Antivirus host framework service boots the system. What to do if Svchost loads the processor heavily

Users who frequently use Task Manager have noticed that several svchost.exe services are displayed in the list of worker processes. But not all, much less inexperienced users, know what svchost.exe is in the Task Manager and what it is responsible for.

What is svchost.exe?

Svchost.exe is a system executable (as the name suggests) file for Windows OS. It is responsible for launching some applications and functions, reducing the load on CPU and RAM. Therefore, you cannot remove it from the system (except in cases where malware is disguised as this service or when you can disable unused services, as written in the article “”).

If you see multiple copies of svchost.exe in Task Manager, don't worry, as the number depends on the number of running programs: the more there are, the more of these services there are.

How the process works

This process is present in almost every version of Windows OS, but its potential was revealed only with the release of Windows XP. Previously, he was primarily responsible for network connections, with which the computer connects to the Internet. But Microsoft developers decided not to stop there, so now the service is designed to run background local processes related to dynamic libraries that have the “.dll” extension.

Interesting! Dynamic libraries cannot be started in normal mode.

svchost.exe allows you to save computer resources because you don't need to physically run the executable file when using the service. Therefore, the number of processes loading RAM and virtual memory PC. It is because of this that several services with the same name are simultaneously displayed in the Task Manager.

In addition, the svchost.exe file is automatically launched when Windows starts, regardless of what programs are “hanging” in the . That's why complete shutdown unnecessary services and applications will not affect its loading.

Reasons for downloading resources

Often, users notice that a process is loading one of the resources (CPU or RAM) devices, regardless of whether programs are running or not. There are various reasons for this.

Viruses

The main reason is malware that has entered the computer and “masquerades” as the svchost.exe file. Sort processes in Task Manager by name and see on whose behalf these services are running. If this is done on behalf of account user (your account), then this is the “tricks” of the virus. If the “Username” column indicates: Local Service, Network Service or System, such a file is safe.

If you think you have discovered a virus, right-click on the process → Open file location. This way you will determine the location of the malware and check it through the VirusTotal.com portal. But it’s better to immediately scan the system using Dr.Web CureIt or Malwarebytes Anti-Malware. The point is that removing one executable file will not help get rid of the virus, since there are probably auxiliary fragments on the computer that will restore it after a reboot or simply prevent it from being deleted.

Since in most cases the user does not change OS settings, Windows is installed by default automatic download updates. This is also the “responsibility” of svchost.exe. To disable downloading updates:

Problematic programs

This reason is typical for those users who install a huge number of programs and applications on their computer and do not monitor them. To identify unnecessary software, install Process Explorer on your PC. It will help you determine which programs are taking up device resources, but you are not using them.

Another advantage of Process Explorer is that it works closely with the file checking service for malware - VirusTotal, so it will help distinguish system services from viruses.

To check a file, select it in the program window → Options → VirusTotal.com → Check VirusTotal.com.

Using µTorrent

Often, the µTorrent program loads computer resources when downloading files. To reduce CPU load:

Troubleshooting

The easiest way to reduce the load on the main components of your computer is to restart it. But this approach does not always help. The drastic measure is to “kill” the svchost.exe process in the Task Manager. How to do this for Windows 10.

How to recognize a virus?

It is easy to recognize a virus that disguises itself as the svchost.exe file. It runs under the user account or any other processes except Local Service, Network Service or System.

One more characteristic feature– “mistakes” in the title. Processes called svhost, svchosts or others are malware that need to be removed.

"Cleaning" the system

If you find a virus on your computer masquerading as the svchost.exe file, run an in-depth system scan with installed antivirus software.

Important! Surely scanning with installed software will not bring results.

But better use special utilities from well-known companies: Dr. Web CureIt, Malwarebytes Anti-Malware or Kaspersky Rescue Disc. They will identify and neutralize malware.

Video

You will learn more about the svchost.exe process in the video.

The first step is to try disabling applications one by one. Indeed, a low-power device can easily be overloaded by simultaneously running several heavy-duty applications.

Second. Often the cause of problems is prolonged active surfing on the Internet. The system is littered with hundreds of megabytes of temporary files. The registry is confused. There are two options here.
1. Run the cleaner and remove everything unnecessary files, repair the registry and perform a basic defragmentation.
2. Didn't help? Then open System Restore and roll back to an earlier state. It is almost never possible to restore normal performance in one go. Usually no more than three restorations are sufficient.

