Svchost.exe Is a process known to consume a large percentage of the processor's resources, in other words, to put a heavy load on the processor at times. You have probably been in such a situation when you are working at a computer, you are happy with everything, and then the system starts to freeze. You press CTRL + ALT + DEL open the "Task Manager", click on the "Processes" tab, and you see that several processes are running in the system svchost.exe, one of which loads the processor by 50% - 100%. Someone might think: "Oh my God, I have a virus in my computer!" Well, it may be so, as some types of malware disguise themselves as "svchost.exe", but most likely this is just normal Windows operation.

So why is svchost.exe so important? Svchost is a service and DLL launcher. In the list of processes, you have seen many .ex files that start independently, but this does not apply to DLLs - they cannot be launched as an independent unit. They are launched by Svchost.exe.

The question arises, how to eliminate the error in which Svchost.exe loads the CPU heavily. First, you need to identify the service that was started by the copy of Svchost.exe that consumes a large percentage of the CPU. To do this, you need to use additional utilities, one of which is Process Explorer, written by programmers of the former Sysinternals company, which is now part of Microsoft. So, unpack the archive, and run the .exe file. In the program window, we find the svchost.exe process that loads the system and simply move the mouse cursor over it. A pop-up card with information appears, on which we see the service launched by this copy of svchost.exe.

Now, if this is not a Windows process, you just need to end it and remove the program that started this problematic process. If you cannot find this program, then it might just be a virus. Use and then install.

However, most likely, our problematic svchost.exe process will serve to start one of the Windows services, such as the Task Scheduler, firewall or Windows Event Collector. Sometimes, simply restarting your computer will fix the problem. If that doesn't work, the first thing to do is install the latest Windows updates.

If, for some reason, you cannot install updates, then you need to open the Windows Services Management Tool and deactivate the one that is causing the problem. To do this, in Windows XP, open Control Panel - Administrative Tools - Services. In Windows 7: Control Panel - System and Security - Administrative Tools - Services (or type services.msc in the command line and press Enter). Find the required service (service), right-click on it and select Properties. On the first tab, in the Startup type list, select Disabled. In the future, you can always enable this service. After that, you still need to download updates from the Microsoft website and install them, and then try to re-enable the service. The error should be cleared.

There is one more way to get rid of high CPU load from svchost.exe. To do this, open the "Windows Task Manager" (press CTRL + ALT + DEL), find the process causing the problem, right-click on it, move the mouse over the "Priority" item in the menu and set it to "Below Average" ( or “Low” if “Below Average” does not help). However, keep in mind that setting the priority to Low may introduce other issues.

Also, in case of common errors associated with the svchost.exe process, cleaning the system registry can help. To do this, you can use one of the utilities, for example, (just do not forget to make backups before cleaning).

In the Task Manager there are many different processes and mysterious files that constantly consume some computer resources, turn on, turn off and live their active digital life. Among them, users find the so-called Host process for services Windows he is svhost.exe... This article will tell you what this process is for.

What is the svchost.exe process

The host process for Windows services is a system process for the operating system. Windows services and services that are launched from executable exe files are registered in the task manager as full-fledged separate processes with their own names and graphs of memory, processor, disk and network consumption. Those services that are loaded from dynamic link libraries (also known as DLLs - Dynamic Linked Library) cannot be “registered” as a full-fledged process. Instead, the system registers them as a process known as the Windows Services Host Process or svchost.exe. These services include network connection managers, plug-and-play service, update center, security mechanisms, and so on.

Another feature is that for each service based on dynamic link libraries, the system creates a separate host process. This is why you can see several svchost.exe in the Task Manager. To see how many svhost.exe you have it running, and go to the tab Details... Often, the system has several dozens host processes for Windows services. This is the norm.

Host processes. Thousands of them.

Unfortunately, Task Manager does not allow you to see exactly how many services or groups are associated with each host process. If you are really curious to know which libraries are connected to your computer's host processes, you need a little Process Explorer utility developed by Microsoft. It is "portable" so you don't need to install it. Just download it and unpack it to the desired location. Run the file processxp64 if you have 64-bit Windows, or processxp if 32-bit. In the list Process find svchost.exe Are the same host processes for Windows services. Hovering over one of them displays a list of services associated with a particular process. For example, Local Session Manager, HID Device Access, Local Event Log, User Profile Service, and so on. There are many different services that are vital to the operation of Windows.

svchost.exe loads the processor

You may notice that immediately after you turn on your computer, all the Windows service host processes are putting more stress on your computer, especially the processor. This is also the norm, so must to be. After a while (not very long) everything will calm down and the load will drop. Why it happens? When Windows starts up, the host process scans all service and registry entries and lists the DLL services it needs to start. Then these services are loaded, which increases the consumption of processor resources.

