svchost.exe
how else will you host all your SVCs?
>>60951758
systemd
>>60951758
You need at least that many SVCs to saturate your mining bases, noob.
>>60951758
AKA keylogger/triangulation.exe
>>60951758
What is a healthy number of svchost.exe to have? From my experience, about 7-12.
>>60951848
>>60951859
Not that guy but what? this is the number of svcs that are currently working, and you can see they're all executed by the system, and all their services link to windows' services
>>60951925
Get process explorer from sysinternals and see who is running all your svchosts.
Chances are you've been bamboozled by macroshit
>>60951758
It's a good concept to isolate services into containers that don't have more privileges than necessary but it would be fucking helpful if they actually named the processes something useful instead of just svchost.exe. Maybe even put a light green background or something for processes signed by Microsoft so you easily can tell it's safe and not some malware that named itself svchost.exe.
>>60951983
>diagtrack
couldn't find that in any of the svchosts
however, i found this access is denied thing
the fuck does it mean?
>>60951758
OP here, just checked all 59 svchosts, they are all signed by microshaft windblows and come from system32.
so I think I'm safe for now. that's living in the botnet for you :^(
>>60952082
Run it as admin retard
>>60952082
You don't need to know, goy. Microsoft can do everything for you, just surrender yourself to their better, more intelligent judgement. You don't know what you want, they do.
>>60952014
Microshit doesn't have a proper process containment system, or even anything like cgroups, so they have to hard code "svchost.exe" to be treated special
imagine being this bad at developing your os
>>60952127
>>60952124
yeh, it just links to system32
guess my OS is unfucked
>don't have any
W-what
>>60952163
Svchost is always going to say it's signed, it's used for loading the services, it isn't the actual service
Whatever it's loading is most likely signed too, unless you're running in test signing mode for whatever reason
And nobody's burning a patchguard 0 day on you to install unsigned drivers
It's probably just dumb shit you've installed in the past
>>60951758
svchost and all the processes have always spooked me since my earliest win2000 days when i started looking under the hood
>telemetry before there was telemetry
made me jump ship to deb pretty early desu
>>60951983
If the virus total thing is clear then I am okay right?
>>60951925
>What is a healthy number of svchost.exe to have?
Who knows? That's kinda the whole point. It's never healthy when you don't know what your computer is doing. If Microsoft actually took the time to add verbosity or labels to identify what process is host process, perhaps people wouldn't be scratching their heads.
>>60952324
No. Because Windows' own telemetry and diagnostic spyware shit is considered legit.
>>60951848
I have none... whats wrong with my pc?
>>60952420
I disabled telemetry long ago
IS THIS NORMAL?
IT CAN`T BE.
I have tried to pause the updates and I think it gets better but still there are a lot of them.
>>60952471
totally normal dude, dont worry about it.
>>60952471
Completely normal, you just have a little windows bloat but it's totally healthy
>>60952471
>>60952508
>>60952548
>>60952569
Don't make fun of me pleaseeeeee tell me if this is normal or not.
Why many of them are duplicated multiple times?
>>60952611
Read the thread, Pedro
>>60951770
>2015
>debian
>>60952643
It's 4:35.
>>60952836
Go to sleep, Pedro
>>60952116
svchost.exe is located in system32.
You are only seeing the process, you arnt seeing that botnet.exe called svchost to do something, and you arnt seeing that svchost has been injected with botnet.exes code so that botnet runs every time svchost is started
>>60955025
Well the bin isn't going to be patched on disk, patchguard makes sure of that
Process hollowing is possible though
It could also just be random services for his 80 razer products too
>>60952695
>tripfeg
Go to hell.
>>60955060
>Process hollowing
interesting. Ill read more into this.
I was referring to injection or binding whatever you want to call it.
Youre probably right though but "svchost" is an ideal filename.
>>60951758
Ehhh... you need to disable some services doc!
Yeah, but how many conhost.exe instances do you have?
>>60951848
that's something I don't understand how Microsoft designed this.
apparently services are started via svchost.exe (call it with a bunch of parameters, like the service name and other service-specific parameters).
some services run as system, some as network services
what I don't understand is
1. why it's not one service per svchost.exe process. sometimes you have a bunch of services running on the same svchosts PID
2. if you combine them, then why not combine them all into a single svchosts.exe?
3. how do they determine how many svchosts.exe to use, and which services go on each?
probably a worthy question for MSDN
>>60955441
>In before tldr...
>>60952243
Plenty of signed tracking out there anon.
>>60955441
A long time ago they merged them because it was faster. But then they realized its not that good so now we have this mess. same with their UI
>>60955260
THANKS bugsb unnyy
>>60952471
I almost feel bad for you winblows retards
>>60952446
>he thinks he can disable telemetry