And don't forget to create rollback points. Does the computer fly? Go to Recovery and create a return point. It will come in handy.

Another classic cause of system overload is the svchost.exe process.

What is this and why does it interfere with the operation of the computer? The svchost.exe process is one of the auxiliary system services involved in many other tasks. The thing is useful, but sometimes it's buggy. What can disrupt this process?
1. Physical damage to memory chips. A lot of dust has accumulated in system unit. Service centers It is recommended to vacuum the inside of your computer at least once a year.
2. Errors when downloading automatic updates. For example, during the update process there were interruptions in the Internet connection or power outages. Facts have been noted where the update packages themselves were initially delivered with bugs. Even Microsoft experts themselves admitted this.

In cases where problems are caused by bad updates, it is recommended to go to the official Microsoft website and download a proven and reliable package, then install it yourself.

Viruses are often disguised as svchost.exe processes.

It is very convenient for hackers to present a virus or Trojan under the guise of the svchost.exe process. The system will issue a notification about unknown error and for now the user will be able to figure out the reasons. First you need to find out if the svchost.exe process is at fault? To do this, open the Manager Windows tasks(Alt+Ctrl+Del) and go to the Processes tab.

There will be at least four svchost.exe processes. Now look at the load level for each process. If some svchost.exe process has a load close to 100%, this is the culprit of the problems. What's next?
1. To begin with, it is always recommended to reboot the system. Most often the problems disappear.
2. If everything happens again, open the Task Manager again and end the overloaded svchost.exe process. To do this, open context menu(right mouse button) and click End Process Tree. Restart your computer again.
3. Didn't help? Now the surgical method. Open Windows Explorer. Find the Windows folder. Select the folder C:\WINDOWS\Prefetch. Delete this folder. Then open Task Manager again and end the tree of the overloaded process svchost.exe again. Restart the computer.

Basically, if in fact the problem was random failure the svchost.exe process is running, everything should be fine. If the problems continue, the cause should be looked for somewhere else. Might have actually happened viral infection. Then you need to take a closer look at all the processes and try to identify the disguised virus.

Signs of a virus disguised as the svchost.exe process

Normal svchost.exe processes run under the username:
- SYSTEM LOCAL SERVICE
- NETWORK SERVICE

Or something like that. Viruses hide under the ADMIN username or whatever you are logged into the Windows user account.

If a misdirected Cossack is detected, complete its tree and thoroughly clean the system with antivirus. Don't be afraid if you accidentally kill the normal svchost.exe process. Smart system Windows will simply reboot automatically.

Be sure to install a decent antivirus package if you use the Internet. Especially if you like to explore new sites, experiment with programs and other eighteen-plus entertainment. Download the healing utility Dr. Web CureIt. Copy it to a flash drive and store it for a rainy day. This program does not require installation and is capable of finding and neutralizing viruses on already infected systems.

Save for the rainiest day Windows distribution and make backups of important documents in a timely manner.

The other day I encountered such a problem that the computer (and more precisely a laptop) began to “slow down”. Of course I'm like advanced user, I immediately launched it and saw that it was the process that was loading svchost.exe
After some time, I solved the problem with the “brakes” and now I’m sharing with site visitors how this can be done in several ways.

First of all, I’ll immediately warn you that firstly, I did this on Windows 7 and the methods will be described specifically for it. I can’t answer exactly what it will look like in other Windows families, but they are similar. And secondly, the article is more focused on advanced users (you have somehow determined what exactly the process is loading, which means you already more or less understand Windows) and therefore the instructions may seem incomprehensible to some.

So, first I’ll show you my Dispatcher:

As you can see, the processes are sorted by the most occupied resources (and in particular by Memory) and in the first place is svchost.exe. Well, then you can also see that it also takes up a lot of space. More than everything is supposed to be.

Those who see this process for the first time may ask at least two questions: " What kind of process is svchost.exe?" And " Why are there several of them in processes?". I answer immediately and briefly: svchost.exe is a system process that is needed to start system services (there are many of them and there is no point in listing them all because it depends on many factors). And that is why they can be launched from 4 to infinity (everyone is responsible for some service).

By the way, pay attention to which user this process is running from (on the same “Processes” tab). Normally, this should be “system”, or “network service”, or “local service”. If the name of your account or “Administrator” is there, then I can “congratulate” you - you have a virus.

