The Download Blog

Published by Mesila; San Francisco, CA

I recently had unknown malware that was causing Windows to keep rebooting at odd moments. Another thing it did was install a kazillion services and then have all of them running at once. It wasn't something that any scanner would pick up--and being big on file sharing, I've made it a point to keep a whole army of antimalware programs around. I'm assuming the culprit was either one that was new at the time, or a variant that had morphed itself from an older version. Eventually, after a lot of fussing and cussing, I had to reinstall Windows XP. (The malware had also gacked the System Restore function.)

Services in general faze me, even as an intermediate-to-advanced user. I use Process Explorer to ferret out running services that do not belong to Windows or to programs that I am familiar with, but more than once I have shut down something I'll see running that hides under svchost.exe. It confuses me to see svchost.exe running multiple copies of itself--that's one place a lot of active malware hides, but too often I'll end up hosing something that I shouldn't have and screwing up my system in the process.

I wonder if there's some way to shut down services we're never going to use, or keep anything other than Windows from using them, because then I wouldn't have this happen so much. I'd imagine that would also save resources. Windows Help files about services are unfortunately not very helpful.

Editor's response

Good move with Process Explorer. We've extolled its virtues in many an editorial as a clear way to see what's running and pick off what ought not to be. Yet despite Windows' proclivity to run multiple instances of the generically-named process, not all host files are troubled.

However, since you asked, one way we know about how to control a Windows service in XP is through the Service Control Manager. There are two methods of getting to this native control. Method one: Open the control panel, and then select Administration Tools. Select Services from the bottom of the pile. Method two: Press the Start button, select Run, and type in services.msc.

If you hover over an instance of the svchost.exe in Process Explorer, you'll see which services are associated with each process, and can then suspend the service from the Service Control Manager. You can also right-click any process in Process Explorer and click "Properties," then hit the "Service Tab" to stop or pause any of them without using services.msc.

That's my take, but if others of you out there have insight for Mesila or for anyone else confounded by hosts, now's your chance to pipe up in the comments.

If you've ever tried tracking down a process in Windows Task Manager, you know it's like looking for a needle in a haystack. Process Explorer makes the job a lot easier. This utility displays running processes in an intuitive tree format that includes not only process names, but also program icons and other data, such as description, image, and processor time.

It also can identify the process for a given application window or look up a process name in Google--a handy way to spot spyware or just to drill deeper into what your computer's really doing when you're not paying attention. Additional features offer detailed information on performance, DLLs, threads, handles, TCP/IP connections, security settings, and environments. Despite its lack of visual polish, Process Explorer is one of the best Task Manager replacements around.

This is a continuation of my previous posting (Using Process Explorer to tame svchost.exe - Advanced topics) which introduced the excellent Process Explorer program, a souped up version of Task Manager. According to the author, "Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 and IA64 processors, and Windows Vista." And, it's free.

When a computer is running slow, people sometimes guess at the underlying problem. An experienced Process Explorer user doesn't have to guess.

Below is the main Process Explorer window. There's a lot going on here, you may want to, click here for a larger version of the image.

Process Explorer - The Main Window

As computers go, the one in the picture is pretty boring, it's a Windows XP virtual machine with next to nothing installed. Chances are, a similar display on your computer will reveal two or three times as many processes.

The Process Explorer window is extremely configurable, the next posting will cover installing and configuring the program. The screen shot shows eight data fields, those I find the most useful. I also like to include I/O counts but left them out here for space reasons. This is one application that really benefits from a wide screen display.

The columns in the middle are what first attracted me to Process Explorer - the description of the process, the name of the company that created the process and, most importantly, the executable file running in the process. Just knowing the directory that a program is running out of has been useful in and of itself. The CPU History column is also vital, with spikes of green showing processes consuming large amounts of the processor over the last few minutes.

Properties of a Process

To get information on a running process in Process Explorer, double click on the process name. This opens a properties window (see below) with nine tabs.

