Svchost.exe

svchost.exe

how else will you host all your SVCs?

systemd

You need at least that many SVCs to saturate your mining bases, noob.

AKA keylogger/triangulation.exe

What is a healthy number of svchost.exe to have? From my experience, about 7-12.

...

Not that guy but what? this is the number of svcs that are currently working, and you can see they're all executed by the system, and all their services link to windows' services

Get process explorer from sysinternals and see who is running all your svchosts.

Chances are you've been bamboozled by macroshit

It's a good concept to isolate services into containers that don't have more privileges than necessary but it would be fucking helpful if they actually named the processes something useful instead of just svchost.exe. Maybe even put a light green background or something for processes signed by Microsoft so you easily can tell it's safe and not some malware that named itself svchost.exe.

>diagtrack
couldn't find that in any of the svchosts

however, i found this access is denied thing

the fuck does it mean?

OP here, just checked all 59 svchosts, they are all signed by microshaft windblows and come from system32.

so I think I'm safe for now. that's living in the botnet for you :^(

Run it as admin retard

You don't need to know, goy. Microsoft can do everything for you, just surrender yourself to their better, more intelligent judgement. You don't know what you want, they do.

Microshit doesn't have a proper process containment system, or even anything like cgroups, so they have to hard code "svchost.exe" to be treated special

imagine being this bad at developing your os

yeh, it just links to system32

guess my OS is unfucked

>don't have any
W-what

Svchost is always going to say it's signed, it's used for loading the services, it isn't the actual service
Whatever it's loading is most likely signed too, unless you're running in test signing mode for whatever reason
And nobody's burning a patchguard 0 day on you to install unsigned drivers
It's probably just dumb shit you've installed in the past

svchost and all the processes have always spooked me since my earliest win2000 days when i started looking under the hood

>telemetry before there was telemetry

made me jump ship to deb pretty early desu

...

If the virus total thing is clear then I am okay right?

>What is a healthy number of svchost.exe to have?
Who knows? That's kinda the whole point. It's never healthy when you don't know what your computer is doing. If Microsoft actually took the time to add verbosity or labels to identify what process is host process, perhaps people wouldn't be scratching their heads.

No. Because Windows' own telemetry and diagnostic spyware shit is considered legit.

I have none... whats wrong with my pc?

I disabled telemetry long ago

IS THIS NORMAL?

IT CAN`T BE.

I have tried to pause the updates and I think it gets better but still there are a lot of them.

totally normal dude, dont worry about it.

Completely normal, you just have a little windows bloat but it's totally healthy

...

Don't make fun of me pleaseeeeee tell me if this is normal or not.

Why many of them are duplicated multiple times?

see

Read the thread, Pedro

>2015
>debian

It's 4:35.

Go to sleep, Pedro

svchost.exe is located in system32.
You are only seeing the process, you arnt seeing that botnet.exe called svchost to do something, and you arnt seeing that svchost has been injected with botnet.exes code so that botnet runs every time svchost is started

Well the bin isn't going to be patched on disk, patchguard makes sure of that
Process hollowing is possible though
It could also just be random services for his 80 razer products too

>tripfeg
Go to hell.

>Process hollowing
interesting. Ill read more into this.
I was referring to injection or binding whatever you want to call it.

Youre probably right though but "svchost" is an ideal filename.

Ehhh... you need to disable some services doc!