Windows – Suspicious Svchost

svchostwindows

I find many instances connected through as many as 7 ports in my system when I opened TCPView (Sysinternals). Could it be because of a malware? How to find it out without Antivirus tools.

Best Answer

Don't Panic! (yet) Svchost can have multiple instances.

At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.

You could read up some more at the HowToGeek page,
Svchost Viewer Shows Exactly What Each svchost.exe Instance is Doing

Best Answer

Related Solutions

Windows – How to Restrict Programs from Accessing the Internet

Windows – SvcHost is taking 100% of CPU. It appears to be either DcomLaunch or TermService – virus

Related Question