Earlier I noted the difficulty in pinpointing a performance problem to a Windows service* running inside an instance of the svchost.exe process. This is because Process Explorer breaks down processes by thread rather than by service. Even when a process hosts a single service, there can can be multiple threads. But all is not lost.

Go to the Threads tab, expand the CPU column and click on the column heading to sort the list of threads by their current CPU usage.

Properties of a Process - Threads Tab

To see more information about a thread highlight it and click on the Module button just below the list of threads. This displays the properties of the file underlying the thread (see below). The properties window opens in the General tab, go to the Version tab. This isn't foolproof, but you may get lucky, as in the example below, where the file/module is obviously the DNS Caching Resolver Service.

Version Property of a Module/File

Another useful tab is Services, which, as you can see below, provides information on the services, if any, running inside the target process.

Properties of a Process - Services Tab

Setting Priorities

Sometimes a necessary program on your computer can get in the way. If, for example, you're facing a deadline and the computer is running a full hard disk scan, it may become so slow as to interfere with your work. Such was the problem Peter Butler faced. While your knee jerk reaction may be to cancel the interfering software, on a corporate computer this can be problematic. Process Explorer offers a couple less intrusive options - it can slow down or freeze a program in its tracks.

Slowing down a running program/process is something Task Manager can also do. In both Task Manager (from the Processes tab) and Process Explorer, right click on the name of the process and select "Set priority" from the pop-up menu (see below). The default priority is "Normal", changing it to "Below Normal" lowers the priority one notch. Changing it or "Low" (in Task Manager) or "Idle" (in Process Explorer) lowers it two notches, and should let you get your work done with a minimum of interference.

Changing Priority

Freezing a process is something Task manager can not do. In Process Explorer click on "Suspend" after right clicking on the process name. By default, Process Explorer displays suspended processes as dark gray. If a suspended processes was running a visible application, the application window can't be minimized, resized or even re-painted when another window covers it up. To resume the application, right click on the process name again and select "Resume".

There is one caveat however, some processes do not allow their priority to be changed. I don't know a way around that.

Next Up...

Next time, installing and configuring Process Explorer.

*A service is a special type of Windows program. Most services are part of Windows, the previous posting discussed the Automatic Updates service and the Task Scheduler service. Applications can also install their own services. In Windows XP services are managed from the Administrative Tools applet in the Control Panel.

Note: This posting is based on Process Explorer version 11.04, which was current at the time this posting was written. The screen shots were taken on a machine running Windows XP.

See a summary of all my Defensive Computing postings.

Svchost.exe processes in Windows Task Manager.

(Credit: CNET Networks)

The situation is familiar to countless Windows users: They're in a groove at work, firing off e-mails, crafting documentation, and even blogging on their personal site during breaktime, when suddenly, something takes over 99 percent of the CPU, slowing it to a virtual standstill. A quick look at the invaluable Process Explorer (or the standard Windows Task Manager) indicates that a process called svchost.exe is using all that CPU. What's more, there's one main CPU offender. Multiple versions of svchost.exe are running in the background and hogging CPU cycles. What is it? Is it spyware? Hackers? Terrorists?

Although there are historical cases of malware using svchost.exe, because of its common presence, it's most likely just Windows being Windows. Svchost.exe is a generic process name for Windows services that run from Microsoft DLLs (dynamically linked libraries). Each of those instances of svchost.exe in the process lists actually represents a group of services that each process is managing. With Process Explorer, it's easy to see which services each process manages, and stop them one by one to see which is the CPU culprit.

In the spring of 2007, a major problem arose with a Windows update that caused svchost.exe to use 100 percent of CPU because of an issue with Automatic Updates. To correct that bug, be sure that Windows is fully patched with the most recent updates.

The first thing to do is to determine which of the active svchost.exe processes is causing the slowdown. Fire up Process Explorer, and click on the CPU column header to sort the list of processes by processor usage. A list of processes, sorted from most processor intensive to least intensive, is displayed. When the computer stalls, switch over to Process Explorer and see which running process is causing the crunch. ... Read more

It's hard to like the Windows Task Manager. It's clunky, makes drilling into computer's processes nigh impossible, and offers little help into what's going on. Like most native Windows tasks, though, there are freeware replacements available. Today we're looking at three of them: Process Explorer, Security Process Explorer, and Process Manager 2 Lite, all of which have recently received updates.

