Generic Host Processes for Win 32 Services?

Discussion in 'Computer Information' started by John, Oct 24, 2004.

  1. John

    John Guest


    I just wondered what this "Generic Host Processes for Win 32 Services"
    is exactly?

    In my firewall there are two logos and that is the description for
    them. One of them seems to be using the Internet a lot for some
    reason but I don't know what its doing.


    John, Oct 24, 2004
  2. John

    Duane Arnold Guest;en-us;314056#kb2

    svchost.exe *the Generic Host Processor* performs many task for the NT
    based O/S. One of the tasks is communications on the network such as the
    Internet. There can be many occurrences of svchost.exe running. Not only
    does the O/S use svchost.exe on its behalf and other legit programs running
    on the computer, but Trojans and malware can use svchost.exe too. So you
    must always be aware of what svchost.exe is trying to connect to on remote

    There are tools such as Active Ports and Process Explorer (free) that can
    help you make the determination as to what a program is connecting to and
    what processes are using the program look inside the running program or

    If svchost.exe is not running out of the %SystemRoot%\System32 folder, then
    it's a Trojan.

    You can go to the Command Prompt and enter SET and press the Enter-key and
    it will shoe what is %SystemRoot%.

    Duane :)
    Duane Arnold, Oct 24, 2004
  3. John

    John Guest


    I downloaded the Process Explorer, and they all seem to be acting out
    of the right folder. It doesn't seem to show which ip or web address
    they are talking to though.

    John, Oct 24, 2004
  4. John

    Duane Arnold Guest

    Active Ports gives you that information when a program is running such as
    svchost.exe and it has remote connections on the LAN or (WAN-Internet) to
    an IP.

    Duane :)
    Duane Arnold, Oct 24, 2004
