How to Tell if Svchost Is Real or a Trojan

By Thomas King

Svchost.exe is a process belonging to Microsoft. More specifically, svchost.exe is a host process that helps administer dynamic link libraries. The process is essential to the proper functioning of the Windows operating system and thus should not be removed. Several malicious programs, including worms and trojans, install a process named svchost.exe. To determine whether the svchost.exe process on your computer belongs to Microsoft or a Trojan, you will need to view the process details in the Windows Task Manager.

Step 1

Press "Ctrl," "Shift" and "Escape" to open the Task Manager.

Step 2

Click the "Processes" tab of the Task Manager.

Step 3

Click "Show Processes From All Users" and "Image Name." A list of all the processes running on your computer appears under the Image Name heading in alphabetical order.

Step 4

Right-click on "svchost.exe" and select "Properties."

Step 5

Click the "Details" tab. Next to Copyright, it should state "Microsoft Corporation." If it does not, the svchost.exe process in question likely belongs to a Trojan.