What does svchost exe do? What to do if Svchost is using a lot of CPU? Terminating related processes

When dealing with the reasons for the lack of RAM or the strange workload of the computer in the absence of running applications, a Windows 7 user will definitely find a process with the strange name Svchost.exe. Even more suspicious is the presence of several copies of the same process in memory, each of which actively loads both the processor and RAM. In some cases it is better to leave everything as is, in others it is better to stop all processes, and in others it is better to disable only some of them. You can choose the right option only after carefully understanding what is happening.

What is Svchost.exe

Svchost.exe netsvcs (short names - Svchost.exe, Svchost) is a Windows 7 system process responsible for the accelerated startup and operation of other system services. In a normal situation, Svchost.exe quickly executes its function and frees up RAM, but when applications experience difficulties and start to crash, the process ends up being loaded into memory several times.

There can be four or more Svchost.exe running at the same time. There is no upper limit, it all depends on the number of accumulated errors. A common feature of all clones of a process in the Task Manager is that the user is system, local service, or network service. Other options, including user, your account name, or administrator, indicate a high probability of a virus masquerading as Svchost.exe.

Unfortunately, some malware has learned to infect Svchost.exe itself. The infected clone does not outwardly stand out from others, but intensively exploits the system for its own purposes. Therefore, an additional alarming sign may be excessive load on RAM and CPU by one of the processes.

Svchost.exe appears in RAM for one of the following reasons:

  • Random crash.
  • Update service errors. The system can accumulate errors both when you refuse to download the latest updates, and when they are actively installed. In the latter case, the cause of the problem may be a conflict with a running system or a loading failure due to poor communication. In addition, it happens that the updates themselves contain internal errors.
  • Large event log file in the log. Sometimes the cause is the excessive size of the log file in the Windows 7 event log.
  • Malicious programs. Viruses that masquerade as exe imitate the behavior of a process to make themselves more difficult to detect.
  • Hardware problems. Damage to RAM strips, contamination and overheating of the processor, and so on. This is especially true for used computers.
  • The system is clogged. A lot of temporary files downloaded from the Internet and a long-uncleaned registry lead to malfunctions in Windows 7, leading to the appearance of exe.

Ways to solve problems with Svchost.exe

Since there can be multiple causes for a problem, there is no single solution. Therefore, you should start with the safest steps, gradually eliminating options.

Wait and trust the system

It's possible that Windows 7 will fix the problem on its own, especially if it's caused by a recent update or a short-term hardware failure. In this case, you need to leave the system to itself for a while, and then check the “Task Manager”. Very often this is enough.

To restart a computer

The problem could be caused by a random crash or a conflict between running applications. Rebooting resolves both causes. In order to understand which specific program led to the appearance of Svchost.exe, you need to launch applications one at a time, monitoring the emerging processes using the Task Manager.

Use the "Task Manager"

You can start by disabling the process that causes the most suspicion.

  1. To do this, call the “Task Manager” by simultaneously pressing the Ctrl+Shift+Esc keys.

    By default, the Processes tab opens.

    2. At the bottom of the “Processes” tab window that appears, click the “Display processes of all users” button. The list of processes has expanded significantly.

    There are noticeably more processes

    We select the Svchost.exe clone that we want to close (usually this is the most “gluttonous”), and click the “End process” on-screen button.

    Last warning before stopping the process

    The worried system will remind us of the danger of disabling the system process and ask us to confirm our actions. If you haven’t changed your mind, click “End process” and evaluate the results.

Unfortunately, a mistake in choosing a process can cause Windows 7 to crash, but nothing dangerous should happen. In extreme cases, you will have to reboot.

Checking for Windows updates

If the problem with Svchost.exe is caused by incorrect operation of the Windows 7 update service, then you need to change the corresponding settings. Perhaps an effective solution would be to temporarily disable automatic updates.

  1. To do this, press the on-screen “Start” button and in the right column of the menu that opens, find the line “Control Panel”.

    The control panel is located in the right column of the menu

    2. After the large “All Control Panel Items” window appears, find the “Windows Update” tab in it.

    We are looking for the “Windows Update” tab

    In the upper left part of the “Windows Update” window that opens, there is the “Settings” tab we need, go to it.

    “Settings Settings” tab at the top left

    To disable receiving updates, in the “Settings” window, select the “Do not check for updates (not recommended)” option in the “Important updates” drop-down list, and also uncheck the “Receive recommended updates in the same way as important updates” options. and “Allow all users to install updates on this computer.”

