svchost.exe

[Guest]

[Bracca]

Yeah spotted a svchost.exe on proces menu. Actually there are 6 of them. All different size. What caught my attention was that 2 of them are, according to the proces menu, web based and the rest are System based. How do i know which ones could be possible malware and which one(s) are needed? One of them is listening to the port 135, One was a active TCP Out connection from my ip adress to my ip adress. Weird.

Edit: Search function found 3 svchost.exe files. One in System32, one in $NTServicePackUninstall$ and the last one is in a suspicious looking folder, Windows\ServicePackFiles\i386.
OS is XP with Servicepack 3 installed in it.

[Arjunprasad]

I suggest you to determine what services are running under a SVCHOST.EXE process. For detailed information on how to determine what services are running under a SVCHOST.EXE process, please click on the link below and read them completely:

http://www.bleepingcomputer.com/tutorials/tutorial129.html

[hatevirus]

winamp is running under the svchost.exe.
low ram and low cpu in use.

[EricJH]

Or try svchost analyser: http://www.neuber.com/free/svchost-analyzer/ .

[Ronny]

Sysinternals Process Explorer can show you all you need to know:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

[Tags:]