Well, now let's move on to eliminating the brakes.

1) Of course, the simplest and most common thing is to reboot. As they say, “Seven troubles - one reset.” Often, a reboot is all it takes and many problems can be corrected (albeit sometimes even temporarily).

2) Our favorite viruses... We check the computer for their presence. Even if you already have an antivirus, you should not forget that there are viruses that cannot be detected by one antivirus, but another can easily find them. The databases are different and the algorithm is the same. So check free versions products from the most popular developers, for example, and.
They are one-day/disposable and after checking you can remove them.
You can also try the program. She found 8 pieces of malware on me.

3) Check Windows updates and install them if available

4) On the contrary, disable Automatic Windows update ( , ).

Just then remember to check and search for updates at least once a week.

5) Right-click on the most “loaded” process and select “Go to services”

6) Right-click on the process and select "End process tree"

7) On system disk, V Windows folder there is one interesting folder called Prefetch. It is needed to speed up the operation of services. Delete it =) Then complete the process tree.

8) If there is a process wuauclt.exe, then in the Windows folder, delete all folders from the SoftwareDistribution folder, and then kill this process.

9) Try or roll it back a few days (if possible)

10) An alternative is to delete everything in the *:\WINDOWS\system32\Tasks folder, and then end the process tree.

11) And finally, the most radical and the hard way- reinstall the system. If you don't mind...

After each method, it is highly advisable to reboot.

There may also be problems in what malfunctions and cannot cope. You can try to remove the bar and look at the behavior of the system, and then another.

It may also be that some program wants to update, but for some reason cannot (for example, even an antivirus). Therefore, it loads both this process and the entire computer as a whole. Observe how the system reacts when programs are launched. Maybe it starts to get “stupid” exactly when some program is loaded after autostart. Here you can either help it update, or remove and reinstall it.

Finally, I will write that the 7th method helped me, but it is likely that the 1st method will be enough for you. Write comments if there are any other ways or how you solved the problem with system “brakes” due to the svchost process

Users who frequently use Task Manager have noticed that several svchost.exe services are displayed in the list of worker processes. But not everyone, and especially inexperienced users, know what svchost.exe is in the Task Manager and what it is responsible for.

What is svchost.exe?

Svchost.exe is a system executable (as the name suggests) file for Windows OS. It is responsible for launching some applications and functions, reducing the load on the central processor and RAM. Therefore, you cannot remove it from the system (except in cases where malware is disguised as this service or when you can disable unused services, as described in the article “Increasing computer performance by disabling unused services”).

If you see multiple copies of svchost.exe in the Task Manager, don't worry, because the number depends on the number of programs running: the more there are, the more of these services there are.

How the process works

This process is present in almost every version of Windows OS, but its potential was revealed only with the release of Windows XP. Before that, it was primarily responsible for the network connections that connect a computer to the Internet. But Microsoft developers decided not to stop there, so now the service is designed to run background local processes related to dynamic libraries that have the “.dll” extension.

Interesting! Dynamic libraries cannot be launched in normal mode.

svchost.exe allows you to save computer resources because you don't need to physically run the executable file when using the service. Therefore, the number of processes loading RAM and virtual memory of the PC is reduced. It is because of this that several services with the same name are simultaneously displayed in the Task Manager.

In addition, the svchost.exe file is automatically launched when Windows starts, regardless of what programs are “hanging” in autorun. Therefore, completely disabling unnecessary services and applications will not affect its loading.

Reasons for downloading resources

Often, users notice that a process loads one of the resources (processor or RAM) of the device, regardless of whether programs are running or not. There are various reasons for this.

Viruses

The main reason is malware that has entered the computer and “masquerades” as the svchost.exe file. Sort processes in Task Manager by name and see on whose behalf these services are running. If this is done on behalf of a user account (your account), then this is the “tricks” of the virus. If the “Username” column indicates: Local Service, Network Service or System, such a file is safe.

If you think you have discovered a virus, right-click on the process → Open file location. This way you will determine the location of the malware and check it through the VirusTotal.com portal. But it’s better to immediately scan the system using Dr.Web CureIt or Malwarebytes Anti-Malware. The fact is that deleting one executable file will not help get rid of the virus, since there are probably auxiliary fragments on the computer that will restore it after a reboot or simply prevent it from being deleted.