Other factors also contribute to the increased CPU utilization of the svchost.exe process. For example, the system is indexing, downloading an update, or performing some other background task that is required to maintain the system. Of course, there are also abnormal situations when one of the system services does not work correctly, which leads to a load on the processor and slows down the computer's performance. There may be a large number of reasons for this. For example, corrupted system files, a problematic driver, a service failure, hard drive failure, or malware.

The main cause of abnormal processor load is often a failure of one or more services. You can diagnose such a failure in the same Process Explorer utility. Find the process that consumes the most resources in it and move the mouse cursor. A tooltip window will display a list of connected services or services. Try turning them off and watching the result. Having found a problem area, follow the instructions for solving problems in the operation of the service.

A warning: System services should not be blindly disabled. Make sure you know what you are doing and that you are confident in your ability to get it back. Blind manipulation of the system can damage its performance.

svchost.exe - virus or not

We have already understood that the svchost.exe process or the Host Process for Windows Services is a standard system mechanism, which, in principle, cannot be a virus on a normally functioning computer. However, there are times when malware or virus impersonates svchost.exe.

Pay attention to the location of the file. In the task manager on the tab More details right click on one of svchost.exe and select File location... Its main location is the folder C: \ Windows\ System32 or SysWOW64 ... A file with the same name is also found in directories Prefetch, WinSxS and ServicePackFiles, you will never get from the Task Manager to these folders if svchost.exe works normally.

If you suspect the presence of malware and detect anomalies in the location of svchost.exe, you will need to contact the services of your antivirus, which is quite obvious. This guide will only help you understand the reason for the increased load on your computer by the svchost.exe process.

What is svchost.exe in Windows and why this process loads the processor so much, often up to 100%. We deal with the svchost.exe process on Windows!

It would hardly be of particular interest to computer users if its reputation during the heyday of XP, Vista and 7 was not tarnished by viruses masquerading as this system process. Nevertheless, the real process often brings problems: it can load the processor by 100% and, accordingly, cause a terrible slowdown in the computer. Below we will talk about svchost.exe: what it is for, in which cases it can cause the processor to be loaded by 100%, and in which - being a virus, it can also pose a threat to the computer.

1. Genuine svchost.exe

The genuine svchost.exe, the Windows host process, is a vital component of the operating system through which critical system services are loaded from DLLs. For most of these services, svchost.exe is started in a separate process. Therefore, in the "Details" tab of the Windows 8.1 and 10 Task Manager, you can find the activity of several processes at once.

In Windows 7, all active processes can be seen in the Processes tab of the Task Manager.

Svchost.exe works with updates, Windows Defender, power management, network connections, various devices connected to your computer, and more. In Windows 7 and 8.1 systems, svchost.exe processes are launched under the names "System", "LOCAL SERVICE" or "Network Service", and in Windows 10, they can also be launched under the name of the current user. Launched on behalf of the user, it provides services that are responsible for synchronizing mail, calendar, contacts and other data of the account owner.

2. Why svchost.exe loads the processor by 100%

If we are not talking about a constant CPU utilization of 100%, but about separate periods of the appearance of such a problem, the reason for this may be the execution of background Windows operations. This, in particular, system updates, automatic maintenance, indexing the contents of disks after reinstalling the system. Low-power processors in budget or old computer devices are especially vulnerable in this regard. The problem with the processor load is solved by itself, respectively, at the end of the operations. In some cases, you may need to resolve an issue caused by an error installing Windows updates.

Another possible reason for svchost.exe activity with a load on system resources is overheating of the processor, problems with the hard disk or with the network card. The computer needs to be cleaned of dust and check the hard drive for errors. You can rule out or confirm the possibility of damage to the network card by monitoring the activity of svchost.exe while the network cable is disconnected.

The reason for the 100% processor utilization may be incorrect operation of one of the services of the svchost.exe process. This, by the way, is often found on devices where pirated modified Windows assemblies are installed. To figure out which of them is causal, you need to track it down.

3. Tracking services

3.1. Task Manager

You can find out which of the services is loaded on the processor in the task manager. We call the context menu on the problematic process and select "Go to services".

The dispatcher window will switch to the "Services" tab, where they will be highlighted in a block.

