diet virus svchost exe bang tay

Bước 3: Xem dung lượng mà các svchost.exe đang chiếm. Thông qua cột Memory và CPU, bạn có thể xem các svchost.exe đang chiếm bao nhiêu dung lượng bộ nhớ và CPU. Bước 4: Vô hiệu từng tiến trình bên trong một svchost.exe. Bước này giúp các bạn không vô hiệu hóa nhầm các svchost.exe quan trọng nhé! Ví dụ,bạn quan sát thấy 1 file virus .exe tự chạy là Code: c:\windows\system32\hkcmd.exe Hãy vào cmd chạy lệnh attrib để xoá hết các thuộc tính ẩn,hệ thống,lưu trữ, của file này = cách chạy lệnh Code: attrib -r -a -s -h c:\windows\system32\hkcmd.exe r là read only a là atrtributes s là system Một số virus thường "Núp bóng" dưới file hệ thống svchost.exe để chiếm quyền điều khiển máy tính. Svchost.exe là một tập tin thực thi nhỏ nằm trong thư mục System32 của Windows, nó đóng vai trò quan trọng trong việc giữ hệ thống và các dịch vụ chạy trên nền Windows được ổn định. Bạn có Cashberry Lừa Đảo. Ngày đăng 02/07/2014, 1900 Thủ thuật tìm và diệt virus máy tính bằng tay Phần 1 Khi virus hoạt động chia làm 2 trường phái,một là âm thầm chạy, không bộc lộ ra một triệu chứng hay dấu vết nào mang tính đánh cắp thông tin, loại khác là chạy cực kì sung sức, thực hiện nhiều hành động phá hoại công khai, chiếm nhiều tài nguyên của bộ xử lý mang tính phá hoại. Phần 1 Phòng và tìm virut Khi virus hoạt động chia làm 2 trường phái,một là âm thầm chạy, không bộc lộ ra một triệu chứng hay dấu vết nào mang tính đánh cắp thông tin, loại khác là chạy cực kì sung sức, thực hiện nhiều hành động phá hoại công khai, chiếm nhiều tài nguyên của bộ xử lý mang tính phá hoại. Có khi bạn mở Task manager ra thấy "CPU usage" luôn ở mức trên 90% trong khi máy đang không hoạt động gì cả, chạy cực kì chậm. Lý do là vì virus đã giả dạng là một ứng dụng hệ thống của hệ điều hành windows ví dụ như là thì nó giả là svchoost,svhost, thì nó giả là - một loại back door và lén chạy nền. Lúc này, bạn cần phải ra tay tiêu diệt lũ chuột bọ đang hoành hành phá hoại. Các công cụ cần thiết để tiến hành công việc, đã có sẵn trong Windows, chỉ cần vào start - run - gõ tên ứng dụng đó 1. msconfig //Công cụ quản lý các dịch vụ,driver,ứng dụng tự khởi động 2. cmd //Môi trường điều khiển máy tính = chế độ dòng lệnh 3. regedit //Công cụ chỉnh sửa registry - một cơ sở dữ liệu các cấu hình,thông số của windows 4. notepad //Trình soạn thảo 5. //Quản lý các thông số,cấu hình dc thiết lập trong Windows 6. taskmgr //Task manager,công cụ quản lý các tiến trinh đang hoạt động Phòng "sâu bệnh" Tất nhiên phương pháp đơn giản nhất mà ai cũng biết đó là cài đặt các chương trình antivirus như là Norton,McAfee,BKAV, và để ở chế độ tự bảo vệ auto protect. Nhưng ở đây chúng ta phòng bằng tay nên sẽ tập trung vào những kĩ năng, kinh nghiệm cần có để cảnh giác và đề phòng. Nguyên tắc để lây nhiễm của virus là tự nhân bản và sao chép chính nó thông qua các phương tiện lưu trữ như đĩa cứng,flash USB,đĩa mềm Và thông thường chúng sẽ được tự nạp vào hệ điều hành mỗi khi khởi động xong. Như vậy, để phòng ngừa thì các bạn cần ngăn cản không cho virus xâm nhập vào, bằng cách tăng cường cảnh giác - Không nên double click chuột để mở một thiết bị lưu trữ nào đó trong windows explorer,nhất là đối với flash USB virus hay lây lan qua đường này nhất,mà các bạn nên click phải chuột,chọn "explore" từ menu ngữ cảnh, hoặc truy nhập vào từ thanh Address trên toolbar nhấn phím F4. Bởi vì khi bạn double click để mở 1 thiết bị lưu trữ,windows sẽ gọi ứng dụng được khai báo trong file dòng OPEN= , và nếu ứng dụng này là virus thì như vậy virus đã được kích hoạt chạy,nó sẽ tự động sao chép chính nó vào ổ cứng của bạn thường nằm trong thư mục Root\windows\system32\ hoặc một "chốn xó xỉnh" nào đó mà người dùng ít để ý, để có thể tiếp tục hoạt động lâu dài và kín đáo về sau. - Không nên tùy tiện click vào những đường dẫn đến các website lạ, chấp nhận và chạy các script lạ khi duyệt web hoặc đọc các email, download và sử dụng những screen saver .scr hay các ựng dụng .exe, .com, .bat lạ - Cảnh giác với các crack, patch,loader,tools, được download về từ internet hay copy từ đâu nhất là mỗi khi thử bạn nên chạy trên account Guest của Windows,khi đó do bị hệ điều hành giới hạn một số chức năng và quyên hạn nên virus sẽ không thực hiện được một số thao tác phá hoại nếu có,hoặc nếu có thể - cài đặt riêng cả 1 hệ điều hành để vọc thì hay quá Tất nhiên là dù 1 bro có giỏi đến đâu đi nữa thì cũng không thể chỉ dùng mắt mà quản lý và ngăn chặn được hết tất cả virus xâm nhập vào PC, bạn cũng nên kết hợp sử dụng một soft antivirus nào đó cảm thấy tâm