Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W32.Sober in conhost.exe?

05 Jan 2009   #31
krypnik

Windows 7
 
 

Thank you very much for your quick answers.

I have successfully recovered the file, following Ted's and Mr Grim's suggestion on doing a system restore.


Thank very much, once again!


My System SpecsSystem Spec
.
05 Jan 2009   #32
Bare Foot Kid
Microsoft MVP

W 7 64-bit Ultimate
 
 

Hello again krypnik.

I'm pleased to see you've found a solution that worked for you!

















Later Ted
My System SpecsSystem Spec
05 Jan 2009   #33
Airbot

Windows 7 Ultimate x64 SP1
 
 

Glad you got it back krypnik.
My System SpecsSystem Spec
.

12 Mar 2009   #34
spook24

Win 7 x64
 
 

is this a false postive? i know its been while since this thread has had anything added to the topic, but i just got home and when my computer came back up from idling for about 3 hours i had about 20-25 conhost.exe's running the back ground. and then one by one they disappeared. im running build 7048 64-bit. just was unclear if it was or not.


im probably going to to a clean install within the next few days, so any kind of infection at this point will get erased then.



spook
My System SpecsSystem Spec
03 Dec 2009   #35
john d ross

windows 7
 
 
conhost.exe (Sober Trojan)

If everybody is so sure this is a False Positive, tell me how you deleted it! It has it's own Administrator rights and Says can only be deleted or changed by "Trusted Installer"! As Administrator, I should be able to delete or change any file I wish!
It claims to be a Microsoft file. Why will Microsoft not come out and say it is?
I wonder how many computers are infected, and when will Conhost suddenly come alive! I do believe this is a Trojan!
My System SpecsSystem Spec
03 Dec 2009   #36
rsvr85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by john d ross View Post
If everybody is so sure this is a False Positive, tell me how you deleted it! It has it's own Administrator rights and Says can only be deleted or changed by "Trusted Installer"! As Administrator, I should be able to delete or change any file I wish!
It claims to be a Microsoft file. Why will Microsoft not come out and say it is?
I wonder how many computers are infected, and when will Conhost suddenly come alive! I do believe this is a Trojan!
Hi john d ross & welcome
The whole point is, is that MS don't want you to delete that file as it's needed by the system.
Even with admin privileges, you don't have access/control over a lot of files.
If you really did want to delete it, you'd make sure that you have ownership and full control permissions before doing so (NOT RECOMMENDED).
This might be of interest to you.
What is conhost.exe and Why Is It Running? :: the How-To Geek
My System SpecsSystem Spec
03 Dec 2009   #37
john d ross

windows 7
 
 
conhost sober trojan

conhost.exe (Sober Trojan)
thanks rsvr85
APPRECIATE YOUR QUICK REPLY. jUST WONDERED ARE THERE ANY OTHER FILES IN THE O.S, WHICH ARE UNDER THE CONTROL OF "' tRUSTED iNSTALLER"' AND WON'T ALLOW EVEN ADMINISTRATOR ACCESS? AND WHY DOES CONHOST.EXE CHANGE TO CMD.EXE AND BACK AGIN, BY ITSELF, AFTER I OPEN THE SYSTEM32 FILES.
REGARDS
My System SpecsSystem Spec
03 Dec 2009   #38
rsvr85

Windows 7 Ultimate x64
 
 

A lot of the files in %windir% & %windir%\system32 are under the control of trusted installer. It's much safer that way
conhost doesn't have a GUI i believe and as such will probably just flash when you try and execute it in Explorer, much the same as ipconfig.exe does.
See the How-To-Geek link above for a full explanation of conhost.exe
My System SpecsSystem Spec
03 Dec 2009   #39
john d ross

windows 7
 
 
conhost sober trojan

One more concern.
My Virus protection provider asked me to Password Protect Archive and send to their investigators. The system will not allow me to Archive and send. Message says Access not allowed! I am not deleting, or changing the file, but access is denied!
Why is Microsoft not speaking about all these concerns?
My System SpecsSystem Spec
03 Dec 2009   #40
rsvr85

Windows 7 Ultimate x64
 
 

What concerns?

As the file is system protected, it won't allow access by anything other that itself. Also this is possible to happen if the file is in use (which conhost.exe probably will be)
Please, unless you are 100% sure it's malicious, do not delete conhost.exe
My System SpecsSystem Spec
Reply

 W32.Sober in conhost.exe?




Thread Tools




Similar help and support threads
Thread Forum
Conhost.exe error in program
when conhost.exe running in my pc the cpu processing increases rapidly & temp 60 degree above, normal is 39-45 in task manager what's the solution? please .......
General Discussion
task manager shows extra cmd.exe/conhost/explorer - why?
I leave my Win7 pro machine running from 8am to about midnight every day and when it's off, it was done so by Start->Sleep (for quick boot time). Sometimes I'll have cause to go into the task manager and despite having no visible CMD windows or explorer windows (or perhaps just one), I'll see...
General Discussion
Why CONHOST.EXE process starts ONLY when I use TOR?
Hi guys, I have read in other threads the function of CONHOST.EXE process in Windows 7 (the legit process located in SYSTEM32 folder). But I wonder why in my pc this process appears only when I use the Tor Browser, and not when I use the stardard Firefox browser or in any other situation. ...
General Discussion
Conhost exe
I have 26 instances of conhost.exe running at the moment. It's slowing the laptop down. Yesterday there were close to 300 and when it first happened a few days ago there were 240. The only thing I can do is to restart the laptop which clears them for a while. I have AVG with firewall and...
General Discussion
conhost.exe infected. (backdoored)
Hi all.. Well,i dont know if this is normal but why is there always two conhost.exe And i mean its always running.. So i logon to my computer check task mananger and there are two conhost.exe running. So i then check WinPatrol and i go to active tasks and its running there also..But it...
System Security
conhost.exe
I keep on getting this message all the time and the only way I can get rid of it is to disable my virus protection any one know how I can solve this
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App