In the context menu called on each individual service, Windows 8.1 and 10 systems, in addition to the commands for stopping and starting it, which are limited to Windows 7, offer, in particular, the search for information about it on the Internet. On the network, you can find out what kind of service it is, how problems with it are solved, and if disabling it is proposed as a solution, then will Windows then be able to fully function. If you need a computer urgently, and you don't have time to understand the essence of the problem, you can try to stop the problematic service with the corresponding command in the context menu. If there are several of them, you will have to investigate the disconnection of each in turn.

Forcing the termination of the svchost.exe process itself in the Task Manager is fraught with the appearance of a blue screen of death. With stopping services, the situation is a little simpler: all the same, you will not be able to disable the services important for the functioning of the system - either access will be denied, or the service will then start again itself. Stopped services can then be started by the corresponding command in the context menu, and after restarting the computer, they will start themselves. Some of them, if they do not directly affect the health of the system, but it is impossible to stop them in the Task Manager, you can try to stop them in the Services snap-in (services.msc). Windows 8.1 and 10 Task Manager provides quick access to this snap-in.

A double click for the required service calls up its properties window, in which it is stopped by the button, respectively, "Stop".

If the causal service cannot be stopped, you can try to reduce the load on the processor by setting the problematic svchost.exe process to a lower priority in the task manager. In its context menu, select "Set priority", then - "Below average" or "Low". However, such a solution will not be effective in every case.

3.2. AnVir Task Manager

It may be more convenient for some to monitor the services of problem processes through alternatives to the standard Windows Task Manager. For example, in the AnVir Task Manager program, in one column of the table with processes, their services are also displayed. The description of the service of the selected svchost.exe can be viewed in the block with detailed information, which will appear after double-clicking on the graph of the selected process.

You can go directly to the services of the svchost.exe process using the context menu of the program by clicking "Go" in it, then - "Go to the service".

And already in the context menu for Windows services, you can select either the stopping command "Stop" or "Change the startup type", then - "Disabled (Quarantine)" if stopping is impossible. Here, in the context menu for each individual service, you can get help on the Internet.

Any kind of experiments with disabling services - at least through the standard Windows functionality, at least with the help of third-party programs - it is better to carry out, having previously created a system restore point.

4. Universal Windows Troubleshooter

If you do not treat the symptoms, but deal with the problem itself, universal remedies for errors in Windows can help, such as: disk cleaning, cleaning the system registry, checking the integrity of system files (sfc / scannow). And Windows Clean Boot will help you determine if the svchost.exe CPU activity is actually related to system services. Third-party software services may be causing the problem.

5. Viruses masquerading as svchost.exe

Today, spurious svchost.exe processes are much less common than in the days of the relevance of Windows XP, Vista and 7. Virus writers can disguise their malicious programs as it, replacing in the process name, for example, the letter "o" with zero, the letter "t" with one, playing with combinations of substitution of the Latin alphabet for the Cyrillic alphabet, adding some extra characters to the original version of the name. It may be that svchost.exe itself is a genuine process, but its activity, which loads system resources, is associated with a virus that has entered the system. Viruses masquerading as svchost.exe can load not only the processor, but also the disk and RAM, actively absorb Internet traffic, periodically disconnect the Internet and local network connections. False svchost.exe processes have other signs of malware in the system - advertising on websites, opening unsolicited web pages in the browser, changing Windows settings, etc. The falsity of svchost.exe may be evidenced by the location of the executable file of the process along a path other than C: \ Windows \ System32 and C: \ Windows \ SysWOW64. You can find out the location of the process file in the Windows Task Manager, in the context menu of each instance of svchost.exe.

In AnVir Task Manager, the path to the location of the svchost.exe files is specified in the "Executable" column of the table. In addition, AnVir Task Manager contains a separate column with an indicator of the so-called risk level - the verdict of the creators of the program, based on the behavioral analysis of processes.

AnVir Task Manager works in conjunction with Google's web service Virustotal.Com, where each active process can be checked directly from the program interface using the "Check on site" context menu option.

The problem with the fake svchost.exe process is solved in a universal way for all types of malware - scanning the computer with an anti-virus with regularly updated databases and an additional scan with an anti-virus utility from another developer (with excellent databases).

Have a great day!

Svchost.exe (service host) is a file and process of operating systems of the Windows family. Its task is to load and execute internal services from dynamic link libraries (files with the .dll extension), ensuring the operability of almost all components of the operating system. Figuratively speaking, svchost.exe is the liver, kidneys and lungs of Windows, without which its existence is unthinkable. But why do these "vital organs" sometimes create so many problems for us?