đắc. Và người ta hay nói đối với virus cả virus sinh học và virus tin học thì phòng bệnh vẫn hơn chữa bệnh, ngăn cản không cho virus xâm nhập vào sẽ an toàn hơn là để nó vào rồi mới tìm cách xử lý. Bởi vì virus có rất nhiều loại, thiên biến vạn hóa khôn lường, rất khó để có thể tiêu diệt một cách hoàn toàn 100%,mà chủ yếu là ta chỉ cách ly chúng nếu như bạn đã cảnh giác cao độ nhưng vẫn "dính chàm" thì đành phải tìm cách diệt chúng vậy. Tìm và diệt Diệt virus chẳng qua là tìm xem virus nằm ở đâu để cách ly ra hoặc là xóa hẳn chúng, thông thường việc này sẽ được làm tự động thông qua một soft antivirus nhưng lẽ thường tình là máy tính vẫn không thể thông minh hơn con người, chúng chỉ giỏi ứng dụng, làm việc nhanh, chính xác cứ không thể biết nghiên cứu, suy luận và tư duy sáng tạo - Những đặc điểm mà chỉ con người mới có thông qua quá trình lao động và làm việc. Virus thường là những file có thể thực thi .exe,.com,.scr hoặc là những file dữ liệu bị nhúng "mã độc",như ở các file office của Windows hay bị nhúng những macro mang tính phá hoại, cả định dạng trình diễn .swf shockwave flash của Macromedia dạo gần đây cũng bị lợi dụng để phán tán virus, sau đó virus sẽ được bí mật tự động sao chép vào một chốn "xó xỉnh" nào đó, như là -\Windows\system32\ -\Windows\inf\ -\Windows\system32\drivers\ Và thường được ngụy trang rất kín đáo. Sau đây là một số cách ngụy trang phổ biến của virus -Giả làm folder là file thực thi .exe nhưng bề ngoài mang thuộc tính icon là folder thế là bạn tò mò mở xem "ủa thư mục nào lạ thế nhỉ?" -Giả làm file tài liệu virus có thể "dụ khị" bằng cách đặt tên file có 2 đuôi,ví dụ như là với icon là của file text,nhìn vào bạn sẽ lầm tưởng là file text vô hại và tò mò mở ra xem thế là "dính chưởng". -Giả làm các ứng dụng hệ thống trong windows như msconfig,task manager với các tên file thực thi gần giống,ví dụ như thật -> giả, thật -> giả Các bạn nên thường xuyên vào những khu vực này để kiểm tra. Nếu phát hiện có những ứng dụng lạ nào vừa được thêm vào mà mình không hề biết nó về thuộc chương trình nào thì hết 99% có thể là virus. . chặn được hết tất cả virus xâm nhập vào PC, bạn cũng nên kết hợp sử dụng một soft antivirus nào đó cảm thấy tâm đắc. Và người ta hay nói đối với virus cả virus sinh học và virus tin học thì phòng. Thủ thu t tìm và diệt virus máy tính bằng tay Phần 1 Khi virus hoạt động chia làm 2 trường phái,một là âm thầm chạy, không bộc. vậy. Tìm và diệt Diệt virus chẳng qua là tìm xem virus nằm ở đâu để cách ly ra hoặc là xóa hẳn chúng, thông thường việc này sẽ được làm tự động thông qua một soft antivirus nhưng lẽ thường tình - Xem thêm -Xem thêm Thu thuat tim va diet virus bang tay, What is is the name of a Trojan horse, that has been created mainly to get inside your computer system and begin performing a wide range of malicious activities without your permission. The main objective of this virus is to run different virus processes, which may result in stealing your files, copying your passwords, mining for crypto and others. Read this article to learn more about and what you can do to uninstall it from your computer system. On this pageWhat is Trojan – How Did I Get It? Virus – What Does It Do? – How Dangerous Is It?Remove Virus from Your Computer Summary Name Type Trojan Horse Brief Description Aims to perform mining activities for BitCoin and spyware activities as well . Symptoms Your computer could become very slow and even freeze from time to time. Distribution Technique Bundled downloads. Web pages which may promote it. Detection Tool See if the System is impacted by Down Load Malware Removal Tool User Experience Join Our Forum to go over Trojan – How Did I Get It? is a malicious process that may be similar to other viruses, such as the recently spotted SharkBot and could have gotten in your computer using malicious files, attached to e-mails. The main problem with it is it could pretend to be a legitimate document that may run the following infection activities when executed Virus – What Does It Do? is likely a process that may be related to a Bitcoin Miner virus. Upon infection it may be located in the following Windows directories %Local% %AppData% %Temp% %Windows% may also attack the Windows Registry Editor, adding registry values in the Run and RunOnce sub-keys, alowing it to automatically start upon Windows boot HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce – How Dangerous Is It? is likely a Trojan type of infection, which means it may be responsible for the folowing virus activities on your computer Download