    Remove all update permissions

    After making changes, click the “OK” on-screen button, reboot and observe the behavior of the system.

If the work has improved, the settings can be returned to their original settings after some time, when Windows eliminates the shortcomings. If the update settings were set to “Do not check...”, it will be useful to replace the “Important updates” value with “Install updates automatically (recommended)”. With a high probability, downloaded new libraries will restore system stability.

System Restore using Windows 7 Profile Service

Instead of wasting energy searching for the source of problems, you can return the system to a known stable state using a restore point.

  1. Press the “Start” on-screen button, select “All Programs”, find the “Special” folder in the list that opens, and in it the “System” subfolder.

    You need to go inside the "Service" folder

    2. In the "System" folder we need the "System Restore" utility.

    System Restore service is here

    After thinking for a short time, Windows 7 displays an information window where you need to click the “Next” on-screen button.

    Additional information can be obtained directly from this window

    In the window that appears with the same name “System Restore” you need to select a restore point. You should focus on the date, choosing the day when the system worked stably. Having decided on this question, click “Next”.

    Select one of the proposed restore points

    The system once again explains what is happening, giving the last opportunity to abandon the intention. Press the “Finish” on-screen button.

    Last question before starting recovery

System rollback usually takes about half an hour, during which the computer will reboot itself several times. If the restore point is determined correctly and viruses have not damaged system information, the problem will be resolved. Otherwise, you should either select an earlier recovery date or start an anti-virus scan.

Removing viruses

If there is a virus hiding under the mask of Svchost.exe, then simply deleting the host process using the Task Manager will not give a long-term result. The next time you start the system, the malicious program will manifest itself again. It is necessary to install a powerful antivirus program on your computer and conduct a comprehensive scan. External media can be checked separately on a computer specially designed for this purpose.

Editing the contents of the Prefetch and Tasks service folders

To optimize performance, Windows 7 uses several service folders that store temporary information. Some store the current state of the system, so viruses tend to “duplicate” themselves in them for recovery after removal.

The algorithm of actions in this case is simple:

  1. We go to the C:\WINDOWS\Prefetch directory, select the entire contents of the folder and delete it.
  2. Then go to the C:\WINDOWS\Tasks directory and do the same with it.
  3. Remove the suspicious exe process.
  4. Reboot the computer.

How else can you fix the problem?

Checking the hardware

Computer hardware failures can be either temporary (due to processor overheating) or permanent (due to breakdown of components). Overheating is usually caused by dust, a broken cooler, or a change in the thermal paste's thermal conductivity properties. Therefore, you should clean the computer from dust and replace the thermal paste on the central processor in a workshop or yourself.

The performance of RAM and other components is checked using special applications or instruments. But you can make a preliminary conclusion by temporarily replacing the RAM strips with ones that are guaranteed to be in good working order. If this is not possible, then you can do the opposite: try to start the computer alternately on each of the two installed brackets separately. If the system starts on both, the RAM is good.

Cleaning the event log file in the Windows log

An overgrown log file could also be the source of our problem. To correct the situation, let’s clear it of unnecessary information.

  1. Press the key combination Win (with the Windows icon) and R. In the small “Run” window that appears, type eventvwr in the input line and press the “OK” on-screen button.

    The “Clear log...” option is located on the right side of the window

    2. All that remains is to select the line “Clear log...” on the right side of the window, and then confirm the operation. The same should be done with the “Security”, “Installation” and “System” magazines. After completing the procedure, restart Windows.

What to do if nothing helps

If none of the previously performed procedures brought results, you can try to enhance the effect:

  • Roll back the system to an earlier restore point.
  • Roll back the system three times in a row. Sometimes this is the only way to get rid of viruses.
  • Apply successively several different antivirus programs. It is quite possible that the virus is quite recent, so not all antiviruses can fight it yet.
  • Clean your computer from accumulated errors. Using CCleaner or another package with similar functions, you can free the system from temporary files and also tidy up the registry.
  • Clear the System Volume Information folder. This system hidden folder, located in the root directory of the system drive, stores information necessary for the recovery service. Sometimes viruses penetrate it.

Video: Svchost.exe process loads memory and processor - 100% solution

The appearance of several Svchost.exe clones that slow down your computer can be an external manifestation of various problems, ranging from a random system crash to a defective RAM stick. Installing reliable anti-virus protection, regularly cleaning Windows and keeping the hardware in good condition will help you avoid this situation for as long as possible.

