Svchost Process Analyzer: Identify svchost.exe Worms & Analyze All Instances Of The Process


Want to check which user application or Windows utility initiated a specific instance of svchost.exe process? The svchost is basically a small executable file that resides in system32 folder. It is a generic Windows host process that plays a vital role in keeping all the system and user initiated services stable. Since Task Manager doesn’t provide a detailed information on running instances of svchost executables, you may need Svchost Process Analyzer to analyze the services and applications that run multiple instances of svchost.exe and to identify all the svchost related malwares. It helps you prevent Windows from those malwares and viruses which create a fake svchost.exe file at different locations to exploit user’s access rights; it lists down all the running instances of svchost processes with detailed information, so that you can easily identify malware infected svchost.exe files.

When you launch the application, it starts scanning all the running instances of svchost.exe process. Once the scanning is finished, it shows the number of svchost processes found with total number of potential warnings.

SvchostAnalyzer im

Clicking Details will open the main window, where all the svchost processes are listed with information like process ID, source path, service group and number of services being hosted by each svchost process. When you select a svchost.exe file from the list, it shows all the related services in bottom pane, letting you check the integrity of services. At the top of window, you will find information on selected service of a specified svchost file.

svchost details

For instance, if you select a DNS client service from the bottom pane, it will show details on the DNS Client at the top to help you better understand the functions of the service. Furthermore, it lets you identify typical (Microsoft services) and atypical services from the list; a green tick icon represents Windows service, whereas the warning sign represents an atypical service. Svchost Process Analyzer works on Windows XP, Windows Vista and Windows 7. Both 32-bit and 64-bit OS editions are supported.

Download Svchost Process Analyzer