How can I tell whether Svchost.exe is safe?

It is my understanding svchost.exe can be part of Windows or it can be a hidden virus.

Comodo is asking me if I should allow it or not. I also have Avast on my computer.

How can I tell wether the svchost.exe on my computer is safe?

How exactly do I scan it?

 

A lazy c/p;

Svchost.exe is the most mysterious process in Windows XP/Vista. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The authentic svchost.exe file is located in C:\Windows\System32, but numerous viruses and trojans use the same file and process name to hide their activities.

Don't be alarmed by the last sentence. The bold one is important to understand.
An svchost process can harbour quite different services.
To find out what services exactly, you can use Svchost Process Analyzer. It also shows the location of what is running.
The prog is small, free, doesn't mess with your OS/registry etc.
Check the services running yourself, you'll also learn a bit about your OS inner workings.
Download/read more here; link

 

If you find svchost.exe appearing in msconfig startup list, it's most likely a malware.

 

Are you running 2 AV programs? From what I've read here, that's highly frowned upon. They can cause conflicts with each other.

 

Comodo firewall and Avast

 

Ah, gotcha.

 

Ran it but can't really interpret it.

 

Yeah I jumped in and gave a plus 1 rep for that link,

I found it to be a pretty useless piece of software. It tells you that there is blah blah amount of warnings and you need to run some other software to check it's security and that is not free.

If you actually look at all the warnings a large majority of them
Are actually windows dll's

Don't waste time worrying about what that tells you.

 

You can also use ProcessExplorer which is part of the Microsoft Sysinternals Suite. This program will give you even more information but it doesn't show you any warnings.

When having downloaded SysInternals Suite ( link), extract the zip file into a folder and search for and open ' procexp.exe'.

The program will list all running processes.
Don't be taken aback by the amount of info displayed.
Just take a step-by-step approach to see what is what.
When you click on System; Services, move your mouse over an svchost.exe process and you can see all the services running inside it. (right-click on the grey row displaying 'CPU', 'Description'; click on 'Select Colums' and then tick 'Image path')

When you select the column 'Image path', you can see the exact location from where the services are running.
On the XP box I'm working with now, all 'svchost.exe' processes originate from 'C:\Windows\System32'.

kevinla, this might seem like a 'tour of duty' when only wanting a simple answer but this is the way for you to see yourself what's running.
Just take it step by step.
When having SysInternals, you can uninstall Svchost process Analyzer.

 

Do you have any reason to believe your infected?

if not, you can pretty much assume you're alright