Each user of a modern Windows system, one way or another, in the process of work calls up the Task Manager, where all running applications, services and processes are displayed. Many people pay attention to a system component called conhost.exe. What it is, and why this service is needed at all, will now be considered.
What is conhost.exe in task manager?
For uninitiated users, we note immediately that this system service is required to be enabled. It first appeared in Windows Vista, adding to the csrss.exe process, which was originally present in the "expiry".
If we talk about what the conhost.exe process is, in simple language, it should be noted that it is responsible for fixing a long-standing problem related to drawing console windows (for example, a command-line window similar to what used to be in DOS systems )
Analog in Windows XP
To begin, consider the beloved by many Windows XP. Maybe some users have noticed that when using a certain theme, different from the one installed by default, the console window always looks in a classic "action" form.
The fact is that window drawing was assigned to the system itself (the above csrss.exe process was responsible for this). Thus, it was impossible to change the appearance of the window so that it corresponded to the current design.
Problems in Windows Vista
To change this situation in Vista, a new service was used, the system file conhost.exe was responsible for launching. Although the process worked with a lower priority than csrss.exe, in most cases, it fixed the appearance of the window.
However, as mentioned above, the service itself was incomplete, as a result of which the windows had an old look. In addition, in Vista, although it was originally intended, there was no possibility of dragging the file into the console window from the standard Explorer, because it did not have high privileges compared to the parent process.
Changes in Windows 7 and higher
Starting with the seventh version of Windows, the conhost.exe service has undergone dramatic changes. Although it is still located between csrss.exe and cmd.exe in the process priority tree, it nevertheless allows you to display the console window in a form that corresponds to the installed theme.
The main change affected the fact that now it was possible to insert files from Explorer, for example, directly into the command prompt window, which displayed the full path to the specified file on the screen, saving the user from having to enter it manually.
In most cases, the conhost.exe service itself works exclusively with a command line con. Although today you can find many applications that to some extent may require access to console windows, their operation takes only a few seconds, and the appearance of the called horse occurs automatically without user intervention. That is, for example, at a certain stage of program installation, a window appears in the crane in which some actions are performed, and at the end of the process the window disappears on its own, which eliminates the need for the user to close it manually.
The conhost.exe service starts repeatedly: how to treat it?
Now consider the possible problems that may arise in the case of autonomous operation of this system module. The executable file is located in the System32 folder of the Windows main directory. It is easy to guess that if the service is launched precisely through this file, there is nothing potentially dangerous in it, and forcibly terminating it is not recommended in any case.
But it also happens that several processes of the same name appear in the same Task Manager . What does this mean? Itβs just that a virus has penetrated the system, which in its simplest way produces its own disguise as a system service. But many users simply donβt know which process needs to be completed if suddenly there are problems with an increased load on system resources precisely because of this component. In addition, if all these processes are turned off sequentially, nothing happens - the viruses are activated again.
Two of the most well-known and most potentially dangerous threats disguised as conhost.exe are Trojan: Win32 / Alureon.FM, or Backdoor: Win32 / Cycbot.B and RiskTool.Win32.BitCoinMiner.amv, or Packed.Win32. Krap.hy. As can be seen from the classification, these are ordinary trojans that are aimed at opening access to the system in order to intercept user information and transmit it to third parties or use it for their own purposes. In some cases, a malfunction of the system is possible, just related to the increased load on the central processor and RAM.
It seems that there is no particular need to explain how to get rid of this. You will have to use an anti-virus scanner, but not the one installed in the system by default (he already skipped the virus), but some portable utility like Kaspersky Labβs KVRT, Dr. Web CurIt! etc. If they do not help, then you should use heavy artillery in the form of special utilities with the general name Rescue Disk. As you can already guess, the most powerful in this regard are the products of Kaspersky and Dr. Web This is recognized by both experts and ordinary users.