"svchost.exe (LocalServiceAndNoImpersonation)" - Is this a virus/trojan?

networking virus trojan
20,348

Some malware often uses a process name of svchost.exe to disguise itself. The original system file svchost.exe is located in C:\Windows\System32. Are those services located somewhere else? If they do, then they are malware.

What is svchost.exe?

svchost.exe is a system process that hosts multiple Windows services or as Microsoft describes: "svchost.exe is a generic host process name for services that run from dynamic-link libraries".

Why are there multiple svchost.exes?

There are multiple instances of this service, because if every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows, thus they a separated.

You can analyze the services using a tool like Process Explorer and gain more information about their activity.

References: howtogeek

Share:
20,348

Related videos on Youtube

Stupid_Intern
Author by

Stupid_Intern

Updated on September 18, 2022

Comments

  • Stupid_Intern
    Stupid_Intern almost 2 years

    Looking at the screenshot you can find that there are two svchost.exe.

    One is svchost.exe (NetworkService) and other is svchost.exe (LocalServiceAndNoImpersonation)

    svchost.exe (LocalServiceAndNoImpersonation) is only active and uses the Network when firefox.exe is active.

    enter image description here

    • schroeder
      schroeder over 8 years
      Have you done any research on your own?
  • fixer1234
    fixer1234 over 8 years
    This is right if this particular case is not malware impersonating the legit service. Checking its location, as suggested by ner0x652, can't hurt.
  • Daniel Ruf
    Daniel Ruf over 8 years
    Sure, but I am sure this AppLocker process is legit ;-)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Protect website from Backdoor/PHP.C99Shell aka Trojan.Script.224490
Network Services disabled (not starting) on Windows XP
Router logs show constant unknown port mapping (forwarding)?
Task manager won't start after nasty virus
What precautions to take after a trojan Win32/Occamy.C infection
Trojan au_.exe - how to get rid of it
Why can I get a virus or trojan from visiting a website?
Did I just get hacked?
Download Virus/Malware Purposefully
Is it possible for a Java JAR file to damage your system and how can you check what it's doing?