1. While in Task Manager and on the Process tab, go to View->Select Columns...
2. Check the box for PID (Process Identifier), then click OK
3. You'll now see a PID column. Find the PID for the svchost.exe process that you want to check on
4. Open up a command prompt window (Go to Start->Run, type cmd, then press OK)
5. Within the command prompt, type tasklist /svc, then press Enter
6. You'll see a list of process on the left, along with their corresponding PID's. Find the match to your PID from step #3. On the right you can see the "Services" column, which tells you what that specific instance of svchost.exe is actually running.
You'll probably have multiple instances of svchost.exe running, and that's normal. It's also the reason why you need to pay attention to the PID in order to make sure you examine the correct instance of svchost. If something looks suspect and you believe you may be infected with a virus or some type of spyware or adware, check out my other posts with links to free software that can help you remove those problems. You can also go back into Task Manager and kill a svchost.exe process that is running unnecessary programs, but if it is some type of virus or spyware, it will most likely be prepared for that and just restart itself as quickly as you killed it.
You can use tasklist for many thing. Another would be to check to see what process is using which port(s) on the computer. If you're interested, check out my other post.
1 comment:
Screen shots would make this perfect! But other than that great post I've been wondering how you can track down an svchost.
Post a Comment