The host process consumes a lot of RAM. If the svchost process loads the system. Video: svchost loads the processor. solution

20.10.2023

How to activate MTS roaming - useful tips

POST codes for desktop motherboards Post codes for BIOS of all versions

How to remove reduced functionality mode in Word

A number of users may encounter a situation where their computer begins to crash and slow down, and the culprit is the svchost.exe process, which often consumes up to 100% of the CPU power. In this material I will try to help these users and tell you what to do in a situation where the memory and processor are loaded, what are the reasons for this phenomenon and what to do to correct this situation.

What is svchost.exe

The name "Svchost" is short for "service host" and usually refers to a system process that simultaneously serves a number of important services of the Windows operating system. The average computer can have up to 15 svchost.exe processes running, and each process can be responsible for running one or more Windows OS services.

Using one svchost process to service several services is justified, allowing you to save operating system resources and speed up its operation. Since the Windows NT line, the svchost process is a mandatory attribute of the Windows OS family and is present in every OS starting with Windows 2000. Next, we will look at how to fix the situation when the Host process for Windows services loads the computer.

If you launch Task Manager, go to the "Processes" tab, and click on the "Show processes of all users" button, and then click on the "Image name" button, you will see several svchost.exe processes, usually running as the user "SYSTEM" ", "LOCAL SERVICE" and "NETWORK SERVICE". If you have the svchost process running on your behalf or on behalf of other non-system users, then this may be a sign of the presence of various virus programs on your computer, which you need to get rid of immediately.

The process file itself that is launched is usually located at Windows\System32 (32-bit OS) or Windows\SysWOW64 (64-bit OS).

The host process for Windows services is consuming memory and CPU - causes of dysfunction

So, what are the reasons why the host process for Windows services is using up memory and CPU? I would note the following:

Random operating system crash;
Damage to the Windows OS registry;
Computer hardware problems (clogging the inside of the PC with dust, memory problems, and so on);
Problems installing updates in this operating system;
Operation of virus programs;
Inflated log file size.

Once we have identified the reasons why the host process is loading the system, we move on to the list of actions to solve the problem.

How to fix the "svchost is loading the system" problem

So, how do you get rid of the problem where the host process is loading Windows? I recommend doing the following:

Install all necessary updates for your OS. If there is a chance that the system is installing the necessary updates, then simply wait until the end of the installation process;
If after several hours nothing has changed, then restart your computer, if the problem is random, it will disappear;
Try to shut down the problematic svchost.exe process yourself. Launch the task manager, go to the “Processes” tab, right-click on the problematic (costly) process and select “End process tree”;
Delete the entire contents of the Prefetch folder at Windows\Prefetch. Various data about launched files are stored there, including those that are no longer needed by the user, and cleaning this folder can help in the issue when the Host process for Windows services is using up memory and the processor. After cleaning the specified directory, try again to terminate the problematic process as described above;
Disable checking for operating system updates. Go to Control Panel, select “System and Security”, then go to “Windows Update”, click on “Adjust settings on the left” and select “Don’t check for updates”;
Disable Windows Update service. Click on the “Start” button, type services.msc in the search bar, find “Windows Update” in the list of services, double-click on it and select the startup type “Disabled”;
Clear the system log file eventvwr.msc and press enter. Open the “Windows Logs” tab, right-click on “Application”, and select “Clear Log” from the menu that appears. Do the same for the “Security”, “Installation”, “System”, “Forwarded Events” tabs;
Use programs to clean and restore the registry(CCleaner, RegCleaner and a number of other analogues);
Check your system for malware(tools such as Dr. Web CureIt!, Trojan Remover, Malware Anti-Malware, etc. will help), track the location of the svchost.exe file (where it should be located, I already mentioned above) and its correct name (should only be “svchost. exe" without modifications);
Perform a system rollback to a previous restore point. Click "Start" and type in the search bar rstrui, and roll back the system to its stable version;
Take your computer to a service center to clean it from dust and check the functionality of its components(memory, power supply, video card, etc.), or if you have sufficient qualifications, perform these procedures yourself.

Video solution

Above, I discussed the situation in which the host process for Windows services loads the processor and memory, and also gave a recipe for solving this problem. Excessive CPU usage on your computer can have a whole range of reasons, from the banal installation of updates for your system to various hardware problems, including problems with the memory, power supply and other elements of your computer. I recommend following the entire set of tips I have outlined; one of them will definitely be the most effective for you and will help solve the problem with the host process on your PC.

What is svchost.exe in Windows and why does this process load the processor so much, often up to 100%. Let's understand the svchost.exe process on Windows!

It would hardly have aroused much interest among computer users if its reputation in the heyday of versions XP, Vista and 7 had not been spoiled by viruses masquerading as this system process. However, a genuine process often brings problems: it can load the processor by 100% and, accordingly, cause terrible slowdown of the computer. Below we will talk about svchost.exe: what it serves, in which cases it can cause the processor to be 100% loaded, and in which cases, being a virus, it can also pose a threat to the computer.

1. Genuine svchost.exe

The genuine svchost.exe, the Windows host process, is a vital component of the operating system through which important system services are loaded from dynamic link libraries (DLLs). For most of these services, svchost.exe runs as a separate process. Therefore, in the “Details” tab of the Windows 8.1 and 10 task manager, you can detect the activity of several processes at once.

In Windows 7, all active processes can be seen in the Processes tab of the task manager.

Svchost.exe works with updates, Windows Defender, power management, network connections, various devices connected to the computer, and others. In Windows 7 and 8.1 systems, svchost.exe processes are launched under the names “System”, “LOCAL SERVICE” or “Network Service”, and in Windows 10 they can also be launched under the name of the current user. Launched on behalf of the user, it ensures the operation of services responsible for synchronizing mail, calendar, contacts and other data of the account owner.

2. Why does svchost.exe load the processor at 100%

If we are not talking about constant processor load at 100%, but about individual periods when such a problem occurs, the reason for this may be the execution of background Windows operations. These are, in particular, system updates, automatic maintenance, and indexing of disk contents after reinstalling the system. Low-power processors found in budget or older computer devices are especially vulnerable in this regard. The problem with processor load is solved on its own, respectively, upon completion of the operations. In some cases, you may need to resolve an issue caused by a Windows update installation failure.

Another possible reason for svchost.exe activity with a load on system resources is processor overheating, problems with the hard drive or network card. The computer needs to be cleaned of dust and the hard drive checked for errors. You can exclude or confirm the possibility of damage to the network card by monitoring the activity of svchost.exe with the network cable disconnected.

The reason for the processor load to be 100% may be the incorrect operation of one of the services of the svchost.exe process. This, by the way, often occurs on devices with pirated modified builds of Windows installed. To figure out which of them is causal, you need to track it.

3. Service tracking

3.1. Task Manager

You can find out which service is using the processor in the task manager. Call the context menu on the problematic process and select “Go to services”.

The manager window will switch to the “Services” tab, where they will be highlighted in a block.

In the context menu called on each individual service, Windows 8.1 and 10 systems, in addition to the stop and start commands that Windows 7 is limited to, offer, in particular, a search for information about it on the Internet. On the Internet you can find out what this service is, how problems with it are solved, and if the solution is to disable it, then whether Windows will then be able to function fully. If you need a computer urgently, and there is no time to understand the essence of the problem, you can try to stop the problematic service using the appropriate command in the context menu. If there are several of them, you will have to investigate disabling each one in turn.

Forcibly terminating the svchost.exe process itself in the task manager may result in a blue screen of death. When stopping services, the situation is a little simpler: services that are important for the functioning of the system will not be able to be disabled - either access will be denied, or the service will then start again on its own. Stopped services can then be started using the appropriate command in the context menu, and after rebooting the computer they will start themselves. Some of them, if they do not directly affect the performance of the system, but stopping them in the task manager is impossible, you can try to stop them in the Services snap-in (services.msc). In Windows 8.1 and 10 Task Manager, this snap-in is quickly accessible.

By double-clicking on the desired service, its properties window is called up, in which it is stopped with the button, respectively, “Stop”.

If it is impossible to stop the causative service, you can try to reduce the load on the processor by setting the problematic svchost.exe process to a lower priority in the task manager. In its context menu, you must select “Set priority”, then “Below average” or “Low”. However, such a solution will not be effective in every case.

