Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Function ScanLegitsSvcHost() {
- @'
- ####################################################################
- Please wait, scanning for legitimate svchost processes...
- ####################################################################
- '@
- Start-Sleep -Milliseconds 1500
- $allsvchost = Get-WMIObject Win32_Process | Where-Object {($_.Name -eq "svchost.exe") -and ($_.CommandLine)}
- $legitsvchost = $allsvchost | Where-Object {($_.ExecutablePath -eq "C:\Windows\system32\svchost.exe")}
- $illegalsvchost = $allsvchost | Where-Object {($_.CommandLine) -and ($_.ExecutablePath -ne "C:\Windows\system32\svchost.exe")}
- Clear-Host
- "Number of all running svchost.exe instances: $(($allsvchost | measure-Object).Count)"
- "Number of running legit svchost.exe instances: $(($legitsvchost | measure-Object).Count)"
- "Number of running illegal/virus svchost.exe instances: $(($illegalsvchost | measure-Object).Count)"
- @('All','Legit','Illegal') | Foreach {
- "`n$($_) svchost instances"
- "####################################################################`n"
- invoke-Expression "`$$($_)svchost | format-Table ProcessName,ProcessId,Handle,commandline,ExecutablePath"
- "`n"
- }
- read-host
- }
- ScanLegitsSVCHost
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement