win32 - svchost

I got some virus that had something to do with Win32. My AntiVirus program didn´t delete it although I have Real-time protection set for "Delete automatically" Anyway, after I virusscanned my temporary internet files I found that virus and the anti-virus program could easily delete it.

I know win32 has something to do with svchost.exe. If I look at Task Manager and then processes I see 5 or sometimes 4 processes called svchost.exe. I use Windows XP, is this normal? 2-3 of them have usename "System". 1 of them have the username "Local service" and one have "Network Service" as username.

If I do a file search on my computer I found one file called svchost.exe in the folder C\WINDOWS\system32.

 

This is correct

Cheers

 

You have services running from dynamic-link libraries (DLLs). At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can indeed be multiple instances of Svchost.exe running at the same time.

Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.