Notes

The Service Host process or svchost.exe is one the most notorious processes out there. It got a bad reputation for being ‘malicious’ due to mostly two factors, one is malware impersonating it and the other is good old ‘Task Manager’.

Because of the way task manager was designed in the old days (and to some extent today), it never gave much details into processes on the system and especially ‘special’ processes like svchost.exe. So by using the task manager to see what processes are opened, you’ll get a bunch of svchost.exe processes with the description ‘Host Process for Windows Services’. Without any information about the services that are hosted in it. So it only took malware two additional steps to make itself look legitimate.Demystifying the SVCHOST.EXE Process and Its Command Line Options