Since in most cases the user does not change OS settings, Windows is set to automatically download updates by default. This is also the “responsibility” of svchost.exe. To disable downloading updates:

Problematic programs

This reason is typical for those users who install a huge number of programs and applications on their computer and do not monitor them. To identify unnecessary software, install Process Explorer on your PC. It will help you determine which programs are taking up device resources, but you are not using them.

Another advantage of Process Explorer is that it works closely with the file checking service for malware - VirusTotal, so it will help distinguish system services from viruses.

To check a file, select it in the program window → Options → VirusTotal.com → Check VirusTotal.com.

Using µTorrent

Often, the µTorrent program loads computer resources when downloading files. To reduce CPU load:

Troubleshooting

The easiest way to reduce the load on the main components of your computer is to restart it. But this approach does not always help. The drastic measure is to “kill” the svchost.exe process in the Task Manager. How to do this for Windows 10.

How to recognize a virus?

It is easy to recognize a virus that disguises itself as the svchost.exe file. It runs under the user account or any other processes except Local Service, Network Service or System.

Another characteristic feature is “mistakes” in the name. Processes called svhost, svchosts or others are malware that need to be removed.

"Cleaning" the system

If you find a virus on your computer masquerading as the svchost.exe file, run an in-depth system scan with installed antivirus software.

Important! Surely scanning with installed software will not bring results.

But it’s better to use special utilities from well-known companies: Dr.Web CureIt, Malwarebytes Anti-Malware or Kaspersky Rescue Disc. They will identify and neutralize malware.

Video

You will learn more about the svchost.exe process in the video.

SVCHost is a process responsible for the rational distribution of running programs and background applications, which can significantly reduce the CPU load. But not always this work is performed correctly, which may cause too high load on the processor cores due to severe looping.

There are two main reasons - a failure in the OS and the penetration of a virus. Methods of “fighting” may differ depending on the cause.

Because this process very important for correct operation system, it is recommended to exercise certain caution when working with it:

• Do not make changes and especially do not delete anything in system folders. For example, some users try to delete files from the folder system32, which leads to the complete “destruction” of the OS. It is also not recommended to add any files to the root Windows directory, because this can also be fraught with adverse consequences.
• Install any antivirus program, which will check the computer at background. Fortunately, even free antivirus packages do a great job of preventing a virus from hogging the CPU using SVCHost.
• By removing tasks from the SVCHost process using "Task Manager", you can also disrupt the system. Fortunately, this will cause your PC to reboot in the worst case scenario. To avoid this, follow the special instructions for working with this process through "Task Manager".

Method 1: Eliminate viruses

In 50% of cases, problems with CPU overload due to SVCHost are a consequence of a computer being infected with viruses. If you have at least some anti-virus package where the virus databases are regularly updated, then the likelihood of this scenario is extremely low.

But if the virus does get through, you can easily get rid of it by simply running a scan using an antivirus program. You may have completely different antivirus software; in this article, treatment will be shown using an antivirus as an example. It is distributed free of charge, its functionality is sufficient, and the virus database is regularly updated, which allows you to detect even the latest viruses.

The instructions look like this:

Method 2: OS optimization

Over time, work speed operating system and its stability may undergo changes in the worst side, so it is important to regularly clean the registry and defragment hard drives. The first often helps with high load SVCHost process.

You can clean the registry using specialized software, for example. Step by step instructions to complete this task using this program looks like this:

Carrying out defragmentation

Also, it is advisable not to neglect disk defragmentation. This is done as follows:

Method 3: solving problems with Update Center

Windows OS, starting from 7, receives updates “over the air”, most often, simply by informing the user that the OS will receive some kind of update. If it is insignificant, then, as a rule, it occurs in the background without reboots or notifications to the user.

However, incorrectly installed updates often cause various crashes in the system and problems with processor load due to SVCHost, in this case it is no exception. To return your PC performance to its previous level, you will need to do two things:

• Disable automatic updates (this is not possible in Windows 10).
• Roll back updates.

Disable automatic update OS:

Next you need to install a normally functioning update or roll back updates using backup copies OS. The second option is recommended, because... the required update assembly for current version Windows is difficult to find and can be difficult to install.

How to roll back updates:

Get rid of the problem of CPU cores overload caused by running process SVCHost, not difficult. You will have to resort to the last method only if nothing else helps.