The problem with a freezing computer is probably familiar to everyone without exception. As a rule, this is blamed on viruses, poorly written programs, as well as simple overheating. From time to time, svchost.exe is the culprit. What kind of process is this, and why does this happen? Let's try to figure it out!

Virus or not?

Firstly, many people immediately succumb to panic. When they see svchost in the Task Manager, they immediately assume that an insidious virus has entered the computer. The latest antivirus (or better yet two) is immediately installed, after which the computer is scanned several times. If the user was so zealous that he installed two or three security applications at once, then the system is guaranteed to crash.

We warn you right away: this is not a virus, so do not rush to delete svchost.exe! What is this process then?

General information about the application

This is the name of a very important component responsible for launching the system's dynamic libraries (DLLs). Accordingly, both Explorer (Explorer) of Windows itself and more than one thousand third-party applications depend on it. This especially applies to games that actively use these libraries via DirectX.

It is located at the following address: %SystemRoot%\System32. By reading registry entries at each boot, the application generates a list of services that should be started. It should be noted that several copies of svchost.exe can be running at the same time (you already know what kind of process this is). The important thing is that each process may well contain its own group of services. This was done for maximum comfort in monitoring the operation of the system, as well as to simplify debugging in case of any problems.

All groups that are currently part of this process can be found in the following registry sections:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost;
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service.

All parameters that are available in these sections are visible as separate instances of svchost.exe (we have already explained what this is).

Each registry section that relates to them has a parameter of the form: REG_MULTI_SZ. It contains the names of all services available as part of a specific Svchost group. Each of them contains the name of one or more services, the description of which contains the ServiceDLL key.

This is what the svchost.exe file is.

How to check processes associated with Svchost?

To see all the services that are currently associated with this process, you need to do a few simple things.

  • Click on “Start”, and then find the “Run” command in this menu.
  • Enter there and then press ENTER.
  • After that, copy and paste the following expression into the command line emulator that opens: Tasklist /SVC. Use the ENTER key again.
  • A list of all processes will be displayed in the form of a list. Attention! Be sure to enter the /SVC key parameter, as it displays the active services. To get extended information about a specific service, use the following command: Tasklist /FI "PID eq process_id" (including quotes).

If you have problems

It often happens that after entering commands, the computer displays something unintelligible, like: “The command cannot be recognized.” Don't rush to enter it again.

Typically, this happens because you are working under an account whose rights are simply insufficient to perform this type of action. It doesn't matter whether you have an administrator account or not. To correct the situation, the command line emulator should be launched in a slightly different way.

To do this, click on the “Start” button, then enter CMD in the “Search” field. A list of found files will open on the right side of the menu. Right-click on the first of them (with the corresponding name), and then select “Run as administrator” in the context menu that appears.

So we have given you the basic information. Now let's look at those malicious programs that can masquerade as a harmless system application.

How to separate the wheat from the chaff?

Look carefully at the process name: it should be written as sVChost! There are some Trojans that masquerade as sVHost that are very common. If you see something like this in your “task manager”, then in this case it is indeed time to completely scan the system for the presence of malicious applications.

Especially “advanced” viruses and Trojans can still masterfully camouflage themselves by having exactly the same name as the real process. But even they can be distinguished with 100% probability by paying attention to the most characteristic signs. Let's look at them.

Firstly, a real system process is never (!) launched as a regular user. Its start can be initiated by SYSTEM, LOCAL SERVICE, and NETWORK SERVICE. What is more important is that it does not start (!) when the system starts using startup tools. Accordingly, the list of programs that start simultaneously with the system should under no circumstances include svchost.exe. What is the process in this case?

If you see something like this, then there is only one reason - a virus.

Checking startup

Don't know how to do this? Everything is very simple! First, click on the “Start” button and left-click on the “Run” field. Then enter the MSConfig command there. A list of all applications launched at startup will open, which you need to carefully review.

If there are many svchost.exe processes (or even one), then you will definitely have to think about how to remove it from your computer.

What to do if you detect a “spy”?

As we have already said, in this case it is best to scan the OS with a powerful antivirus program. But before that, it won’t hurt to perform a number of simple steps with which you can completely block the virus from any opportunity to harm you. In general, the svchost.exe virus has spread widely across the RuNet in recent years. As a rule, malware that specializes in stealing user personal data operates under the guise of a normal system process.

First, in the “File location” line, find the specific folder in which the virus file is located. Select it in the list with the left mouse button and click on the “Disable” button. Click “OK”, then go to the directory with the desired file and delete it. All. Can be scanned by antivirus.

The process is very CPU intensive. Why does this happen and what should I do?

So we are back to the beginning of our article. Do you remember that sometimes due to svchost.exe (what kind of process this is, we have already explained in detail) the computer begins to slow down and “hang”? Why is this happening? And how can you overcome this phenomenon without reinstalling the system?

The simplest way

There is a fairly simple and effective recommendation that helps in many cases. Open the “Task Manager”, look for the svchost process there, then right-click on it and select “Priority/Low”. It should be noted that this must be done with each process of the same name that is in the “Task Manager”.

We remind you once again: if you see the svchost.exe file (you already know what it is), under no circumstances rush to delete it, suspecting it is a virus!

Windows Update Service

Often on Windows XP the problem with almost 100% and svchost is caused by the fact that the update service does not work correctly. Some computer resources have found an explanation for this phenomenon.

The issue is an incorrect update checking mechanism. Considering the number of patches that have been released for this system, a small error in memory allocation has turned into a serious problem: the computer is not only slow, but you can easily search for “patches” for days, alternately freezing at the same time.

How to disable the problematic service?

To temporarily disable Windows Update, go to the “Control Panel” and find the “System and Security” item there. It is there that the desired “Windows Update” is located, in which we are interested in the “Turn on or off automatic updates” item. Check the box next to “Do not check for updates.” Click on OK and reboot the machine.

If after this everything is fine, and the processor is not in a “dead” state most of the time, then the culprit of all the problems was indeed the update service. In the event that the problem continues to occur even after this, we return Windows Update to its original state, after which we continue to look for the culprit of all the misfortunes.

Internet Browser

However, take your time. In many cases, Internet Explorer is to blame. Remember how at the very beginning of the article we discussed the importance of svchost for Explorer? But “Internet Browser” is an important part of the file manager of the Windows OS family.

Problems with it very often begin when the IE version is very outdated. For example, Microsoft itself has not recommended using Windows XP with the sixth version of Internet Explorer for a very long time.

Accordingly, in this case it is quite simple. Use the Windows Update service mentioned above. Download and install all the latest updates for your version of the operating system, install the new version of IE. It is possible that this measure will help you.

Games

Observe which applications the processor is overloaded after trying to launch. In addition, you should be wary of “svchost.exe application error” messages, which are an almost 100% indicator that some third-party application is to blame for the system’s inappropriate behavior.

Most often, this program is a game downloaded by its happy owner from some “left” site. Those who have made modifications to the program code, removing protection from it, rarely test their creation for full compatibility with certain systems, their DLLs, etc. So there is nothing to be surprised in this case.

"Bat"

In rare cases, owners of old versions of The Bat mail program encounter this problem, which for one reason or another many people continue to use. Try uninstalling the application. After this, install the latest version of the utility, and then look at the computer’s behavior again.

Drivers

Very often, when transferring a system to another disk after some serious errors in the file system, as well as after a virus attack, users are faced with an OS that is completely frozen due to svchost. exe. “How to remove this malicious process?” - think novice users.

Let us warn you once again: deleting this file will lead to dire consequences and complete system inoperability, so before taking extreme measures, it is better to read our next advice.

There is information that the svchost.exe process, the error of which spoils so many nerves for users, may not work correctly due to incorrectly installed or “crooked” drivers. Very often it turns out that the cause is programs for video cards and sound cards. The drivers for these are complex and unpredictable, so if possible, remove them and then install the latest (or most stable) versions.

Windows Defender

Owners of Windows Vista/7 should pay attention to the Windows Defender program, which is included as standard with these operating systems. It serves to prevent malware from entering the system, but sometimes it itself behaves no better.

Problems arise if the installed third-party antivirus software for some reason does not deactivate Defender. This is especially true for all Eset Nod products, which have been extremely popular with many domestic users in the recent past.

To correct this situation, click on the “Start” button, go to “Control Panel”, and then find “Defender” in it. In its main window there is an item “Run scan when idle.” Uncheck it, click OK. In some cases this measure turns out to be useful.