other viruses. Update its miners, control them. Take screenshots. Steal files. Log the keystrokes you type. Obtain data from your PC. Control your microphone and audio. Keep reading this article to find out more about and what actions you can take to fully erase it. Remove Virus from Your Computer To remove we would strongly suggest following the instructions in the manual below. They are created in order to best help you delete this threat either yourself or automatically using a professional anti-malware software. It is strongly recommended to focus on the automatic removal option as such a security software will thoroughly scan your computer for any malware and remove it effectively. Ventsislav KrastevVentsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and Posts - Website Follow Me Preparation before removing Before starting the actual removal process, we recommend that you do the following preparation steps. Make sure you have these instructions always open and in front of your eyes. Do a backup of all of your files, even if they could be damaged. You should back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats. Be patient as this could take a while. Step 1 Boot Your PC In Safe Mode to isolate and remove 1. Hold Windows key  + R 2. The "Run" Window will appear. In it, type "msconfig" and click OK. 3. Go to the "Boot" tab. There select "Safe Boot" and then click "Apply" and "OK". Tip Make sure to reverse those changes by unticking Safe Boot after that, because your system will always boot in Safe Boot from now on. 4. When prompted, click on "Restart" to go into Safe Mode. 5. You can recognize Safe Mode by the words written on the corners of your screen. Step 2 Clean any registries, created by on your computer. The usually targeted registries of Windows machines are the following HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce You can access them by opening the Windows registry editor and deleting any values, created by there. This can happen by following the steps underneath 1. Open the Run Window again, type "regedit" and click OK. 2. When you open it, you can freely navigate to the Run and RunOnce keys, whose locations are shown above. 3. You can remove the value of the virus by right-clicking on it and removing it. Tip To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value. Step 3 Find virus files created by on your PC. Tab titleTab title For Newer Windows Operating Systems 1 On your keyboard press  + R and write in the Run text box and then click on the Ok button. < 2 Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it. 3 Navigate to the search box in the top-right of your PC's screen and type “fileextension” and after which type the file extension. If you are looking for malicious executables, an example may be "fileextensionexe". After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found We recommend to wait for the green loading bar in the navigation box to fill up in case the PC is looking for the file and hasn't found it yet. For Older Windows Operating Systems In older Windows OS's the conventional approach should be the effective one 1 Click on the Start Menu icon usually on your bottom-left and then choose the Search preference. 2 After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders. 3 After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it. Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software. IMPORTANT! Before starting "Step 4", please boot back into Normal mode, in case you are currently in Safe Mode. This will enable you to install and use SpyHunter 5 successfully. Step 4 Scan for with SpyHunter Anti-Malware Tool 1. Click on the "Download" button to proceed to SpyHunter's download page. It is recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter. Click on the corresponding links to check SpyHunter's EULA, Privacy Policy and Threat Assessment Criteria. 2. After you have installed SpyHunter, wait for it to update automatically. 3. After the update process has finished, click on the 'Malware/PC Scan' tab. A new window will appear. Click on 'Start Scan'. 