No, Its Not Malware
Posted by William Diaz on July 5, 2012
I was recently asked by a tech to look at someone’s system because they were concerned it may have malware installed in it. The reason for their suspicion was because after running Process Explorer they saw that Internet Explorer was being run as a child process of one of the Windows service host processes, svchost.exe:
A quick search on the Internet by the tech lead to a lot of hits referring to malware infection of some sort, which is what originally raised his suspicion. For example, searching “svchost.exe launches iexplore.exe” returns on the first page numerous hits pointing to malware:
A more reasonable explanation for why you sometimes see the Windows service host hosting iexplore.exe is because you likely have launched IE via a URL shortcut before opening IE itself. This is because the URL shortcut isn’t a program itself and needs to leverage the DCOM Server Process Launcher service inside svchost.exe to open Internet Explorer.