3.2. AnVir Task Manager program

Some may find it more convenient to monitor the services of problematic processes through alternatives to the standard Windows Task Manager. For example, in the AnVir Task Manager program, in the same column of the table with processes, their services are displayed. The description of the service of the selected svchost.exe can be viewed in the block with detailed information, which will appear after double-clicking on the graph of the selected process.

You can go directly to the svchost.exe process services using the program’s context menu by clicking “Go”, then “Go to service”.

And in the context menu for Windows services, you can select either the stopping command “Stop” or “Change startup type”, then “Disabled (Quarantine)” if stopping is impossible. Here, in the context menu for each individual service, you can get online help.

Any kind of experiments with disabling services - either through the standard functionality of Windows or using third-party programs - is best carried out by first creating a system restore point.

4. Universal Windows Troubleshooters

If you do not treat the symptoms, but deal with the problem itself, universal tools for troubleshooting Windows errors, such as disk cleanup, cleaning the system registry, checking the integrity of system files (sfc/scannow), can help. And Windows Clean Boot mode will help determine whether the svchost.exe activity that is loading the processor is actually related to system services. Third party software services may be causing the problem.

5. Viruses masquerading as svchost.exe

Today, false processes svchost.exe are much less common than in the days of Windows XP, Vista and 7. Virus writers can disguise their malicious programs as it, replacing in the process name, for example, the letter “o” with a zero, the letter “t” with a one, playing with combinations of replacing Latin with Cyrillic, adding some extra characters to the original version of the name. It may be that svchost.exe itself is a genuine process, but its activity, which loads system resources, is associated with a virus that has entered the system. Viruses masquerading as svchost.exe can load not only the processor, but also the disk and RAM, actively absorb Internet traffic, and periodically disconnect the Internet and local network connections. False svchost.exe processes have other signs of the presence of malware in the system - advertising on websites, opening unsolicited web pages in the browser, changing Windows settings, etc. The falsity of svchost.exe can be indicated by the location of the process executable file in a path other than C: \Windows\System32 and C:\Windows\SysWOW64. You can find out the location of the process file in the Windows task manager, in the context menu of each instance of svchost.exe.

In the AnVir Task Manager program, the path to the location of the svchost.exe files is indicated in the “Executable file” table column. In addition, AnVir Task Manager contains a separate column with an indicator of the so-called risk level - the verdict of the program creators, based on behavioral analysis of processes.

AnVir Task Manager works in conjunction with Google’s web service Virustotal.Com, where each active process can be checked directly from the program interface using the “Check on site” context menu option.

The problem with the false svchost.exe process is solved in a universal way for all types of malware - scanning the computer with an antivirus with regularly updated databases and an additional scan using an antivirus utility from another developer (with excellent databases).

Have a great day!

SVCHOST.EXE is one of those necessary processes that constantly runs in Windows. So SVCHOST.EXE- Determines services and programs running inside each SVCHOST.EXE process, it is also worth knowing that the svchost process loads the system with 99 or 100 percent of your processor, then it could be a virus!

Therefore, before we solve this problem, we need to understand that this process is actually viral. Firstly, Svchost means " service node“, and it does exactly what the name suggests: a “host” of services. Svchost is the main service in Windows, a program in the operating system that does a specific job and runs in the background all the time when the computer is turned on, even if you are not logged into it.

Most of the programs you know run autonomously in the .EXE extension. However, most services come in the form of DLLs that cannot run on their own. Hence Svchost loads these DLLs and runs. This is why when you open Windows Task Manager, you will see a bunch of svchost.exe processes.

You can see that there are currently eight Svchost processes running, all using different amounts of memory and running under different usernames. So, let's say one of them is running at an excessively high CPU load of 100 percent, how can we determine the actual progress of the applications?

There are really two ways: do it all manually using the command line and services tool or using a third party application. I will describe here two ways to eliminate the svchost virus, if the first method does not work for you.

First method: Identify svchost.exe processes using the command line.

1. Firstly, click on Start, and then Execute and enter CMD and press OK button. In Windows 8.1, right-click the Start button and select Run.

2. Type the following command in the command window and click ENTER

tasklist /svc /fi "imagename eq svchost.exe"

You should see a list of svchost with a PID section.

Now you can see each Svchost process along with its unique ID number and the services it is responsible for running. However, these names are still very mysterious. In order to get more useful information about the process, we can use Services on Windows.

