Svchost Process Analyzer is a quick and easy freeware product that inspects your Svchost.exe process. The Svchost.exe process, which is visible in Windows Task Manager, is often misused by spyware or network worms in order to conceal their activities. Svchost Process Analyzer recognizes these suspicious processes, which hide within an Svchost instance. An example is the infamous Configer (or Conficker) worm. The genuine Svchost.exe is an important system process that is shipped with Windows 8, 7, Vista, XP and is located in the C:\Windows\System32 folder. When a Windows computer boots, Svchost.exe executes dynamic link libraries (DLLs) found in the Windows Registry as services. There can be several instances of Svchost.exe running at the same time. The process description is "Generic Host Process for Win32 Services." This means that other services use Svchost to run their own executables as Svchost instances. Trojans and other sorts of malware slip into the Svchost process and work through it. Since Svchost is an important Windows process, even malicious Svchost activities are often not blocked by currently available security software and firewalls.
Svchost Process Analyzer also detects trojan horses, worms or other malware with slightly altered names, such as svhost.exe, scvhost.exe or _svchost.exe.
Windows Server 2008