Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: malicious? "Host process for windows tasks" in notification area icons

27 Jan 2015   #11
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Taskhost.exe

Quote   Quote: Originally Posted by Keyes View Post
I have 4 taskhost.exe files.

1 in system32, and 3 in winsxs, which I believe are all legit. As I said, mbam detects no bad network activity and the scans are clean.
That's how it should be. Nothing to worry about then. About the only other thing I might be able to suggest is to run ProcessExplorer. (Right click the executable) and choose "Run as adminstrator"

See the tutorial here:

Process Explorer + VirusTotal (to check all processes with 50+ AV's)

Once you've got it set up to scan processes with VirusTotal take a look at the processes running as .dll's under taskhost.exe

Change View to "Show Lower Pane" and change "Lower Pane View" to "Show DLL's"

Highlight taskhost.exe in the list of running processes and check the VirusTotal scores for the listed DLL's.

If the icon reappears any time soon post again and there's another tool that can check all executables that were run or created during the last 30 days.

malicious? "Host process for windows tasks" in notification area icons-process-explorer.jpg




My System SpecsSystem Spec
.
27 Jan 2015   #12
Keyes

Windows 7 Home Premium 64 bit
 
 

Will try some methods soon, just rerunning mbam and did a process explorer dll and handle search for taskhost.


I see one entry under system, as a process.
Onder under csrss.exe as a process, 10 as threads.
1 taskhost process under services.exe
1 process under lsass.exe
1 process under svchost
20 or so threadscof taskhost.exe as itself.
My System SpecsSystem Spec
27 Jan 2015   #13
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Process Explorer

What you want to see is a list of DLL's shown in the lower pane being scanned by VirusTotal when you highlight taskhost.exe. It's just as well to check the rest of the running processes.

I have a very vague memory that I might have seen your problem notification area entry on my own machine once before after Windows installed updates. I'm not 100% sure though!
My System SpecsSystem Spec
.

27 Jan 2015   #14
Keyes

Windows 7 Home Premium 64 bit
 
 

I did have a new .net framework update. Was it a recent one, or many updates ago this memory comes from?


Just tried out virustotal, and just one program had 1/57 - iusb3mon.exe. its a signed file, and seems to be labled as a generic w32 hfs.adware 2048 by Bkav. Must be a false positive. (Running intel chip, file has existed for years.)


Im not sure if I understand how to get virsutotal to scan .dlls though.
My System SpecsSystem Spec
27 Jan 2015   #15
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
False Positive

Quote   Quote: Originally Posted by Keyes View Post
I did have a new .net framework update. Was it a recent one, or many updates ago this memory comes from?


Just tried out virustotal, and just one program had 1/57 - iusb3mon.exe. its a signed file, and seems to be labled as a generic w32 hfs.adware 2048 by Bkav. Must be a false positive. (Running intel chip, file has existed for years.)


Im not sure if I understand how to get virsutotal to scan .dlls though.
1/57 detection sure does look like a false positive.

If you click the "View" tab in the Process Explorer toolbar then select "Show Lower Pane" then under the "View" tab the next entry is "Lower Pane View" - set that to "Show DLL's" then highlight taskhost.exe in te process list.

It probably won't show any detections but it's best to check.

Re: Windows updates. It was ages ago that's why my memory isn't clear. I just thought that I'd mention it!

The other thing is that I have a habit of regularly reseting notification area icons and clearing icon cache anyway!
My System SpecsSystem Spec
28 Jan 2015   #16
Keyes

Windows 7 Home Premium 64 bit
 
 

Currently have the .dll lower pane tab set, it also shows .exes and .mui, .db, .nls, etc, but mainly .dlls. Only file with a detection is the iusbmon, which is a false poaitiv3. Spent 10-15 mins or looking at each process, and all related dlls and files above were clean.

How does it sound?
My System SpecsSystem Spec
28 Jan 2015   #17
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
No detections?

Quote   Quote: Originally Posted by Keyes View Post
Currently have the .dll lower pane tab set, it also shows .exes and .mui, .db, .nls, etc, but mainly .dlls. Only file with a detection is the iusbmon, which is a false poaitiv3. Spent 10-15 mins or looking at each process, and all related dlls and files above were clean.

How does it sound?
It sounds okay to me. Just post again if that notification area entry ever reappears. As far as malware and stuff goes - it's only a big problem if it's sending your data to a server somewhere or asking you for money to fix something. If there's no malicious ip address connections detected and no dodgy running processes then I wouldn't worry about it!
My System SpecsSystem Spec
28 Jan 2015   #18
Keyes

Windows 7 Home Premium 64 bit
 
 

Thanks. Im going to reset the icons now (its still there since I did a restore to get it back to investigate. )


Is the method of deleting the iconstreams and pasticonsteams the recommended way? I apologise for any mispellings, using an android.
My System SpecsSystem Spec
28 Jan 2015   #19
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Reset notification area icons

I always use the batch file that can be downloaded from Brink's tutorial:

Notification Area Icons - Reset

I'm not sure what the best method is but the batch file works.
My System SpecsSystem Spec
07 Apr 2015   #20
Keyes

Windows 7 Home Premium 64 bit
 
 

I've seen it come up again, and I believe it is related totto the pop up that comes up when when windows detects "slow performance" and tries to switch aero. I recently saw that pop up, and it also shares the same yellow exclamation mark, which now appears in the notification bar.
My System SpecsSystem Spec
Reply

 malicious? "Host process for windows tasks" in notification area icons




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"Notification Area Icons" Settings - Enable or Disable
How to Enable or Disable Changing "Notification Area Icons" Settings in Windows 7 and Windows 8 The notification area is a part of the taskbar that provides a temporary source for notifications and status. It can also be used to display icons for system and program features that are not on the...
Tutorials
Host Process for windows Tasks has stopped working
I played game <Sims 3> I got a sound crash . SO I press longer start of Laptop .. When i reopen , I got a problem Host of windows process has stopped working , Then i click close program , and the new Problem came out COM Surrogate stopped working . THEN I CLICK close program , but it's not close...
General Discussion
"Windows Explorer" listing in Notification Area
I just restarted my computer and the restart was very slow, yet the weird part was when the desktop came up I saw a yellow padlock in the notification area. It has never been there before. I scrolled over it to get a description and nothing comes up. If I click on it it disappears. When I go to the...
General Discussion
getting rid of "Notification Area Icons" that are now N/A
how can I remove from the "Notification Area Icons" list those icons that no longer exist? (in this case, it isn't an uninstalled program, but modules and download windows that were sent to the tray and now remain listed...as though they were programs themselves about which I might still want...
Customization
Host process for windows tasks
Hi all First post ;) I am using AVG firewall and get a connection attempt from a process called "host process for windows tasks", IP address 65.55.22.252 :80. I believe that is a Microsoft IP address but I could be wrong. I read that this process is a general process and could be any app,...
General Discussion
Eject hardware showing "Windows host process"
My external HD will not eject. In Vista it ejects fine. I west to customize the tray icons and saw this. The eject button listed as "Windows Host Process" What is up with this and is this why it will not eject? I have never seen this before and wonder if it's correct or a bug. I went back a few...
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App