My Tech Blog

I’m apologize that didn’t update this blog recently, because I was so busy with my new job. So appreciated that I’ve been changed my position to technical department by my boss this monday. But still kinda boring as my previous position - sales department.

Last day, i’ve received a desktop with a windows problem that windows will just disconnect his internet connection automatically by displaying this message,

“General Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. ”

from a customer.

Usually, as what technicians do , we will just ask him to let us reformat his computer. But i realized that it wasn’t just happened to him, but also to me sometime. I was experienced that “svchost.exe” error which made my all current connections disconnected and unable to control it unless I reboot my computer.

So.. I spended some time on the net to find out the solution. Finally I found that “Svchost” is stands for “Service Host“. Many of components of the windows system are implemented as what are called “services”, programs that run in the background, those services are stand-alone executables. Since DLL cannot run on its own, svchost is the one loads DLL.

Problem with svchost.exe nowadays is very common disguise used by malware to hide its presence from the user. As the task manager below does not show up much information in it. You wouldn’t even know which one is being controlled or used by malware.

On the net, I found some possibe reasons of this error message came out.

Reason 1: You have one of numerous worms, viruses and trojans which pretent themselves to be legal svchost.exe or use legal svchost.exe to run themselves at windows startup. These threats include: CashToolbar Downloader-MY, System1060, CoolWebSearch Svchost32, ADCLICK-AG, ADCLICK-AX, ADUYO-A, AGENT-V, AGOBOT-KL, AUTOTROJ-C and many others.

Reason 2: Some legal DLL which uses svchost.exe to run itself at Windows startup crashed and causec crash of the whole svchost.exe service.

Reason 3: You have just installed update from Microsoft which contains errorneous verison of Windows Installer or double-byte character set (DBCS) characters support (only occures in Microsoft Windows XP Service Pack 2 (SP2)).

Reason 4: You installed old printer or scanner drivers from Hewlett-Packard which are incompatible with the current version of svchost.exe

Here’s how to identify Svchost.exe on Windows XP Professional SP2.
If you are not using WinXP Professional, you can try to download tasklist.exe here.

Open a command prompt, “Start - run - cmd.exe”
In command prompt, type the command below and hit enter

tasklist /svc /fi “IMAGENAME eq svchost.exe”

The service name is displayed on the right side.

To get more information on it, you’ll need to go to the service browser, right click on “My Computer“, select “Manage“. This will open “Computer Management” application, and then expand “Services and Applications” and select “Services“.

Now, you’ll need to guess to try to match the human understandable name of the service from the tasklist. For example, one of the services in the list on my tasklist was PID 1792, Dnscache, look through the lists of services and the most likely service was ” DNS Client”. Double clicked on the entry which shows the properties for the service:

The Service name exactly matches what I was looking for : Dnscache. Now I know that PID 1792 is the Dnscache service.

Of course there is an easier way to identify svchost.exe. Use Process Explorer by Sysinternals. Just move your mouse over on top of the svchost.exe and a balloon message will tell you the service name.

Download Process Explorer