Solved Suspected file and startup in MSCONFIG: taskhost.exe

[Machariel]

Hi,

MSCONFIG has now a startup entry called: c:\Users\Administrator\AppData\Local\Microsoft Windows\taskhost.exe

I don't trust this. Why would MS Windows load such an executable via the registry (in HKCU). It didn't before and it doesn't load other surrogates this way. However, my Avast (I just ran it) didn't remove it or mentions it's unsafe. I'm not sure about that.

Do I have more tougher scans or detection methods at my disposal? Or do you have other suggestions for me?

Cheers!

 

[winini]

Hmm. Starting off with some basic questions, did you install any programs or have any suspicious behavior on sites or any suspicious sites?

 

[Machariel]

Hmm. Starting off with some basic questions, did you install any programs or have any suspicious behavior on sites or any suspicious sites?

Yes, good question. Youtube occasionally ran choppy for a few seconds. Knowing my system, this was dubious. On startup, said suspicious file ran at 15% CPU usage for a few seconds which was also suspicious. Also, yes, I did install programs. Lot of them.

Edit: solved with Malwarebytes. Turns on a language learning helper utility I installed, which I downloaded from a torrent site, added a password stealer according to malwarebytes. And guess what, it was exactly the file and registry entry I suspected! MB removed it after the required reboot. I'm downloading bitdefender now for other types of scans.

Although I solved it, i do wish you to to thank you most gracefully for your interest in helping out.

 

[winini]

Your welcome! I'm starting to not trust avast...

 

[winini]

Pressed post button... Oops [emoji53]

 

[Machariel]

Your welcome! I'm starting to not trust avast...

The proof is in the pudding I'd say. I'm combining Malwarebytes with Bitdefenderr now.

 

[winini]

Meh, good point