3. Right click on My computer, select Control. In the window that appears, select Computer management and then select Services and applications. Finally, select Services .

4. Now try to find the Windows service ID and name in the Services tab. This may take a while because if you take the process ID 1436, then the name is WudfSvc. If you double click on one service name, you will see their ID and name, you can match them. In my case, I guessed that W means the process starts with "Windows" and opened them.

As you can see, the Windows driver maintenance is actually called wudfsvc!

Second method: identify svchost.exe processes using Process Explorer (easy way)

If the first method turned out to be difficult, there is an easier way! Solving the problem using the Process Explorer tool from Microsoft (originally from SysInternals). The tool is completely free and gives you detailed information about each process at a given moment.

Once you download it, just run the executable as it doesn't need to be installed. Hover over the Svchost process and you'll get a pop-up window showing what services are running in that process. The good thing about Process Explorer is that it shows you a friendly name for each process rather than a short name.

Windows 8 Task Manager

Using the Windows 8 task manager, you can find all Svchost processes without this program. Open the task manager by clicking keyboard shortcut CTRL + SHIFT + ESC and scroll down to Processes tab where it shows Windows processes .

Here you will see all svchost.exe process listed as service node: then the account type it runs under Local System (Network Service, etc.). There will also be a row next to it, and if you expand the item by clicking on the arrow, you will see each service running under a specific process.

Now that you've figured out which processes are eating up all your CPU memory, we can fix it. If you find a Windows process such as Windows Update, or Windows Firewall, etc., then simply kill the process and uninstall the program.

However, most of the time is spent not knowing what to do with the Windows process. The best solution in this case is to install all the latest updates from the Microsoft website. If you are unable to do so normally in Windows, try restarting your computer in Safe Mode and try again.

Also, if you can go to the Services tab like we did above, right click on the service and select Disable. Even if it's Windows updates or firewall, don't worry, you can turn it back on later. Then restart your computer and go to the Microsoft website and manually update Windows. Then enable services and reboot your computer again and hopefully everything works!

To disable a service in Windows, right click on it Services tab and select Properties .

Then select launch type: Disabled:

I've gone through this process several times and it works. So again, first disable Services, then restart your computer, install updates manually, re-enable the service, restart your computer.

Svchost.exe is an executable file that has “scared” more than one user. Although this word could be written without quotation marks. This process, with its full, one hundred percent load on the computer processor, is truly frightening.
What this process is responsible for, why the full download occurs and how to deal with it is the topic of today’s article.

Svchost virus or system process?

Svchost.exe is a process that loads dynamic DLLs. All services that use such files access this process. This operation is available in all versions of the Windows operating system, from the first, 2000, to the latest, tens.

In order not to waste CPU time and load RAM, the developers assigned one process to several services at once. Some users considered this decision of the developers to be erroneous, since it has a number of shortcomings. And that's why.

Important information! Svchost.exe is constantly used by attackers who create Trojans and viruses in order to disguise their executable files as this process, sometimes causing irreparable damage to the operating system. The fact that the process starts several services at once is to the advantage of malware developers. And when the user has problems and suspects viruses in the system, he launches the dispatcher, and there are almost a dozen of these svchost.exe. And how can you guess which of these identical processes is hiding a malicious file?

Since this process is a system one, allowed to run by the operating system, ending it is fraught with unstable operation of the computer or critical errors. Therefore, many users turn their attention to other files, hoping to find malicious codes and programs in other places in the OS.

Important information! The svchost.exe process never runs as an administrator (user). This operation is launched only by system services, NETWORK and LOCAL SERVICE, as well as SYSTEM through their mechanisms. If the operation is started by the Run section of the registry, it is a 100% viral executable file.

Ways to solve the problem with svchost.exe

Solution one: In some cases, simply restarting the computer can solve many problems, so we put this option at the forefront.

Solution two: Check for virus activity on the system. It checks itself or starts. But it’s easier to overlook viruses yourself, but the program is unlikely to make a mistake. But to be on the safe side, first check the system manually, and then run an anti-virus scan with a special utility.

Find the Processes tab.

To make checking more convenient, sort all processes depending on how they load the system or how much RAM they consume. This can be done in the Memory and CPU columns.

Click on these two columns, the system will sort the processes, and those that consume more resources will go first. You saw several svchost.exe files.

