What can a service do on Windows?

services malware windows-services

What is a service?

A service is an application, no more, no less. The advantage is that a service can run without a user session. This allows things like databases, backups, the ability to login, etc to run when needed and without a user logged in.

What is svchost?

According to Microsoft: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”. Could we have that in english please?

Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective this makes more sense for reusability… but the problem is that you can’t launch a .dll file directly from Windows, it has to be loaded up from a running executable (.exe). Thus the svchost.exe process was born.

So, essentially a service which uses svchost is just calling a .dll and can do pretty much anything with the right credentials and/or permissions.

If I remember correctly, there are viruses and other malware that do hide behind the svchost process, or name the executable svchost.exe to avoid detection.


One of the easiest ways to determine what processes are running under svchost is to use:

Tweaking.com - svchost.exe Lookup Tool V1.5.0

http://www.tweaking.com/content/page/tweaking_com_svchost_exe_lookup_tool.html

Works well.

Related

MATLab crashes on launch OS X Yosemite
Combining two ffmpeg fillters or commands into single command
How do I know how much swap is used on Windows 7?
Word displays a line separator between pages instead of page breaks
VirtualBox 5.2.6 and 5,2,6 - Error in supR3HardenedWinReSpawn
Which audio encoders in FFmpeg support 8 kHz?
Oracle DB: How can I write query ignoring case?
Error Installing Jekyll - Native Extension Build
C#: Create a lighter/darker color based on a system color [duplicate]
How to navigate multiple ctags matches in Vim?
Ternary in Laravel Blade
How to obtain first day of next month in ruby?