaed f8eebd0a003e8e13 098264b1	7c648446f1beb94d dde5cfc1445b5b51	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Philippines	N/A
55	Microsoft	Executable	e0064271bcc6e34a 2f74585e241ab149 ea183570	84e4bb1b49b6e248 8226255fcc1f4b6b	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Brazil	N/A
56	NULL	Executable	951e1a7912e3019d 8e96ecf9098ff879 0dc98385	c2be33709a42b54a f6dd938eec6f337f	Heur.Suspici ous	No	1, 0, 48, 05	1, 0, 48, 05	Internal Submission	N/A
57	N/A	Executable	a0a3b7d3a7aa48eb b7f638cb65810433 d6f51e72	c95be3b51632de94 22be5855f4876bd9	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Venezuela	N/A
58	N/A	Executable	8d11b1549c07806b 37b3f04e552ecc7e add8ccca	2f5be384594d9a0d a41c34a2347a0b1a	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	37.212.76.4/32	N/A
59	N/A	Executable	a2fb28cbe6b7940c 9178c8dc4f0c8f8a 4b906c1b	3d8478922f2a95c5 a5bf60a9a0f6795a	Unclassified Malware	No	N/A	N/A	United States	N/A
60	Microsoft Corporation	Executable	f7dbbba53433a9f0 06f662e4de4790c6 ab6afe84	34f1a9d19b947eab 2af2cbfb8f5783a9	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2111)	5.1.2600.5 512	102.186.18.229/32	N/A
61	N/A	Executable	51c18d9907c92d69 8374f627b299357a 011d3830	03a6601eca93f13a 6641ac9603581830	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	91.245.207.189/32	N/A
62	Microsoft	Executable	62c29785aaeb5683 f6af31ec4ec0a835 03af4c16	c1f446562bf095b6 3955eb2da31b5a89	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.34.38/32	N/A
63	N/A	Executable	7487f46e12e5b146 dc6de92b5c2a8385 1283b17a	29b53a5eedd8042d dba7b9bc9d1c5ea4	TrojWare.Win 32.VB.QOTY	No	1.00	1.00	Egypt	N/A
64	µßµµ	Executable	4e755fda05a7e5d2 f246f746d21ddb1e 1ab890a8	05a31eaadbb3b3ae 810d7415cffda041	Unclassified Malware	No	6.1.5.2	7.6.2.3	United Kingdom	N/A
65	Auto Debug System	Executable	9e6ee262006c3cab 0857bfa1ff020212 b5ebebe4	7facf547115b145b c20adf9f2e939147	TrojWare.Win 32.Buzus.rfg w	No	1, 1, 1, 10	1, 1, 1, 10	Russian Federation	N/A
66	Microsoft	Executable	e3bc14a415336465 0981e6adee22a8b9 d681fd27	994566c1d557f8cd 2161b6ffd78725bd	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.32.67/32	N/A
67	N/A	Executable	5fda9be06756e6ed 0141ac8417fa3ff5 010c8fcd	7b992936a199e917 d565a38b4f4e530f	TrojWare.MSI L.Kryptik.ES	No	N/A	N/A	United Kingdom	N/A
68	Microsoft	Executable	e0053d809269b98f 3f8e35a11185e610 5bf4471e	0d04ced71062625c b754e67704ea44a3	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	179.127.32.67/32	N/A
69	NULL	Executable	6af5a9e1cff63240 7262750b8b08e482 6b8dd0ed	be8fd6e6a370aa78 f9f7dd419af1e68a	Heur.Suspici ous	No	1.00	1.00	Internal Submission	N/A
70	Microsoft	Executable	d0a7699bcabc246e 9c47526945871d21 038ca015	990621c28a9fc1b0 ea7613c1462568d0	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Mexico	N/A
71	Tencent	Executable	054841d53f269a96 94655af8cc463fa5 1c6f15f6	9aa8dbf276d35593 dfd1b36b22c95c17	TrojWare.Win 32.Magania.~ AAD	No	1, 57, 1961, 0	1, 57, 1961, 0	Internal Submission	N/A
72	Microsoft	Executable	2cf154671ce4f3f6 377ee27e3b079bc7 b48f02b3	6d6b0ac7b8056fcd df09a94018ca69c6	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	United Kingdom	N/A
73	N/A	Executable	c83a914988115bb4 a2f5a41f7ac929b4 15a4faaf	fafc44ccfb015a9f 53e5c93e2861e197	Unclassified Malware	No	N/A	N/A	Internal Submission	N/A
74	N/A	Executable	02c900a4492e55a3 0503ea7fe4fa2336 0fcc63db	70817e13029001ab 63a7c0027a4aaecd	TrojWare.Win 32.Packed.PN C	No	N/A	N/A	Internal Submission	N/A
75	N/A	Executable	120a2146a9f78a19 8e8dfc0f817d771f a94bdeb8	31e2ef53c6ec0a88 3b9121a1eda3931e	TrojWare.Win 32.Magania.~ AAD	No	N/A	N/A	Internal Submission	N/A
76	Microsoft	Executable	ceccb0c40b00dca0 da8674017c537350 7e5d47a6	df552e7f6f968eaf 0545d871557ba012	TrojWare.Win 32.VB.OSKB	No	1.00	1.00	Indonesia	N/A
77	N/A	Executable	69b790920dc5b9ab c5decc25d754d84d 7cce8d3d	b858e9b1f80c285d 0cf7689f54d21b24	Backdoor.Win 32.RmtSvc.as d	No	N/A	N/A	Internal Submission	N/A

1 2 3...20

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 06 May 2008 at 1:41 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	N/A	Executable	a802bd37b91accba 45391bfd50b337bb 15d44efb	7bef0e87abecbe18 e50835c0839906db	No	N/A	N/A	Internal Submission
2	Microsoft Corporation	Executable	da0ff4006859a758 0aba81f486f692de ad2014fe	8f078ae4ed187aaa bc0a305146de6716	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
3	Microsoft Corporation	Executable	8fbf73dbc557be21 bc4b229d67c1f94d 84a253ff	a22d7b3594c381ef b3395a072725fe95	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Internal Submission
4	N/A	Executable	95d4bcbf60a3a489 0858c7c39faaaa83 ee569c8b	9ea1560c138be592 e5a38f46689916e3	No	N/A	N/A	Internal Submission
5	N/A	Executable	7f6bbc2631938496 74021e1add533a96 5002bcf5	37a3c03034e0db21 bd11248f728c0a16	No	3, 3, 6, 1	N/A	Internal Submission
6	Microsoft Corporation	Executable	6d43a102a1646197 85ed33ad87cb59ec 3f047ce5	dda2d46da1f0bd25 d6eb0194cb3ab3e4	No	5.2.3790.3 959 (srv03_sp2 _rtm.07021 6-1710)	5.2.3790.3 959	Internal Submission

1 2

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “svchost.exe”

What is Svchost.exe?

How to find System is affected by Svchost.exe malware

How to remove the svchost.exe virus from the system using Comodo Antivirus?