On Sun, 8 Oct 2006 20:16:23 +0100, Andy <[EMAIL PROTECTED]> wrote:
>Does anyone know of a good, trustworthy, resource so that I can find
>out what services are really needed and what ones we can live without?
Andy, this may not exactly answer your question but may provide some ideas. The
info comes from a recent LangaList newsletter. HTH Stephen
4) Inside Svchost.exe
Fred: I was pleased to find the command shell command: tasklist
/svc to finally actually see what the heck service host was
running. Up until now service host was a back hole that could have
been running anything and I had no idea how to find out what; of
concern obviously was malware cloaked by the cryptic cover
"svchost". Are you aware of any programs out there that take this a
step further, internally breaking down all of the svchost services
running, looking at them, perhaps checking their checksums or some
other process to identify if each is the appropriate service and
warning if any are either out of the ordinary or an ordinary named
service that does not properly match the identifying
characteristics for that service?
Hope what I am thinking about was spelled out clear enough for you
to see what I am looking for. Best Regards, ---Bruce McCormick
Svchost.exe shoes up when you view the Process tab in Windows XP's Task
Manager (Ctrl+Alt+Del) and when you use Windows' DOS-like utility Task List
(Start/Run/cmd, then type TASKLIST at the command prompt). Svchost.exe can,
and usually does, run several instances of itself at any given time, each
instance running several associated services. When you use the SVC switch
with Task List (type TASKLIST /SVC at the command prompt), you can see the
names of the processes within each service.
Microsoft's own Windows Defender (an anti-spyware tool that's still free
while in beta http://www.microsoft.com/defender ) actually has a little-
known feature that provides detailed information about each instance of
Svchost.exe running, and all the services therein.
In Windows Defender, click Tools, then choose Software Explorer. In the
Category drop-down menu, choose "Currently Running Programs" or "Network
Connected Programs." In either or both of those categories, you'll probably
find items called "Microsoft Generic Host Process for Win32 Services"---
these are the Svchost.exe instances. By clicking on one instance in the left
pane, you'll see details in the right.
You can match these individual "Microsoft Generic Host Process for Win32
Services" instances with Svchost.exe instances in the TASKLIST /SVC list most
easily by matching Process IDs. In the command prompt version, the services
are abbreviated--- for example, you might see AudioSrv and BITS. But when you
look in the associated "Services" item in Windows Defender, those are spelled
out--- Windows Audio and Background Intelligent Transfer Service."
Best of all, each "Host Process" in Defender is Classified as "Allowed" or
"Not Yet Classified." Any process that's "not allowed" will be blocked or
terminated (one hopes) by Windows Defender.
See also: "Identifying Mysterious "Services"
http://langa.com/newsletters/2002/2002-02-18.htm#7
--
----------------------------------------
The WIN-HOME mailing list is powered by L-Soft's renowned
LISTSERV(R) list management software. For more information, go to:
http://www.lsoft.com/LISTSERV-powered.html
