Mysterious
Svchost.exe Svchost.exe is arguably the most mysterious process Windows. Svchost.exe is a name of generic host process for services that run from dynamic link libraries (DLL). The Svchost.exe file is located in the% SystemRoot% \\ System32.
At startup, Svchost.exe checks the services portion of the registry to construct a list of services to be charged. It is possible that the system multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, it can run different services depending on how and where Svchost.exe is started.
Svchost.exe groups can be identified in the following registry key:
HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ WindowsNT \\ CurrentVersion \\ Svchost
Some gusanos se aprovechan de este proceso para camuflarse en el sistema y no ser detectados con una simple exploración de procesos. Existe malware que utiliza esta técnica de camuflaje como los gusanos: Jeefo, Welchia, Assarm y más recientemente el Conficker.
Con la herramienta gratuita Svchost Process Analyzer podemos enumerar todos los procesos svchost del sistema y comprobar los servicios que contienen. Aunque existe una forma de comprobarlo, en la consola de comandos mediante las ordenes: “Tasklist /SVC” y “Tasklist /FI "PID eq IdDeProceso" (con las comillas)”. Se obtiene más información y más concisa con Svchost Process Analyzer.
Esta herramienta está disponible para: Windows Vista, XP, 2000 and 2003. For proper use of the svchost process analyzer, it should run as a system administrator account.
More information and download Svchost Process Analyzer:
http://www.neuber.com/free/svchost-analyzer/index.html
Description of Svchost.exe in Windows: http
: / / support.microsoft.com/kb/314056/es
Tools for virus detection and disinfection Conficker:
http://vtroger.blogspot.com/2009/04/herramientas-para-la -detection-y.html
0 comments:
Post a Comment