Svchost.exe Virus Removal Guide

by | Sep 7, 2020 | Trojan Viruses | 0 comments

Known as one of many important system processes in Windows, Svchost.exe is a non-malicious program usually located in C:\Windows\System folder. Svchost.exe is a program that probably arrived on your computer the day you purchased it; it monitors programs, manages DLLs (dynamic link libraries) and controls loading of system processes. Multiple sessions of this program’s occurrence can be found (each containing a separate group of services); the task is always running and cannot be killed.

Although this task is considered safe (that is, not spyware or virus related), you must ensure that the file is located at c:\svchost.exe as many spyware programs and viruses use this name to confuse users. Several viruses even put this name in your root directory, which is not where this file should be located. You must also pay close attention to check that Svchost is not spelled as Scvhost; this is another tactic used by spyware and virus writers attempting to fool you, as the difference between these two can be extremely hard to notice.

Many different forms of malware hide themselves as Svchost.exe and can wreak havoc on your system; cyber criminals use system vulnerabilities to create hazardous Trojan viruses under the name Svchost.exe as a fake process. Although most antispyware programs may detect this process, they are usually unable to remove its components at all. In certain cases, even after you’ve deleted the Svchost.exe virus, it may still come back despite rebooting your system repeatedly.

A Svchost.exe virus has the typical symptoms of a Trojan infection; it has the ability to alter system settings and raise CPU usage by taking up lots of system resources. What’s more, it could even cause your system to crash if not removed on-time. Sometimes, even when you have antispyware software installed, the Svchost.exe virus gets through without your consent.

Manually Removing The Svchost.Exe Virus

Because of the dangers associated with the Svchost.exe virus, experts recommend using SpyHunter for effectively detecting and removing the Svchost.exe virus and ensuring protection against the latest malware, rootkits, Trojans and malicious software.  Given below is a series of steps for removing the virus manually:

Step 1 – Turn off system restore:

For Windows ME: click on Start >Settings > Control Panel. Then double click on “System”, select “File System’ from the performance tab. Finally, left click the ‘Troubleshooting’ tab, check the ‘Disable System Restore’ box and click OK.

For Windows XP: Login as Administrator, right click the ‘My Computer’ icon and select ‘Properties’ from the shortcut menu. On the System restore tab, check the “Turn off System Restore’ option for each drive, click on Apply and Yes to confirm when promoted. Click OK and exit.

For Windows 7: Click Start and open up the Control Panel. Next, click on System and Security>System. Once the ‘System’ Screen appears, click on System Protection in the left tab, and then click on ‘Configure’ in the bottom half of the tab that opens up. The tab that is now displayed shows Restore Settings at the top; simply check ‘Turn Off System Protection’, click OK and exit. 

Step 2 – Restart your computer and press F8 before windows launches; navigate to ‘Run Windows in Safe Mode’ using your arrow keys and press enter.

Step 3 – Click Start, type “cmd” and press enter; this opens up command prompt. Then change your directory by typing “cd\” in command prompt.  Next, type the name of the full directory path of the folder where you Windows Systems files are located. It will be one of the following:

“C:\Windows\System” or “C:\Windows\System 32.”

Step 4 – To unprotect the files for removal, type the following in command prompt:

“attrib -h -r -s scvhost.exe”,then press Enter

“attrib -h -r -s blastclnnn.exe”,then press Enter

“attrib -h -r -s autorun.inf”, then press Enter.

Step 5 – Delete the files by typing the following in command prompt:

“del scvhost.exe”, then press Enter

“del blastclnnn.exe”, then press Enter

“del autorun.ini”, then press Enter

Step 6 – Type ‘cd\’ again to return to the main Windows directory. Now you need to unprotect and delete the Autorun.inf file from the windows directory by typing the following in Command Prompt:

“attrib -h -r -s autorun.inf” then press Enter

“del “autorun.inf” then press Enter

Open the Registry editor by typing “regedit” and press Enter

Step 7 – Locate the following entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Once located, delete the incorrectly spelled Yahoo! Messenger entry with the value “c:\windows\system32\scvhost.exe.

Step 8 – Locate the following keys:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

There is a ‘shell’ entry within the key with the value of ‘explorer.exe, svchost.exe’. Remove the reference to Svchost.exe, leaving Explorer.exe as the remaining value in the registry entry.

  • HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>

From the left pane, delete the following sub-keys:



Once done, type ‘Exit’ and press Enter to exit the command prompt.

Step 9 – Restart Your PC.

If even after completing the manual process the Scvhost.exe still resides on your computer, experts recommend scanning your system using real-time anti-spyware applications to thoroughly to detect and remove any malicious viruses or processes attempting to make changes to your system’s registry files.

Download Protection Against Viruses and Malware Infections

Malware and Virus Threats may compromise your online privacy, they can also affect the performance of your computer. If you wish to protect your computer from threats, download a reliable malware protection tool. 

Protect Your Privacy Online

When you surf the internet, your IP adress may help third parties from identifying you. The best way to protect yourself against breaches of privacy is to use a VPN (Virtual Private Network). A VPN essentially lets you surf the internet through another computer so that the digital footprint of your computer may remain hidden.