Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W32.Sober in conhost.exe?

16 Dec 2008   #1
ShaWn

Windows 7 build 7057
 
 
W32.Sober in conhost.exe?

SpyBot discovered W32.Sober in file Windows\System32\conhost.exe (build 6956). Can somebody confirm it? Or it's fake alert?


My System SpecsSystem Spec
.
16 Dec 2008   #2
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

can you do a sfc /scannow???

or if you dont want to go thorough that process can you give us the MD5 hash
go here
http://www.whitsoftdev.com/md5/
download the unicode and open it point to the file itself and post the hash here..
My System SpecsSystem Spec
16 Dec 2008   #3
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

i got this
05f88bf36b0cdd276cc0b6ad9554b397 md5 hash
whats yours???
My System SpecsSystem Spec
.

16 Dec 2008   #4
ShaWn

Windows 7 build 7057
 
 

Quote   Quote: Originally Posted by darkassain View Post
i got this
05f88bf36b0cdd276cc0b6ad9554b397 md5 hash
whats yours???
It's same as I have, there are 2 options now:

1) Worm is in instalation files
2) SpyBot doing false alarm
My System SpecsSystem Spec
16 Dec 2008   #5
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

yes this is a false alarm...
have 6956 in vm...
clean install
there are no connections bypassing the firewall (got ms network monitor to check for that)
and frankly avast would have picked it up (on my real machine have 6956...)
My System SpecsSystem Spec
16 Dec 2008   #6
Brink

64-bit Windows 10 Pro
 
 

Hello Shawn,

Yes, I can confirm the same thing.

-s-d.jpg

Shawn


My System SpecsSystem Spec
16 Dec 2008   #7
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

you can also check in processxp
its strings
if you know how...
here is conhost.exe strings...
i see nothing out of the ordinary in the strings....

edit: two shawns ...lol
My System SpecsSystem Spec
16 Dec 2008   #8
Brink

64-bit Windows 10 Pro
 
 

I agree, but I just do not feel comfortable with it considering the source of the OS.
My System SpecsSystem Spec
16 Dec 2008   #9
zm91

Windows 7 Build 7057 x64/7068 x86
 
 

this file was running when i was playing GTA IV.

but then after a few runs, it's gone.
My System SpecsSystem Spec
16 Dec 2008   #10
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Thanks for the info Shawn,

Was thinking of replacing my 6801 x86 with 6956 but think I'll wait till the public beta
My System SpecsSystem Spec
Reply

 W32.Sober in conhost.exe?




Thread Tools




Similar help and support threads
Thread Forum
Conhost.exe error in program
when conhost.exe running in my pc the cpu processing increases rapidly & temp 60 degree above, normal is 39-45 in task manager what's the solution? please .......
General Discussion
task manager shows extra cmd.exe/conhost/explorer - why?
I leave my Win7 pro machine running from 8am to about midnight every day and when it's off, it was done so by Start->Sleep (for quick boot time). Sometimes I'll have cause to go into the task manager and despite having no visible CMD windows or explorer windows (or perhaps just one), I'll see...
General Discussion
Why CONHOST.EXE process starts ONLY when I use TOR?
Hi guys, I have read in other threads the function of CONHOST.EXE process in Windows 7 (the legit process located in SYSTEM32 folder). But I wonder why in my pc this process appears only when I use the Tor Browser, and not when I use the stardard Firefox browser or in any other situation. ...
General Discussion
Conhost exe
I have 26 instances of conhost.exe running at the moment. It's slowing the laptop down. Yesterday there were close to 300 and when it first happened a few days ago there were 240. The only thing I can do is to restart the laptop which clears them for a while. I have AVG with firewall and...
General Discussion
conhost.exe infected. (backdoored)
Hi all.. Well,i dont know if this is normal but why is there always two conhost.exe And i mean its always running.. So i logon to my computer check task mananger and there are two conhost.exe running. So i then check WinPatrol and i go to active tasks and its running there also..But it...
System Security
conhost.exe
I keep on getting this message all the time and the only way I can get rid of it is to disable my virus protection any one know how I can solve this
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App