Now you should see under whose name the executable files are running. If from the system (SYSTEM), NETWORK and LOCAL SERVICE, then these are safe processes launched by the OS.

And if you are wondering on whose behalf (by what service) the svchost.exe process is running, click on each of them and go to a separate tab.

Here you will see which service initiated the launch of this process.

Only after this can you disable services one by one to solve the problem of processor reboot and high RAM consumption.

A lot of resources are usually consumed by the “IP Helper Service” and the one that is responsible for automatically updating the computer software.

Disable the first and second services one by one, but in the second case you will not receive automatic updates for the operating system, and all these processes will have to be started manually.

The IP helper service supports IPv6, which is not widely used, so feel free to disable it. This will not affect the operation of the operating system.

There are cases when a virus disguised as svchost.exe infects the antivirus program itself installed on the operating system, and therefore it does not recognize it and produces incorrect scan results.

To ensure that scanning for virus activity is successful, do not use installed antivirus programs, but use free utilities that are designed specifically for such one-time checks, for example, from Kaspersky Lab. To run the scan, copy the program downloaded to your computer to removable media. Then turn on the system in safe mode and check using the utility.

Solution three: Check for new updates for the Windows operating system, and if they appear, install them all.

Solution four: You can restore the operating system from the last checkpoint. The point is that a checkpoint is created with a fully functional operating system. And if problems arise, the system can be rolled back (restored) using a previously created checkpoint. The computer boots with operating parameters, and the operating system operates as before.

Solution five The Prefetch folder is used by the computer to launch programs and speed up the operating system. The system saves the parameters of previous downloads in this folder. Delete everything stored there. Prefetch can be found in the system directory (Windows folder) of the operating system.

Starting with the version of Windows XP, one very extraordinary service appeared in operating systems of this family - Svchost.exe (netsvcs). In its original version, it was mainly responsible for network connections, but over time it began to be used more widely. It's no secret that it is the Svchost.exe (netsvcs) process that loads the processor (Windows 7). How to fix the problem and disable unnecessary components will now be shown. But first, let's figure out what this process is and why it is needed.

Svchost.exe service (netsvcs): what is this process?

Let's take Windows 7 as a basis, since in systems of a higher rank the problem with this service is not so pronounced.

It was from the seventh modification of Windows that the developers decided to make the system faster, using for this, as they believed, a universal solution, the essence of which was to not call the executable file of some system or user process, but to launch it through one service in background mode.

How the service works

If you look at the list of processes in the Task Manager, you can see several Svchost.exe services (netsvcs). What this is and why this happens will become clear if you understand the basic principles of operation of this component.
In general, processes may contain four (minimum) or more such components, but they all belong to the same group (netsvcs). The working principle of the process is to launch system processes through special svc hosts using the Services.exe tool. In this case, the accompanying components of any program (for example, dynamic libraries DLLs, which are not accepted for execution by the system in the usual way) are loaded into RAM. It is believed that this allows you to speed up the start of executable applications (including user ones).

Why does the process load RAM and virtual memory?

But why then does the Svchost.exe (netsvcs) process load Windows 7 memory? The decision to eliminate such a problem will have to be made based on the reasons for such system behavior. Among them, the main ones are the following:

exposure to viruses masquerading as Svchost.exe processes; malfunctions in the Windows update search and installation tool; accumulation of computer garbage when surfing the Internet; problems with the tunnel adapter; enabled Prefetch service.

It is worth noting that the Svchost.exe (netsvcs) process loads physical memory (RAM and virtual, which uses the space reserved on the hard drive to load program components when there is insufficient RAM).
In the simplest case, you can get rid of excessive load by simply restarting the system. But this gives only a short-term effect, as does terminating each process in the same “Task Manager”. Therefore, drastic measures will have to be used.

Check for viruses and malicious codes

First of all, you need to determine the presence of viruses masquerading as Svchost.exe (netsvcs) processes in the system, using their attributes in the “Task Manager”. On running services with a user name, the process description can only contain the attributes Network Service, Local Service or System. If something else is specified (most often Admin), you need to start checking immediately.

In the simplest version, you can use a standard scanner, but in most cases this does not give any results (after all, apparently, the antivirus has already missed the threat). Most experts recommend using independent utilities, among which one of the most powerful is Rescue Disk from Kaspersky Lab. The antivirus can be loaded from a disk or flash drive even before Windows starts, and at the same time it is capable of finding viruses, even those that are very deeply integrated into the system.

