"svchost.exe (LocalServiceAndNoImpersonation)" - Is this a virus/trojan?
Some malware often uses a process name of svchost.exe
to disguise itself. The original system file svchost.exe
is located in C:\Windows\System32
. Are those services located somewhere else? If they do, then they are malware.
What is svchost.exe?
svchost.exe
is a system process that hosts multiple Windows services or as Microsoft describes: "svchost.exe is a generic host process name for services that run from dynamic-link libraries".
Why are there multiple svchost.exes?
There are multiple instances of this service, because if every single service ran under a single svchost.exe
instance, a failure in one might bring down all of Windows, thus they a separated.
You can analyze the services using a tool like Process Explorer and gain more information about their activity.
References: howtogeek
Related videos on Youtube
Stupid_Intern
Updated on September 18, 2022Comments
-
Stupid_Intern almost 2 years
Looking at the screenshot you can find that there are two
svchost.exe
.One is
svchost.exe (NetworkService)
and other issvchost.exe (LocalServiceAndNoImpersonation)
svchost.exe (LocalServiceAndNoImpersonation)
is only active and uses the Network whenfirefox.exe
is active.-
schroeder over 8 yearsHave you done any research on your own?
-
-
fixer1234 over 8 yearsThis is right if this particular case is not malware impersonating the legit service. Checking its location, as suggested by ner0x652, can't hurt.
-
Daniel Ruf over 8 yearsSure, but I am sure this AppLocker process is legit ;-)