Today we'll talk about what to do if svchost.exe loads the processor, preventing it from working normally on the computer.

Reasons for loading the system by the svchost process

Since svchost.exe provides a significant part of system services, there can be many reasons for the intensive load on the processor. The most common ones are:

• Viral infection.
• Too high network congestion, for example, with many open slots in uTorrent.
• Errors in device drivers (sound, network, etc.), since the latter closely interact with system services.
• Damage to operating system files (in particular, the service host itself and various dynamic libraries).
• System services errors.
• PC hardware malfunction.

Sometimes this is the result of unsuccessful pirated Windows activation (not all activators are equally useful) and hacked programs.

How to determine which service is loading a service host

To view the services running in the loading host process, a built-in or alternative task manager is suitable. In the first, the information we are interested in is contained in the section " ProcessesWindows". Each host process is displayed in it under the name " Service Host».

The green box in the screenshot shows a list of services from one svchost process.

As an alternative to the stock Task Manager, I prefer the free one from Sysinternals. In it, just hover the cursor over a line - and all the necessary information will be displayed in a pop-up window.

If more than one service is running in the loading host process, you will have to search for the one that causes the problem using the brute force method:

• Open the application " Services"(The open button is located at the bottom of the task manager tab of the same name).

• Disable the first service from the list of the loading service host: open its properties from the right-click menu and select “ Launch type» « Manually" or " Disabled».

• Restart your computer. If the problem persists, start this service again and disable the next one.

Problem service found, what's next?

Then proceed according to the situation. If the failure is caused by a minor component such as Superfetch(quite a common problem for Windows 8 and 10 users), just leave it disabled. If the service is hardware related (audio, network, etc.) - try updating or rolling back the device driver. In case of problems with Update CenterWindows(often found on "sevens" and XP), in 90% of cases, disabling the check for updates helps. However, a complete refusal to install system updates is a big security hole in Windows, so it's better to switch it to manual mode.

If svchost starts to load the processor after installing Windows updates, applications or drivers, or uninstall the source of the failure.

In some cases, cleaning the folder helps \ Windows \ Prefetch where the trace files of the Prefetcher are stored - a system component that accelerates the loading of the system and programs.

How to unload the network

Too much network congestion, network driver errors, failures of applications using the Internet, network viruses (worms) become the source of the problem, perhaps in half the cases. To check this version, disable the network adapter in the device manager and restart the PC. If the load on the processor has returned to normal, the cause has been found, and it remains to find the culprit.

It helps to reduce the processor load by network components:

• reducing the number of simultaneous downloads and torrent distributions;
• prohibition of access to the Internet for programs for which it is not necessary (especially if there are many of them);
• shutdown of network programs when they are not in use;
• cleaning temporary folders (temp) - they may contain under-downloaded files that rocking applications are trying to download to the end;
• antivirus scan for network worms;

Another "disease" plagued Windows 7 for quite a long time. With it, the CPU utilization by the svchost process reached 100% and decreased only when the network was disconnected. The reason lay in the rampant "proliferation" of virtual tunnel adapters Microsoft 6to4, of which several hundred were sometimes created.

To check if this is your case, open the device manager, go to the menu " View"And check the box" Show hidden devices". Next, expand the list of network adapters. All "Microsoft 6to4" clones, if any, are located there.

To fix the problem, simply delete the redundant copies of the virtual adapters. This can be done either manually one at a time or automatically - all at once. For automatic removal, you need a console utility, which is available for download on the Microsoft MSDN website.

After unpacking devcon to your hard drive, run command line as administrator and follow the instructions C: \ devcon.exe remove * 6to4 *(replace C: \ with your path to devcon.exe). To prevent the situation from repeating, update your operating system.

Today, the problem with 6to4 adapters has already been fixed by the developers and is only encountered by those who do not install Windows updates.

And if it's a virus? How to distinguish malicious svchost from normal

A malicious program can:

• Create a copy of yourself on your hard disk under the name svchost.exe, which will be located anywhere except the directory \ Windows \ System32 because it contains the system file of the same name. That is, disguise as a system process.
• Inject your DLLs into one of the legitimate host processes.
• Modify (patch) the svchost.exe system file by placing your own executable code in its body.

Some users are intimidated by the too large, in their opinion, the number of running host processes. In fact, this indicator does not mean anything bad. The number of svchost processes on a normally working system is 8-9 or more. Each of them runs one or more services - this can be seen in the task manager. Services are divided into groups depending on the level of access to resources they need, so there are several processes.