Svchost.exe (netsvcs) uses up memory in Windows 7. Solution - system update service

Many experts call problems with the Update Center another common problem. It happens that Svchost.exe (netsvcs) loads the processor (Windows 7) for no apparent reason (as it seems). But there is a reason. The problem is that some updates may have been underloaded, so the system tries to download and install them again and again.

Disabling the search and installation of updates through the Update Center, called from the Control Panel, may not work (even if you set the automatic search mode and offer installation at the user’s discretion). In this case, it is best to use the command line, launched as an administrator, in which three commands are written, followed by pressing the enter key after each of them (for any version of Windows):

to stop the service - net stop wuauserv; to disable background intelligent transmission - net stop bits; to deactivate delivery optimization - net stop bits.

Terminating related processes

Now let's look at another option for deactivating Svchost.exe (netsvcs) processes. How do I disable service-related components? First, you should find out which processes are “attached” to it and are called when the system starts, but are not in the automatic boot menu.

To do this, in the “Task Manager” you need to find all the searched lines containing Svchost.exe (netsvcs), sorting the processes in alphabetical order.

On the selected process, through the right-click menu, you need to go to services using the corresponding line.

Each service can be stopped right here or open the service management section (this can also be done through the program launch menu “Run” (Win + R), where the command services.msc is entered. But this option is somewhat inconvenient only because you have to remember the name of each service, and then look for it in the service tree.

Next, by double-clicking, the settings menu is called up, where the service is either stopped with the corresponding button, or it is assigned a different startup priority or complete shutdown. But you shouldn’t overdo it, because this can disable important system processes, which can negatively affect the operation of the entire OS (up to a failure, after which you will have to restore or so-called rollback to a previous working state).

Removing computer junk and registry optimization

In some cases, the load on the system from the Svchost.exe (netsvcs) processes may be associated with simple clogging with computer garbage.

Carrying out cleaning on your own is a very troublesome task, so to simplify the work you should use optimizers like CCleaner, Glary Utilities, Advanced SystemCare, in which for scanning you need to mark not only deleting temporary files or clearing the cache, but also enable searching for problems in the system registry and then correcting or deleting incorrect keys and even defragmentation.

Troubleshooting tunnel adapter issues

Infrequently, there is a problem with the Teredo tunnel adapter. At the same time, even some of its controls may simply freeze. The way out of this situation is to disable the corresponding protocol (especially if it is enabled by default but not used).
To deactivate it, you need to run the command line with administrator rights and enter two commands: netsh interface ipv6 set teredo disable and netsh interface teredo set state disable, and after executing them, reboot the computer terminal.

Checking the SuperFetch Service Status

Finally, another global problem, although partially related to Svchost processes, is the activated service for remembering frequently used programs and applications to optimize or speed up their launch, which is called SuperFetch.

You can disable this component through the service management section (services.msc) by selecting the desired startup type, or perform similar actions in the system registry, which is not very convenient.

But it is believed that the simplest method of reducing the load on system resources in relation to this particular service is to delete the Prefetch folder, which is located in the Windows root directory in the system partition. After this, you can terminate all Svchost processes in the standard Task Manager and perform a full restart of Windows.

Results

What can be said about the processes considered if we sum up some results and draw conclusions? Among the main reasons causing increased use of system resources, and especially in Windows 7, the main ones are problems with the impact of viruses, failures in the update service and the SuperFetch service. But this situation in most cases occurs on low-power computers that are too weak to simultaneously support the optimization of running a large number of resource-intensive programs. And, what’s most interesting, most often it’s not the processor that takes the brunt of it, but the RAM, the use of which in some cases can reach one hundred percent. A lack of RAM capacity leads to the fact that the system begins to actively use virtual memory (hard disk space), which leads to a significant slowdown when accessing the hard drive.
As for solving this problem, you should use each of the above methods. But you will have to be extremely careful not to terminate some systemically important process (although in this case a spontaneous reboot with recovery may simply follow). But the SuperFetch component on modern machines with large amounts of RAM and powerful processors should not be disabled. This solution is applicable only in the case of outdated computer equipment.