We hope you found out what the svchost.exe program is. We talked in detail about its purpose, as well as methods for eliminating problems with it. Typically, the troubleshooting methods we provide work. All you need to do is strictly follow the instructions in the article.

In addition, it does not hurt to update the system on time.

The other day I encountered such a problem that the computer (or rather the laptop) began to “slow down”. Of course, as an experienced user, I immediately launched it and saw that it was the process that was loading svchost.exe
After some time, I solved the problem with the “brakes” and now I’m sharing with site visitors how this can be done in several ways.

First of all, I’ll immediately warn you that firstly, I did this on Windows 7 and the methods will be described specifically for it. I can’t answer exactly what it will look like in other Windows families, but they are similar. And secondly, the article is more focused on advanced users (you have somehow determined what exactly the process is loading, which means you already more or less understand Windows) and therefore the instructions may seem incomprehensible to some.

So, first I’ll show you my Dispatcher:

As you can see, the processes are sorted by the most occupied resources (and in particular by Memory) and in the first place is svchost.exe. Well, then you can also see that it also takes up a lot of space. More than everything is supposed to be.

Those who see this process for the first time may ask at least two questions: " What kind of process is svchost.exe?" And " Why are there several of them in processes?". I answer immediately and briefly: svchost.exe is a system process that is needed to start system services (there are many of them and there is no point in listing them all because it depends on many factors). And that is why they can be launched from 4 to infinity (everyone is responsible for some service).

By the way, pay attention to which user this process is running from (on the same “Processes” tab). Normally, this should be “system”, or “network service”, or “local service”. If the name of your account or “Administrator” is there, then I can “congratulate” you - you have a virus.

Well, now let's move on to eliminating the brakes.

1) Of course, the simplest and most common thing is to reboot. As they say, “Seven troubles - one reset.” Often, just a reboot is enough and many problems can be corrected (albeit sometimes even temporarily).

2) Our favorite viruses... We check the computer for their presence. Even if you already have an antivirus, you should not forget that there are viruses that cannot be detected by one antivirus, but another can easily find them. The databases are different and the algorithm is the same. Therefore, check out the free versions of products from the most popular developers, for example, and.
They are one-day/disposable and after checking you can remove them.
You can also try the program. She found 8 pieces of malware on me.

3) Check Windows updates and install them if available

4) On the contrary, turn off Windows Automatic Updates ( , ).

Just then remember to check and search for updates at least once a week.

5) Right-click on the most “loaded” process and select “Go to services”


We see a list of services for which this process is responsible:


Now you need to turn off each one at random using the random method. To understand which one is loading. You can disable services either by right-clicking on My Computer, selecting “Manage”, and then “Services”:


Or simply find “Administration” in the Control Panel and there is a link to Services:


I think you’ll figure it out for yourself how to turn it off...

6) Right-click on the process and select "End process tree"

7) On the system drive, in the Windows folder, there is one interesting folder called Prefetch. It is needed to speed up the operation of services. Delete it =) Then complete the process tree.

8) If there is a process wuauclt.exe, then in the Windows folder, delete all folders from the SoftwareDistribution folder, and then kill this process.

9) Try or roll it back a few days (if possible)

10) An alternative is to delete everything in the *:\WINDOWS\system32\Tasks folder, and then end the process tree.

11) And finally, the most radical and toughest way is to reinstall the system. If you don't mind...

After each method, it is highly advisable to reboot.

There may also be problems in what malfunctions and cannot cope. You can try to remove the bar and look at the behavior of the system, and then another.

It may also be that some program wants to update, but for some reason cannot (for example, even an antivirus). Therefore, it loads both this process and the entire computer as a whole. Observe how the system reacts to the launch of programs. Maybe it starts to become “stupid” precisely when some program is loaded after autorun. Here you can either help it update, or remove and reinstall it.

Finally, I will write that the 7th method helped me, but it is likely that the 1st method will be enough for you. Write comments if there are any other ways or how you solved the problem with system “brakes” due to the svchost process

Svchost.exe (service host) or host process for Windows services is a component of Microsoft operating systems used to start and execute services from dll files (dynamic link libraries). Simply put, this is a process, or more precisely, a set of processes that ensure the functioning of all the main Windows subsystems - from managing the computer’s power to designing the working environment (panels, windows, menus, etc.).

Since the service host directly or indirectly affects everything you do, see and hear on your PC, excessive CPU usage by it can be caused by anything.