Most normal host processes run on behalf of the system, network service and local service. Before the release of Windows 8, any service host launched on behalf of a user was automatically recognized as a virus, but now this is only true for Windows 7 and its predecessors. In the G8 and Ten, one service host running on behalf of the user is the norm.

At least one of the following signs indicates that the host process is running or is being used by a virus:

• The host process file is NOT in the folder \ Windows \ System32.
• An unknown service is running in the process or a non-system library (.dll) is loaded into it.

• On Windows XP-7, the host process is started as a user, and on Windows 8-10, there is more than one host process as the user.
• The Parent of a normal service host is always Services.exe. When infected with a virus, anything can be done instead.

The screenshots show ProcessExplorer launched as administrator. To view the list of dlls loaded into the service host, select the last one with a mouse click and press Ctrl + D on the keyboard. To find out its parent process, click the " Properties"In the upper panel of the program and open the tab" Image».

What to do if svchost.exe gets infected with a virus

It is important to figure out exactly where the infection is hiding: in the system file svchost.exe itself or in the one that uses it. If a system file is infected, in no case delete it, but replace it with a clean one, taking from a similar copy of Windows (for this you have to boot the computer from another media). Malicious libraries, on the other hand, must be removed completely.

How to check system files for errors

Most of the dynamic libraries from where the service host loads the services are native Windows files, the smaller part are device driver components. System file errors can be corrected by the console utility sfc.exe.

Run command line as administrator and follow the instructions sfc /scannow... The / scannow option means "immediately check and replace any corrupted files from the cached copy."

The results will be shown after the end of the check in the same window.

What to do if all else fails

In quite rare cases, one hundred percent processor load svchost.exe is not eliminated even by reinstalling Windows. The culprits of such situations are faulty drivers or even the devices themselves - network adapters, audio codecs, RAM (the latter's errors sometimes appear very bizarrely), or something else. There were times when the problem was solved by the computer.

If you suspect the hardware, the first step is to completely reinstall all drivers using known stable versions. Check the devices by turning them off one by one - in the BIOS or, if possible, physically. If you find the source of the problem, replace or repair the problem unit.

More on the site:

Most of the users faced the problem freezes and braking computer. First of all, everyone opens " Task Manager"And often see that everything is to blame process svchost.exe. It greatly complicates the work of the processor and memory, sometimes it comes to the point that it is impossible to work with a computer. Let's figure out what this process is.

Svchost is one of main processes to start Windows OS services stored in DLLs. The processes that appear in the list are loaded by svchost. It is an integral part of Windows.

To reduce the load on the processor, the creators of different services decided to use one process, giving it versatility.

Now there can be three or more processes, each of them is responsible for a certain service... This is why svchost.exe wastes memory and CPU resources.

Why the service can load the system

There are 5 reasons why svchost can load the system:

• System failure... This is a common occurrence in the OS.
• Virus A process disguised as a host is a fairly common problem. Hackers who create virus applications use the name of this process. Because a virus called svchost is hard to detect as a malignant application, even if it overloads the system and memory.
• Problem while working with the module auto-updates Windows. Interruptions in Windows auto-update can cause errors with svchost. Sometimes it happens that in some updates there are errors and bugs, this causes difficulties in the operation of the OS and, accordingly, in svchost.
• Huge log file size in the OS incident log. This problem can also affect svchost.
• Overheat inside the system unit, external damage to the memory chip. This problem is rare, but it should not be ruled out either.

How to detect a virus

There are several viruses that disguise themselves as svchost.

Signs infections can be varied:

Note! The svchost.exe file can be located in folders WinSxS, ServisePackFiles,Prefetch;

• the svchost process on behalf of the user is enabled only on Windows 10. In other versions, it should only be started on behalf of the System, « LOCAL SERVICE», « Network Service»;
• the Internet works for several minutes after launch, and then the pages in the browser stop loading and Internet is lost;
• standard indications for viruses: a lot of advertisements, changes in system settings, freezing of the computer.

Problem solving methods

To solve problems, you can use following ways:

On the left will be the item " Settings". Then we find “ Important Updates», « Do not check availability of updates (not recommended) "click OK.

• System rollback... You can roll back the system a couple of days ago.
• Clean up your computer using programs from unnecessary files.
• Verify for damage to the memory chips.
• Disconnect the internet cable... If all goes well, scan for viruses.
• A very risky way, the system can get damaged... Open up Conductor. C: \ WINDOWS \ Prefetch... Necessary get rid of from this folder. After open dispatcher and terminate the rebooted process svchost... Later reboot system.