4. After SpyHunter has finished scanning your PC for any files of the associated threat and found them, you can try to get them removed automatically and permanently by clicking on the 'Next' button. If any threats have been removed, it is highly recommended to restart your PC. FAQ What Does Trojan Do? The Trojan is a malicious computer program designed to disrupt, damage, or gain unauthorized access to a computer system. It can be used to steal sensitive data, gain control over a system, or launch other malicious activities. What Damage Can Trojan Cause? The Trojan is a malicious type of malware that can cause significant damage to computers, networks and data. It can be used to steal information, take control of systems, and spread other malicious viruses and malware. Is Trojan a Harmful Virus? Yes, it is. A Trojan is a type of malicious software that is used to gain unauthorized access to a person's device or system. It can damage files, delete data, and even steal confidential information. Can Trojans, Like Steal Passwords? Yes, Trojans, like can steal passwords. These malicious programs are designed to gain access to a user's computer, spy on victims and steal sensitive information such as banking details and passwords. Can Trojan Hide Itself? Yes, it can. A Trojan can use various techniques to mask itself, including rootkits, encryption, and obfuscation, to hide from security scanners and evade Can a Trojan Virus be Removed by Factory Reset? Yes, a Trojan Virus can be removed by factory resetting your device. This is because it will restore the device to its original state, eliminating any malicious software that may have been installed. Can Trojan Infect WiFi? Yes, it is possible for a Trojan to infect WiFi networks. When a user connects to the infected network, the Trojan can spread to other connected devices and can access sensitive information on the network. Can Trojans Be Deleted? Yes, Trojans can be deleted. This is typically done by running a powerful anti-virus or anti-malware program that is designed to detect and remove malicious files. In some cases, manual deletion of the Trojan may also be necessary. Are Trojans Hard to Remove? Yes, Trojans can be very hard to remove as they often disguise themselves as legitimate programs, making them difficult to detect and extremely tricky to remove. Can Trojans Steal Files? Yes, Trojans can steal files if they are installed on a computer. This is done by allowing the malware author or user to gain access to the computer and then steal the files stored on it. Which Anti-Malware Can Remove Trojans? Anti-malware programs such as SpyHunter are capable of scanning for and removing Trojans from your computer. It is important to keep your anti-malware up to date and regularly scan your system for any malicious software. Can Trojans Infect USB? Yes, Trojans can infect USB devices. USB Trojans typically spread through malicious files downloaded from the internet or shared via email, allowing the hacker to gain access to a user's confidential data. About the Research The content we publish on this how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific trojan problem. How did we conduct the research on Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of trojans backdoor, downloader, infostealer, ransom, etc. Furthermore, the research behind the threat is backed with VirusTotal. To better understand the threat posed by trojans, please refer to the following articles which provide knowledgeable details. References 1. Trojan Horse – What Is It? 2. Trojanized AnyDesk App Delivered through Fake Google Ads 3. Hackers Continue to Use Malicious Excel Macros to Deliver Banking Trojans 4. Ficker Infostealer Uses Fake Spotify Ads to Propagate 5. Jupyter Infostealer Malware Targets Chrome and Firefox Browser Data What to Know Service Host is a legitimate system process used in the Windows safe if it's stored here %SystemRoot%\System32\ or %SystemRoot%\SysWOW64\.You can delete if you find it anywhere else. This article explains what is, how to know if it's safe, and what to do if you find a virus. What Is The Service Host file is a critical system process provided by Microsoft in Windows operating systems. Under normal circumstances, this file isn't a virus but a crucial component in many Windows services. The purpose for is to, as the name would imply, host services. Windows uses it to group services that need access to the same DLLs to run in one process, helping to reduce their demand for system resources. Because Windows uses the Service Host process for so many tasks, it's common to see increased RAM usage of in Task Manager. You'll also see many instances of running in Task Manager because Windows groups similar services together, such as network-related services. Given that this is such a critical component, you shouldn't delete it or quarantine it unless you've verified that the specific file you're dealing with is unnecessary or malicious. There