This is a Windows system installed file with Windows File Protection (WFP) enabled.
svchost.exe has 53 known versions, the most recent one is 6.3.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'obrvj' with the name 'DcomLaunch' and described as “Bietet Startfunktionalität für DCOM-Dienste.”. . It is run under the context of the LOCAL SERVICE account. This is executed as a shared service (which simply means that this service can share a process with other Win32 services). During installation the program adds a job to the Task Scheduler that will runs weekly. The average file size is about 18.92 KB. It is an authenticode code-signed executable issued to Microsoft Corporation by the certification authority Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0006% including both foreground and background operations, the average private memory consumption is about 21.62 MB with the maximum memory reaching around 42.23 MB. Addionally, typically read and write I/O disk operations is about 48.42 KB per minute for reads and 14.92 KB per minute for writes.
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
(Note, the programs listed below are for all versions of Host Process for Windows Services.)
(Note, the behaviors below are for all versions of svchost.exe, select a unique version for details.)
This is the shared Service Host controller that runs some of the following shared services:
Exceptions allow programs to access to the Internet through an outbound connections
Based on 40+ industry antivirus scanners, 16 of them detected the following malware.
Austria installs about 39.50% of Host Process for Windows Services.
