I have run different online scanners as well as my Norton AV, Malwarebytes, and Defender, and am fairly confident I am virus free. However, when going through the Norton Log, I came across numerous instances of where it blocked scvhost from accessing different processes. I downloaded UniBlues Process QuickLinks, to help decypher what process is what, and saw that for svchost.exe it can either be a legitimate process, or about 3 or 4 different Trojans. How on earth do you tell the legit processes apart from the virus? I understand that svchost process is needed to launch .dll files, and is legit, but can't find any info on how to tell a legit instance of it from a virus; other than understanding that enabling heuristic detection on Norton analyzes how something is running (which I always keep cranked up to High, or agressive)
Instances of svchost.exe located in the windows\system32 folder will be legitimate. Elsewhere probably malware. You can determine this by adding the "command line" column in Task Manager, details tab. Don't confuse svchost.exe with scvhost.exe which would usually be malware. The name similarity is deliberately intended to cause confusion.
The svchost.exe itself is no virus. If anything, Norton may tag a .dll running under the svchost.exe. I have, however, never seen a .dll that was found to be a virus.
You may get more insight if you run Process Explorer and find out which .dlls are running (right click on the svchost.exe in question and go to Properties > Services tag).
My Computer
Computer Manufacturer/Model Number
HP, Dell, Gateway, Toshiba - 4 laptops and 2 desktops
