W32.Sober in conhost.exe?

Page 4 of 5 FirstFirst ... 2345 LastLast

  1. Posts : 6
    Windows 7
       #31

    Thank you very much for your quick answers.

    I have successfully recovered the file, following Ted's and Mr Grim's suggestion on doing a system restore.


    Thank very much, once again!
      My Computer


  2. Posts : 22,814
    W 7 64-bit Ultimate
       #32

    Hello again krypnik.

    I'm pleased to see you've found a solution that worked for you!

















    Later :) Ted
      My Computer


  3. Posts : 18,404
    Windows 7 Ultimate x64 SP1
       #33

    Glad you got it back krypnik.
      My Computer


  4. Posts : 3
    Win 7 x64
       #34

    is this a false postive? i know its been while since this thread has had anything added to the topic, but i just got home and when my computer came back up from idling for about 3 hours i had about 20-25 conhost.exe's running the back ground. and then one by one they disappeared. im running build 7048 64-bit. just was unclear if it was or not.


    im probably going to to a clean install within the next few days, so any kind of infection at this point will get erased then.



    spook
      My Computer


  5. Posts : 4
    windows 7
       #35

    conhost.exe (Sober Trojan)


    If everybody is so sure this is a False Positive, tell me how you deleted it! It has it's own Administrator rights and Says can only be deleted or changed by "Trusted Installer"! As Administrator, I should be able to delete or change any file I wish!
    It claims to be a Microsoft file. Why will Microsoft not come out and say it is?
    I wonder how many computers are infected, and when will Conhost suddenly come alive! I do believe this is a Trojan!
      My Computer


  6. Posts : 1,065
    Windows 7 Ultimate x64
       #36

    john d ross said:
    If everybody is so sure this is a False Positive, tell me how you deleted it! It has it's own Administrator rights and Says can only be deleted or changed by "Trusted Installer"! As Administrator, I should be able to delete or change any file I wish!
    It claims to be a Microsoft file. Why will Microsoft not come out and say it is?
    I wonder how many computers are infected, and when will Conhost suddenly come alive! I do believe this is a Trojan!
    Hi john d ross & welcome :)
    The whole point is, is that MS don't want you to delete that file as it's needed by the system.
    Even with admin privileges, you don't have access/control over a lot of files.
    If you really did want to delete it, you'd make sure that you have ownership and full control permissions before doing so (NOT RECOMMENDED).
    This might be of interest to you.
    What is conhost.exe and Why Is It Running? :: the How-To Geek
      My Computer


  7. Posts : 4
    windows 7
       #37

    conhost sober trojan


    conhost.exe (Sober Trojan)
    thanks rsvr85
    APPRECIATE YOUR QUICK REPLY. jUST WONDERED ARE THERE ANY OTHER FILES IN THE O.S, WHICH ARE UNDER THE CONTROL OF "' tRUSTED iNSTALLER"' AND WON'T ALLOW EVEN ADMINISTRATOR ACCESS? AND WHY DOES CONHOST.EXE CHANGE TO CMD.EXE AND BACK AGIN, BY ITSELF, AFTER I OPEN THE SYSTEM32 FILES.
    REGARDS
      My Computer


  8. Posts : 1,065
    Windows 7 Ultimate x64
       #38

    A lot of the files in %windir% & %windir%\system32 are under the control of trusted installer. It's much safer that way
    conhost doesn't have a GUI i believe and as such will probably just flash when you try and execute it in Explorer, much the same as ipconfig.exe does.
    See the How-To-Geek link above for a full explanation of conhost.exe
      My Computer


  9. Posts : 4
    windows 7
       #39

    conhost sober trojan


    One more concern.
    My Virus protection provider asked me to Password Protect Archive and send to their investigators. The system will not allow me to Archive and send. Message says Access not allowed! I am not deleting, or changing the file, but access is denied!
    Why is Microsoft not speaking about all these concerns?
      My Computer


  10. Posts : 1,065
    Windows 7 Ultimate x64
       #40

    What concerns?

    As the file is system protected, it won't allow access by anything other that itself. Also this is possible to happen if the file is in use (which conhost.exe probably will be)
    Please, unless you are 100% sure it's malicious, do not delete conhost.exe
      My Computer


 
Page 4 of 5 FirstFirst ... 2345 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 01:32.
Find Us