What's a 'svchost.exe'??

The fact that 'svchost' rhymes with 'ghost!' worries me(I'm worried that it's a virus )especially when there are usually four of them running at any particular time :o

This is what I see when I press alt+ctrl+del (I'm using XP):

Windows Task Manager:
Image name | User Name | CPU | Memery Usage
-----------------------------------------------------------------
Svchost.exe | System | 00 | 3,340 K
Svchost.exe | System | 00 | 22,268 K
Svchost.exe | Network Service | 00 | 2,180 K
Svchost.exe | Local Service | 00 | 3,688 K



Is it safe to have svchost running in the background?
Can it be a virus or a spyware??

Apple, Here's a explanation that may clear things up for you.


Description of Svchost.exe in Windows XP

SUMMARY
This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).

MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging.

Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\Svchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Service

To view the list of services that are running in Svchost:
Click Start on the Windows taskbar, and then click Run.
In the Open box, type CMD, and then press ENTER.
Type Tasklist /SVC, and then press ENTER.
Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For further information about a process, type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotation marks)

The following example of Tasklist output shows two instances of Svchost.exe that are running. Image Name PID Services
================================================== ======================
System Process 0 N/A
System 8 N/A
Smss.exe 132 N/A
Csrss.exe 160 N/A
Winlogon.exe 180 N/A
Services.exe 208 AppMgmt,Browser,Dhcp,Dmserver,Dnscache,
Eventlog,LanmanServer,LanmanWorkstation,
LmHosts,Messenger,PlugPlay,ProtectedStorage,
Seclogon,TrkWks,W32Time,Wmi
Lsass.exe 220 Netlogon,PolicyAgent,SamSs
Svchost.exe 404 RpcSs
Spoolsv.exe 452 Spooler
Cisvc.exe 544 Cisvc
Svchost.exe 556 EventSystem,Netman,NtmsSvc,RasMan,
SENS,TapiSrv
Regsvc.exe 580 RemoteRegistry
Mstask.exe 596 Schedule
Snmp.exe 660 SNMP
Winmgmt.exe 728 WinMgmt
Explorer.exe 812 N/A
Cmd.exe 1300 N/A
Tasklist.exe 1144 N/A



This is an application and not virus or spyware.
Good luck, Tom

Wohhhh?. thats..?


Anyway.. I tried what you suggested... but when I got to typing in :
Tasklist /FI "PID eq processID"
I get a:
ERROR: the search filter cannot be recognised.

Oh... well... this stuff is too much for me anyway...

If you say it is not a spyware or virus... I guess there's no need for worry...

Thanks for your very detailed help
(wow you must be a pro!)