The problem is, SVCHOST is a catch all windows service container. Meaning, many windows services run under the same instance of SVCHOST. How was I going to figure out which services might be the culprit?
Enter the tasklist command.
Tasklist displays info about running tasks, including SVCHOST.
Simply running tasklist at the command prompt displays a laundry list of all running processes. This wasn't going to do it, so I ran it with the "/?" switch to try and find how to narrow the info...
/SVC Displays services hosted in each process.
/FI filter Displays a set of tasks that match a given criteria specified by the filter.
Looks good so far, now I need to know what filter to apply:
Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------------------- IMAGENAME eq, ne Image name
OK, this gives us:
"C:\>tasklist /svc /FI "IMAGENAME EQ SCVHOST.EXE"
But it seems the filter is case sensitive, because when I run that command, I get this:
INFO: No tasks are running which match the specified criteria.
So, switching to lower case gives me what I want:
"C:\>tasklist /svc /FI "IMAGENAME EQ svchost.exe"
Image Name PID Services =========== ===== ======================= svchost.exe 744 DcomLaunch svchost.exe 844 RpcSs svchost.exe 888 AeLookupSvc, AppMgmt, AudioSrv, BITS, Browser, CryptSvc, dmserver, EventSystem,lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS,ShellHWDetection, Themes, winmgmt, wuauserv svchost.exe 928 Dhcp, Dnscache svchost.exe 976 LmHosts, W32Time svchost.exe 1772 Net Driver HPZ12 svchost.exe 1816 Pml Driver HPZ12 svchost.exe 2424 TermService svchost.exe 3312 TapiSrv svchost.exe 2688 W3SVC
From there, it's just a matter of shutting down or restarting each of the services listed under the process id 888 ( I got this from taskmanager).
No comments:
Post a Comment