Below are the main groups of reasons why svchost loads the processor:

  • High load on the network structures of the operating system. Most often, this is a variant of the norm, which occurs, for example, during downloading and installing Windows updates. Often the culprit is a program that actively uses the network, such as a torrent client or browser.
  • Incorrect operation of any service or device driver. This and the previous reasons account for more than 50 percent of cases.
  • Infecting your computer with malware. It happens in about 15-20% of cases.
  • Damage, replacement, modification of system files (services, dynamic libraries, svchost.exe itself). They can be caused not only by viruses, but also by pirated Windows activators, as well as programs to “improve, speed up and decorate” the system.
  • Hardware failure of devices.

Examining processes and files

The main tool that will help us diagnose and solve problems with svchost is the Windows Task Manager. In the “ten” after updates for 2018, host processes are designated in it as “Service Node” or “Node Service”. Each of them runs one or more services. Services are grouped by levels of access to system resources.

Normally, all host processes are created by the same file - svchost.exe, which is located in the \Windows\System32 folder. To make sure that the process that loads the system is launched from there, call its context menu and click “Open file location”. Did the System32 folder open? This means the first test was successful.

All normal host processes have a common parent - the services.exe process, launched by the file of the same name. Unfortunately, the system task manager does not show it. To see this, you can use the improved alternative manager - a free and installation-free utility.

Besides, a normal svchost.exe file is supposed to be digitally signed by Microsoft. To check it, open the “Processes” tab in the system task manager, right-click on the suspicious line and click “Details”.

While in the Details tab, right-click the suspicious svchost again and select Properties.

Open the digital signatures tab of the service host. If its contents look something like the screenshot below, then everything is in order.

Detailed information about the file that spawned the host process can be obtained from the contents of the “Details” tab.

And if you install a simple free utility HasTab on your computer, “without leaving the cash register” you can get the checksums of the file of interest.

Then check its MD5 on Virustotal.com (an online service for checking files and other objects with a variety of antiviruses). If the service shows that the file is clean, then the source of the problem is not there.

Understanding services, drivers and hardware

Often the cause of high CPU load on the service host is services. In the latest version of Windows 10, it has become easier to find the problematic service, since the majority of host processes contain one of them. In Windows 7 and XP, there is usually a group of services per 1 service host, sometimes 8-12 of them.

To see a list of services that are potential culprits for problems in Windows 10, do the following:

  • Open the context of the suspicious svchost process in the task manager on the “Details” tab and click “Go to services”.

  • Everything that is running in this process is highlighted in blue on the Services tab. If one line is highlighted, chances are you've found the likely culprit. If, as in my example, this is the wuauserv service, you can breathe easy: your operating system is simply downloading updates. And if the computer is not very productive, svchost.exe at this time can load the processor by 100 percent. After the update the load will return to normal.
  • If several services are highlighted in blue, stopping one by one will help you find the problematic one. To do this, in the context menu of one of the services, click on the “Stop” item. If the load does not decrease, start this service and stop the next one.

By the way, in Windows 10 you can stop and start services directly on the “Processes” tab.

Attention! Before diagnosing using the above method, save any unsaved documents, as shutting down a critical system service may cause your computer to freeze, reboot, or get a Blue Screen of Death (BSoD).

If the detected service is related to a device driver, for example, sound (Windows Audio), Bluetooth (Bthserv), printing (Spooler), etc., the cause may not lie in it, but in the driver or a malfunction of the device itself. If the driver was installed shortly before the problem occurred, roll it back to a previous version. If it has not been updated for a long time, update or reinstall it. If you suspect a problem with the equipment, check it by disconnecting it or replacing it with a known good one.

What if it's a virus?

Seeing high CPU usage by one of the svchosts, many users first think about virus infection. This happens, but not particularly often. Although recently there have been a lot of malicious miner programs, one of the signs of which is a high load on the processor and/or video chip, especially when the computer is idle.

On signs of viral infection indicates the following:

  • The svchost.exe file that spawned the process is not digitally signed by Microsoft and is located in a directory other than \Windows\system32.
  • The parent process of the service host is not Services.exe, but something else, for example, the same svchost.
  • Checking the checksum of svchost.exe on Virustotal showed a bad result or the service could not determine from the checksum what kind of file it was.
  • In Windows XP and Windows 7, the presence of the svchost.exe process running on behalf of the user (in these OSes it can only be managed by system accounts, local service and network service). note that In Windows 8 (8.1) and 10, multiple svchost.exe processes on behalf of the user have become normal.

