SVCHOST.EXE is one of those mysterious processes that are constantly running on Windows and are badly needed, but you never know what exactly it does. So what exactly is SVCHOST.EXE? Identifying the real services and programs that run inside each SVCHOST.EXE process is a challenge to be aware of, especially when the process eats up 99 or 100 percent of your CPU!
So, before we dive into solutions, let’s get a deeper understanding of what this process actually does and how you can address some of the problems that may arise. First, svchost means “service host” and it does exactly what the name suggests: it helps “host” services. A service in Windows is simply a program in the operating system that does some work and runs in the background all the time when your computer is on, even if you are not logged in.
Most of the programs you are familiar with run as stand-alone executables, such as .EXE. However, most services are implemented as DLLs that cannot run on their own. Hence, svchost loads these DLLs and runs them on its own. This is why when you open the Windows Task Manager, you will see that many svchost.exe processes are running. If you need more information on Task Manager, check out my articles on Task Manager.
You will notice that there are currently eight svchost processes running on my computer, all of which use a different amount of memory and run under different usernames. So let’s say one of them is running at an extremely high CPU utilization of 100 percent. How can we determine which application is actually running?
There are actually two ways to do this: do it all manually using the command line and the Services tool, or using a third-party application. I’ll mention both here in case one doesn’t work for you.
Check for viruses first
Before we dive into the details below, it’s worth noting that in some cases svchost.exe is actually a virus. Since it is a system process, attackers prefer to use the name svchost to remain hidden. If the file is in Windows / system32 it is most likely not a virus, however I always recommend running a scan just in case.
If you don’t already have an antivirus program, I recommend using Kaspersky or Bitdefender as they consistently rank high in the AV-Test and AV-Comparatives ratings. They’re not free, but most free antivirus programs end up bundling up unwanted software or redirecting your browser to their “safe” search solution, which is completely insecure and just tracks you and shows you more ads.
Fixing Svchost.exe Processes Via Command Prompt (Hard Way)
1. First click “Start”, then “Run”, type CMD and click “OK”. In Windows 8.1, right-click the Start button and select Run.
2. Type the following into the command window and press Enter.
task list / svc / fi “Imagename eq svchost.exe
You should get the result as shown below with the name, PID and description of the service
You will now see each svchost process along with its unique identification number and the services it is responsible for. However, these names are still very cryptic and are shorthand names. To get more useful information about the process, we can use the services browser in Windows.
3. Right-click My Computer and select Manage. On the screen that appears, select “Computer Management” and then select “Services and Applications”. Finally, select “Services”.
4. Now try to match the cryptic Windows service name to the easily readable names in the Services tab. This is a little bit and may take a while, because if you take a process with ID 1436 and its name WudfSvc, you will have to try to find it in the list. If you double-click one of the service names, you will also see their cryptic name so you can match them up. In my case, I assumed that the letter W means that the process starts from “Windows” and opened them until I saw a match.
As you can see, the Windows Driver Foundation service is actually called wudfsvc for short!
Define Svchost.exe processes via Process Explorer (easy way)
If you find it too difficult, there is a much easier way! Check out Microsoft’s Process Explorer tool (originally from SysInternals). The tool is completely free and provides detailed information on each process currently running.
Once downloaded, just run the exe file as it doesn’t need to be installed. Hover your mouse over the svchost process and you will see a popup showing what services are running under that process. The nice thing about Process Explorer is that it gives you a friendly name for each process instead of a short name.
Windows 8 Task Manager
One last thing I wanted to mention is the fact that Windows 8 Task Manager basically makes using the Command Prompt or Process Explorer completely obsolete. Open Task Manager by pressing CTRL + SHIFT + ESC and scroll down the Processes tab to the location where it says Windows Processes.
Here you will see each svchost.exe process listed as a service host: with the type of account under which it runs (local system, network service, etc.). There will also be a number next to it, and if you expand the item by clicking the arrow, you will also see all the services running under that particular process.
SVCHOST high CPU usage fix
Now that you’ve figured out which process is consuming your entire CPU, we can figure out how to fix it. If you find it is not a Windows process like Windows Update or Windows Firewall etc., just end the process and uninstall the program.
However, in most cases, this issue is related to the Windows process. The best solution in this case is to install all the latest updates from the Microsoft website. If you can’t do this in Windows normally, try restarting your computer in Safe Mode and try again.
Also, if you can go to the Services tab as we did above, right-click the service and select Disable. Don’t worry, even if it’s Windows Update or firewall, you can turn it back on later. Then restart your computer, go to the Microsoft website and manually download the updates. Re-enable the service and restart your computer again and hopefully everything works!
To disable a service in Windows, right-click it in the Services tab and select Properties.
Then select Disabled from the Startup Type combo box located in the middle of the dialog:
I went through this process a couple of times and it worked for me. So again, first disable the service, then restart your computer, then install updates manually, then enable the service again, and then restart your computer again. If that doesn’t work, then you need to perform a repair installation of Windows. Search Google for recovery and follow the instructions. If you are using Windows 8, you can update your computer. If you have any questions, please leave a comment. Enjoy!