can be only two folders where the real version is stored, making it easy to spot a fake. Processes Windows 11. Which Software Use The process starts when Windows starts, and then checks the HKLM hive of the registry under SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost for services it should load into memory. can be seen running in Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, and Windows 2000. Beginning with Windows 10 Creator Update version 1703, for systems running more than GB of RAM, every service runs an instance of svchost. If less than GB of RAM is available, services are grouped into shared processes just like in previous versions of Windows. A few examples of Windows services that use include Windows Update Background Tasks Infrastructure Service Plug and Play World Wide Web Publishing Service Bluetooth Support Service Windows Firewall Task Scheduler DHCP Client Windows Audio Superfetch Network Connections Remote Procedure Call RPC Is a Virus? Not usually, but it doesn’t hurt to check, especially if you have no idea why is taking up all the memory on your computer. The first step in identifying whether is a virus is determining which services each instance is hosting. Since you probably have multiple instances running in Task Manager, you have to dive a little deeper to see what each process is doing before deciding whether to delete the svchost process or disable the service running inside. Once you know what services are running within you can see if they’re real and necessary or if malware is pretending to be If you have Windows 11, 10, or 8, you can “open” each file from Task Manager. Open Task Manager. Select the Processes tab. Scroll down to the Windows processes section and locate a Service Host entry. Tap-and-hold or right-click the entry and select Open file location. If the location that opens is anything other than either of the following paths, which are where Windows stores authentic copies of you might have a virus %SystemRoot%\System32\ in System32 folder Windows 11. The second path is where 32-bit services running on a 64-bit machine are located. Not all computers have that folder. Back in Task Manager, select the arrow to the left of the entry to expand it. Located directly under the instance is every service it’s hosting. For other versions of Windows like Windows 7, you can also use Task Manager to see all the services used by but it isn’t as clearly laid out as it is in newer versions. Do that by right-clicking a instance in the Processes tab, choosing Go to Services, and then reading through the list of highlighted services in the Services tab. Another option is to use the tasklist command in Command Prompt to product a list of all the services used by all the instances. To do that, open Command Prompt and enter the following command tasklist /svc find “ Another option you have here is to use a redirection operator to export the results of the command to a text file, which might be easier to read. If you don’t identify something on the list, it doesn’t necessarily mean you have a virus. It could just be a service you don’t recognize but is vital to the essential operations of Windows. There are probably dozens of “virus-looking” services that are entirely safe. If you’re hesitant about anything you see, search online. You can do that in newer versions of Windows through Task Manager right-click the service and select Search online. For Windows 7, Vista, or XP, note the service in Command Prompt and type it into Google. To shut down a service running in see the two sets of instructions at the bottom of this page. Why Is Using So Much Memory? Like any process, this one requires memory and CPU power to run. It’s normal to see the increased memory usage of mainly when one of the services using Service Host is being used. A big reason for to use lots of memory and even bandwidth is if something is accessing the internet, in which case “ netsvcs” might be running. It could happen if Windows Update is working to download and install patches and other updates. Other services that are used under netsvcs include BITS Background Intelligent Transfer Service, Schedule Task Scheduler, Themes, and iphlpsvc IP Helper. One way to stop the svchost process from sucking away so much memory or some other system resource is to stop the services that are to blame. For example, if Service Host slows down your computer because of Windows Update, stop downloading/installing updates or disable the service entirely. Or maybe Disk