  • Unknown dlls and services that run in the context of the service host. You can view the list of libraries loaded into the process memory using Process Explorer (the button to open the library panel is circled in the menu with a red frame). The screenshot shows a normal picture - all dlls are signed by Microsoft.

What to do if the viral version is confirmed? Most often, it is enough to scan the system with any antivirus with fresh databases - most of them successfully remove miners and other malware that manifest themselves in this way. Main - do not delete the svchost.exe file, even if it is infected, otherwise it will seriously disrupt Windows. The infected file should be replaced with a clean one, taken from the distribution kit or from a “healthy” system of the same version and bitness. Or restore it using the method described below.

Checking the integrity of system files

A problem that has arisen as a result of damage, substitution or modification of protected Windows files is most often “cured” by the sfc.exe utility built into the system, launched in the command line with the /scannow parameter. The utility identifies defective data and replaces it with clean data taken from the WinSxS storage.

  • Quit applications that use the network intensively in the background (torrent clients).
  • If your operating system has not been updated for a long time, download and install all updates. They are needed not only for security, but also to correct various errors in the system. One of these bugs in Windows 7 at one time led to uncontrollable cloning of Microsoft 6to4 virtual network adapters. When too many of them accumulated, svchost.exe loaded the processor so much that computers turned into “electronic turtles.”
  • Clean out temporary folders and other junk. The problem can be caused by accumulations of incompletely downloaded files, which, when connected to the Internet, begin to download together and clog the network.
  • Activate in your browser to block loading sites that use hidden mining (in Opera this is the “NoCoin” list in the ad blocking settings).
  • If the reason is installation of system updates, and you need high computer performance, temporarily stop or unload the wuauserv service, but do not forget to start it again later.

Starting with the version of Windows XP, one very extraordinary service appeared in operating systems of this family - Svchost.exe (netsvcs). In its original version, it was mainly responsible for network connections, but over time it began to be used more widely. It's no secret that it is the Svchost.exe (netsvcs) process that loads the processor (Windows 7). How to fix the problem and disable unnecessary components will now be shown. But first, let's figure out what this process is and why it is needed.

Service Svchost.exe (netsvcs): what is this process?

Let's take Windows 7 as a basis, since in systems of a higher rank the problem with this service is not so pronounced.

It was from the seventh modification of Windows that the developers decided to make the system faster, using for this, as they believed, a universal solution, the essence of which was to not call the executable file of some system or user process, but to launch it through one service in background mode.

How the service works

If you look at the list of processes in the Task Manager, you can see several Svchost.exe services (netsvcs). What this is and why this happens will become clear if you understand the basic principles of operation of this component.

In general, processes may contain four (minimum) or more such components, but they all belong to the same group (netsvcs). The working principle of the process is to launch system processes through special svc hosts using the Services.exe tool. In this case, the accompanying components of any program (for example, dynamic libraries DLLs, which are not accepted for execution by the system in the usual way) are loaded into RAM. It is believed that this allows you to speed up the start of executable applications (including user ones).

Why does the process load RAM and virtual memory?

But why then does the Svchost.exe (netsvcs) process load Windows 7 memory? The decision to eliminate such a problem will have to be made based on the reasons for such system behavior. Among them, the main ones are the following:

  • exposure to viruses masquerading as Svchost.exe processes;
  • malfunctions in the Windows update search and installation tool;
  • accumulation of computer garbage while surfing the Internet;
  • problems with the tunnel adapter;
  • Prefetch service enabled.

It is worth noting that the Svchost.exe (netsvcs) process loads physical memory (RAM and virtual, which uses the space reserved on the hard drive to load program components when there is insufficient RAM).

In the simplest case, you can get rid of excessive load by simply restarting the system. But this gives only a short-term effect, as does terminating each process in the same “Task Manager”. Therefore, drastic measures will have to be used.

Check for viruses and malicious codes

First of all, you need to determine the presence of viruses masquerading as Svchost.exe (netsvcs) processes in the system, using their attributes in the “Task Manager”. On running services with a user name, the process description can only contain the attributes Network Service, Local Service or System. If something else is specified (most often Admin), you need to start checking immediately.

