Find out what started a process using "services.exe"
9,106
Run procexp. It will show a nice fork tree depicting parent processes. You can also right-click on the header and add the "command line" column to see the arguments.
Related videos on Youtube
![How to Fix svchost.exe High CPU Usage in Windows 10[Solved]](https://i.ytimg.com/vi/nFhxBH8HQYI/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBnzXmotNcGCq7A5BCvV9nnvKGyiQ)
03 : 45
How to Fix svchost.exe High CPU Usage in Windows 10[Solved]
06 : 12
How to find out what services are causing svchost.exe to have High CPU usage
02 : 19
how to Kill Processes from Command Prompt
03 : 53
What Is Client Server Runtime Process (csrss.exe), and Why Is It Running On My PC?
16 : 42
How To Fix 100% Disk Usage in Windows 10
Author by
Vaccano
I am an IT Software Architect from Salt Lake City, Utah.
Updated on September 18, 2022Comments
-
Vaccano over 1 year
Say I have a process called "EvilMalware.exe" that keeps getting restarted (i.e. I kill it and it is restarted after a few seconds).
I looked up the process that starts it and it is
C:\Windows\System32\services.exe.This seems to be a legit windows process for starting stuff.
So how can I figure out what is telling services.exe to keep restarting "EvilMalware.exe"?
-
Synetech about 11 yearsHow did you determine that it was
services.exethat was running the file? Are you sure it was the real copy ofservices.exe? Sometimes malware puts legitimate-looking files in legitimate-looking places (for example, the NACHI worm makes a file calledsvchost.exein\Windows\System32\WINSwhich looks normal enough, but of course is not (the real file is inSystem32, notSystem32\WINS).
-
-
Vaccano over 11 yearsIt is not a traditional malware product. But it is acting like it. That is why I am asking this question rather than running a malware scan.
-
Synetech about 11 yearsBut
services.exehas no hosted services, so it won’t help.