... Read more

Writing up a list of items for which I'm thankful is such a cliche at this time of year...that I can't pass up the opportunity to add my own contribution to the Thanksgiving fray. I have very little need for 3D turkey screensavers, but luckily, there are a few more valuable applications listed on CNET Download.com upon which I can bestow appropriate tribute.

In honor of Thanksgiving week, I've decided to serve up a heaping helpful of my nine "most useful" Windows utilities on the Download.com site. Now, notice that I didn't use the word "favorite" or "best." These are simply the nine PC utilities from which I get the most mileage. Your list may of course vary, and if it is, please be sure to tell me about your own "most useful" Windows utilities in the comments.

With little further ado, read on for the list of my most useful Windows utilities. For a better look at each of the applications in the list, be sure to check out this related Download.com gallery.

9. Audacity

Audacity

(Credit: CNET Networks)

Imagine: The custom mix you created as a soundtrack for the thundrous entrance of your clogging group is nearly perfect. If only your instrumental version of "Here Comes the Hotstepper" were a minute shorter and faded out near the end to the sounds of a Michael Bufferesque exhortation proclaiming, "Let's get ready to clog!"

While the above scenario might be slightly far fetched, many of us often need to edit audio, whether it's clipping a soundbite from your boss' recent speech or removing the vocals from your favorite rock track so that you can create a karaoke video for YouTube. Audacity is a free, full-fledged audio editor for Windows, Mac, and Linux distros. It takes a bit of practice to become an effective audio editor, but a well-design interface that focuses on the most common editing tasks will have you cutting, mixing, and dubbing in no time.

8. Paint.NET

Paint.NET

(Credit: CNET Networks)

Quick! Resize those pictures of Halloween at Aunt Dottie's to upload to your photo-sharing site before you leave for Thanksgiving vacation. Oh, and reduce the file size so that each is under 100K. And while you're at it, fix the red-eye in some of the pictures of Mom. Of course, Photoshop is an excellent program for all of those basic image-editing tasks, but it's overkill in many cases. Paint.NET will provide 99% of the editing features most amateur photographers need, use a lot less system resources, and less your wallet much heavier.

The only downside is that the freeware app requires the most recent version of Microsoft's .NET framework. .NET is also free (and even included in the Paint.NET installation), but it has proved to be a minor hassle for some users.

7. OpenOffice.org

OpenOffice.org Calc

(Credit: CNET Networks)

At Download.com, we pay a lot of attention to OpenOffice.org, and with good reason. For starters, it's an essential tool for anyone who wants to be able to edit .DOC, .XLS, and .PPT files without a copy of Microsoft Office.

That's almost enough to merit inclusion on a "most useful" list, but the addition of a powerful personal-database app and a drawing application for creating graphics and diagrams make the suite quite an impressive package. Personally, I love the ability to quick create shortcut keys for frequent actions that don't have them by default.

6. Pidgin

Pidgin

(Credit: CNET Networks)

The battle of the multiservice instant-messaging clients is far from over. The popular app Trillian is currently king of the hill for Windows on Download.com, and the online client meebo is impressive too. Right now, however, I prefer the open-source program Pidgin, formerly known as Gaim.

There's not a huge difference in functionality--all three of the mentioned multiservice clients work well. However, Pidgin's open platform makes it very easy for third-party developers to provide plug-ins. Based on the limted amount of valuable plug-ins created so far, it's not a huge advantage for Pidgin. If Mozilla Firefox is any example, though, the Pidgin developer community will contribute to some interesting advances for the app. Several features in Trillian that aren't available in Pidgin by default--docking buddies or transparent interface, for example--can be accomplished via plug-ins.

As with Paint.NET, there is a slight barrier of a required install. Since Pidgin is cross-platform, it runs on Windows using the GTK+ environment, which is included in the Windows installation. The installation will also inform you if you need to update GTK+, and then complete the update for you, if desired.