In the simplest version, you can use a standard scanner, but in most cases this does not give any results (after all, apparently, the antivirus has already missed the threat). Most experts recommend using independent utilities, among which one of the most powerful is Rescue Disk from Kaspersky Lab. The antivirus can be loaded from a disk or flash drive even before Windows starts, and at the same time it is capable of finding viruses, even those that are very deeply integrated into the system.

Svchost.exe (netsvcs) uses up memory in Windows 7. Solution - system update service

Many experts call problems with the Update Center another common problem. It happens that Svchost.exe (netsvcs) loads the processor (Windows 7) for no apparent reason (as it seems). But there is a reason. The problem is that some updates may have been underloaded, so the system tries to download and install them again and again.

Disabling the search and installation of updates through the Update Center, called from the Control Panel, may not work (even if you set the automatic search mode and offer installation at the user’s discretion). In this case, it is best to use the command line, launched as an administrator, in which three commands are written, followed by pressing the enter key after each of them (for any version of Windows):

  • to stop the service - net stop wuauserv;
  • to disable background smart transmission - net stop bits;
  • to deactivate delivery optimization - net stop bits.

Terminating related processes

Now let's look at another option for deactivating Svchost.exe processes (netsvcs). How do I disable service-related components? First, you should find out which processes are “attached” to it and are called when the system starts, but are not in the automatic boot menu.

To do this, in the “Task Manager” you need to find all the searched lines containing Svchost.exe (netsvcs), sorting the processes in alphabetical order.

On the selected process, through the right-click menu, you need to go to services using the corresponding line.

Each service can be stopped right here or open the service management section (this can also be done through the program launch menu “Run” (Win + R), where the command services.msc is entered. But this option is somewhat inconvenient only because you have to remember the name of each service, and then look for it in the service tree.

Next, by double-clicking, the settings menu is called up, where the service is either stopped with the corresponding button, or it is assigned a different startup priority or complete shutdown. But you shouldn’t overdo it, because this can disable important system processes, which can negatively affect the operation of the entire OS (up to a failure, after which you will have to restore or so-called rollback to a previous working state).

Removing computer junk and registry optimization

In some cases, the load on the system from the Svchost.exe (netsvcs) processes may be associated with simple clogging with computer garbage.

Carrying out cleaning on your own is a very troublesome task, so to simplify the work you should use optimizers like CCleaner, Glary Utilities, Advanced SystemCare, in which for scanning you need to mark not only deleting temporary files or clearing the cache, but also enable searching for problems in the system registry and then correcting or deleting incorrect keys and even defragmentation.

Troubleshooting tunnel adapter problems

Infrequently, there is a problem with the Teredo tunnel adapter. At the same time, even some of its controls may simply freeze. The way out of this situation is to disable the corresponding protocol (especially if it is enabled by default but not used).

To deactivate it, you need to run the command line with administrator rights and enter two commands: netsh interface ipv6 set teredo disable and netsh interface teredo set state disable, and after executing them, reboot the computer terminal.

Checking the status of the SuperFetch service

Finally, another global problem, although partially related to Svchost processes, is the activated service for remembering frequently used programs and applications to optimize or speed up their launch, which is called SuperFetch.

You can disable this component through the service management section (services.msc) by selecting the desired startup type, or perform similar actions in the system registry, which is not very convenient.

But it is believed that the simplest method of reducing the load on system resources in relation to this particular service is to delete the Prefetch folder, which is located in the Windows root directory in the system partition. After this, you can terminate all Svchost processes in the standard Task Manager and perform a full restart of Windows.

Results

What can be said about the processes considered if we sum up some results and draw conclusions? Among the main reasons causing increased use of system resources, and especially in Windows 7, the main ones are problems with the impact of viruses, failures in the update service and the SuperFetch service. But this situation in most cases occurs on low-power computers that are too weak to simultaneously support the optimization of running a large number of resource-intensive programs. And, what’s most interesting, most often it’s not the processor that takes the brunt of it, but the RAM, the use of which in some cases can reach one hundred percent. The lack of RAM capacity leads to the fact that the system begins to actively use virtual memory (hard disk space), which leads to a significant slowdown when accessing the hard drive.

As for solving this problem, you should use each of the above methods. But you will have to be extremely careful not to terminate some systemically important process (although in this case a spontaneous reboot with recovery may simply follow). But the SuperFetch component should not be disabled on modern machines with large amounts of RAM and powerful processors. This solution is applicable only in the case of outdated computer equipment.