Wednesday, March 17, 2010

Managing processes ,saving memory usage and solving SVCHOST.EXE problem

Your system getting slow as soon as you boot your PC.

Have you ever seen the number of processes running in your PC.If at all seen ,have you ever wondered there are many processes running with name "SVCHOST.EXE".

What the hell is this process all about and why are so many instances of a single processes running on your PC.

So What Is It?

According to Microsoft: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”.

Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for reusability… but the problem is that you can’t launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.

Why Are There So Many svchost.exes Running?

If you’ve ever taken a look at the Services section in control panel you might notice that there are a Lot of services required by Windows. If every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows… so they are separated out.

Those services are organized into logical groups, and then a single svchost.exe instance is created for each group. For instance, one svchost.exe instance runs the 3 services related to the firewall. Another svchost.exe instance might run all the services related to the user interface, and so on.

Moreover,the virus makes use of this lack of knowledge and many virus are made using this name.

Just open your task manager and check if your PC is also infected by one such virus.This can be easily inspected by looking at the CPU cycle being consumed by particular process.

Why can't we stop them by simply setting stop process?

Well you can , but there is a problem because when you stop some useful instance supporting basic PC application ,your PC tends to shut down.Next time you try ,you might end up facing same problem.Then how to recognize which one to stop.I have better ideas.

Still i'll not dissapoint you  ,if you prefer it this way ,Go on.  BUT,

just type the following command in the  RUN window

"shutdown -a"

This aborts the shutdown and keeps the ended process.

Now you can start ending those process and whenever you encounter shutdown message just run that command.

Now i'll explain the better way to deal with both SVCHOST.EXE  and rest of the unused processes.

Download "PROCESS MANAGER"

DOWNLOAD LINK:-
http://download.sysinternals.com/Files/ProcessExplorer.zip

Just  install it and open it.

You'll see a window much like task manager with some advancement.

The best thing i like in it is that as soon as you hover your mouse over a process ,it gives information about it and also the services they are used for.
Now you can manually select which one to abort.
Example:-
In my PC i found many svchost.exe and other processes of which following were useless
1. SVCHOST.exe for windows image aquisition was useless form me.
2. SVCHOST.exe for DNS client was useless unless i am using internet.
3. Spoolsv.exe for print spooler was useless unless i am using a printer currently.

Other similar processes can be inspected and stopped for better PC operation.

Note:- In no circumstances will the process termination affect the working of PC.Simply reboot and you'll get back your original configurtion.

Also if a process which is not known is taking much memory or CPU cycle,it might well be a virus and it will be a good option to switch it off.
Tackling such viruses will be discussed in my next post.

1 comment:

customised by Vaibhav