5. VLC Media Player

VLC Media Player

(Credit: CNET Networks)

Remember those days when you had to add a new codecs nearly every time you downloaded a video because of the vast array of file formats available? In some cases, you even had to download a separate application just to watch a specific movie file. We certainly haven't settled on one dominant Web video file format, but we do have more applications that can play them all.

My favorite for a while has been VLC Media Player, a smallish program that doesn't look like much at first glance, but includes all of the playback options you need hidden under its surface.

4. FileZilla

FileZilla

(Credit: CNET Networks)

FTP clients seem so 20th century, but I'm willing to bet that most of us need one from time to time, whether we're updating our Web site or downloading a file from a company of friend. One of the most frequent searches we get at Download.com is for "free ftp," so it's not only me.

There are oodles of free FTP clients to choose from, and I'm always willing to listen to recommendations, but the choice is simple for me. FileZilla incorporates an intuitive design with all of the features that I need from an FTP client, most importantly simultaneous file transfers. Simple view buttons at the top show and hide treelists for local and remote directories, the transfer queue, and the message log. A very useful "Quick Connect" bar at the top of the interface lets you connect to another site without even accessing the options.

3. WinPatrol

WinPatrol

(Credit: CNET Networks)

Of all the possible security software on Download.com, WinPatrol may seem to be an unusual choice at first. After all, it doesn't directly do a whole lot to protect your computer from attacks. What it does provide is a comprehensive information about many facets of your system that are intimately tied to the security of your PC.

For Internet Explorer users, WinPatrol's detection and restriction of browser-helper objects can help stave off the results of an ill-fated click on the Web. The Startup Programs list has proven invaluable to me. Aside from teaching me that QuickTime will try to get in every time I update iTunes, it also provides alerts whenever any new or existing apps try to shove their way into my Windows startup.

There are several security apps that could have made the list (HijackThis is another essential tool that springs to mind). However, for sheer amount of overall application use with minimal time spent customizing, upgrading, or tweaking, WinPatrol earns my commendation.

2. Mozilla Firefox

Mozilla Firefox

(Credit: CNET Networks)

It might seems a little unfair to include Mozilla Firefox in a list of the most useful "utilities," but I'm taking a very broad sense of the classifying term. In many ways, Firefox is the ultimate Web utility, opening up the vast majority of content on the Internet to your personal desktop. The browser wars are far from over--Internet Explorer 7, Opera 9, and Avant Browser all have their own positive and negative qualities--and Firefox is certainly running slower and using more resources in its default configuration than ever before.

For now, however, Firefox is still cream of the crop, primarily because of the open environment for developing third-party extensions and themes and the impressive collection of plug-ins that have already been developed. Also, the configuration options are all transparent and customizable. Don't like the Go button? Kill it by opening "about:config" into the address bar, and changing the browser.urlbar.hideGoButton setting to true. Firefox is your own personalized browsing experience; ambitious users can fine-tune it to their hearts' content.

1. Process Explorer

Process Explorer

(Credit: CNET Networks)

It's certainly not the sexiest of Windows utilities to put at the top of my heap, but it's downright essential for any Windows user who installs and runs a variety of software, i.e. everyone who has read this far. Process Explorer was created by Sysinternals--a software company eventually purchased by Microsoft itself--with a variety of other valuable system tools for filling the diagnostic gaps in Windows.

Very simply, Process Explorer displays all of the running processes on your Windows system, along with a variety of data around those processes, including memory use, CPU share, window status, and directory path. And that's only in the top window. An optional second pane displays either all of the handles related to any selected process, or the relevant DLLs or memory-mapped files. You can also search for any specific problematic handle or DLL and find the related process.

A little running graph in your system taskbar can provide a helpful display of your resource usage, and it's easy to lower the priority of any specific process that might be sucking up all of your CPU. Once you swap in Process Explorer for your standard Windows Task Manager that's accessible from Ctrl-Alt-Delete, you'll likely never go back.