Defragmenter is defragmenting your hard drive, in which case Service Host will use more memory for that task. However, it shouldn’t, under everyday situations, be hogging all the system memory. If uses upwards of 90–100 percent of the RAM, you might be dealing with a malicious, non-genuine copy of If you think that’s what’s happening, keep reading to learn how to delete viruses. How to Shut Down an Service What most people probably want to do with the svchost process is delete or disable a service running inside because it's using too much memory. However, even if you're going to delete because it's a virus, follow these instructions anyway because it'll be helpful for the service to be disabled before trying to delete it. For Windows 7 and older versions of Windows, it’s easier to use Process Explorer. Right-click the file and choose Kill Process. Open Task Manager. Identify the service you want to disable. To do this in Windows 11, 10, or 8, expand the Service Host entry. Right-click the Task Manager entry for the service you want to shut down, and choose Stop. Windows will immediately stop that service. Any system resources it was using will be freed for other services and applications. If you don’t see the option to stop the service, make sure you’re selecting the service itself and not the “Service Host” line. If the service won’t stop because the program is running, exit it. If you can’t, you might be left having to uninstall the software. You can verify that it’s been shut down, or permanently disable it, by locating the same service in the Services program search for from the Start menu. To stop it from running again, double-click the service from the list and change the startup type to Disabled. How to Remove an Virus You can't delete the actual file from your computer because it's too integral and essential of a process, but you can remove fake ones. If you have a file that's anywhere, but in the \System32\ or \SysWOW64\ folder mentioned earlier, it's 100 percent safe to delete. For example, if your downloads folder contains a Service Host file, or there's one on your desktop or a flash drive, it's evident that Windows isn't using it for important service hosting purposes, in which case you can remove it. However, viruses are probably not as easy to delete as regular files. Follow these steps to remove the virus Right-click the process in Task Manager and select Open file location. We won’t do anything with that window just yet, so keep it open. Remember that if the folder that opens is one of the System folders mentioned above, your file is clean and should not be deleted. However, take special care to read the file name; if it’s spelled even one letter off of you’re not dealing with the legitimate file used by Windows. Right-click the same process and choose End task. If that doesn’t work, open Process Explorer and right-click the file, and then select Kill Process to shut it down. If there are services nested in the file, open them in Task Manager like explained above, and stop each of them. Open the folder from Step 1 and try deleting the file like you would any other file, by right-clicking it and choosing Delete. If you can’t, install LockHunter and tell it to delete the file on the next reboot this will delete the locked file, something you can't normally do in Windows. Install Malwarebytes or some other spyware removal tool, and perform a full system scan to delete the svchost process. Reboot your computer if something was found. If the virus won’t let you install a program on your computer, download a portable virus scanner to a flash drive and scan from there. Use a full antivirus program to scan for viruses. It’s a great idea to have one of these always-on virus scanners anyway, even if a different virus scanner was able to delete the file. Use a free bootable antivirus program to scan your computer before Windows starts up. These are helpful when the other scanners fail because the virus can’t run unless Windows is running, and a bootable AV tool runs outside of Windows. FAQ How many instances of svchost should be running? Any number of svchost may be running at any time because several different services are all based on the same system file. Check the name in the Processes tab in Task Manager to make sure it is valid and not malware. What happens if I delete If you delete a legitimate Microsoft Windows executable file, your computer may stop working properly. Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe

diet virus svchost exe bang tay