conhost.exe and cmd.exe
+5I continue to have multiple events of the conhost.exe file running crateing mulitple cmd.exe events. I am not sure if this is an indication of an infection of simply my system requirements. I have set both to monitor through webroot and the events seem to have stopped except.... that my system keeps trying to copy the conhost file in other directories. I also found that the conhost file seems to be getting modified, for what reason I do not know. Sorry for all the questions but I've not been at this long and I may be overreactiing and maybe I read too much. I've had Malwarebytes and Kasperkys take a whack at it and came up with nada. Any thoughs besides re-format ?
Hi Joseph1973
Welcome to the Community Forums.
Yes, this is a difficult one indeed as for as many times as we come across this and it is benign/due to some other reason we also see this as a result of malware infection. If I had to give an opinion I would say based on the "...system keeps trying to copy the conhost file in other directories. I also found that the conhost file seems to be getting modified" I would say malware, is the cause but, I would not bet my shirt on that...as I am no expert.
I have done some research and come across this thread over at the Microsoft Forums, that refers to what you are reporting , so perhaps a look at that may assist?
But if still unsure, and given that any uninformed 'tampering' can cause as much damage as a malware infection my recommendation would be to Open a Support Ticket ASAP so that the Support Team can investigate and advise either way and if down to a malware infection then they can look to provide technical assistance to resolve the issue.
This service is free of charge to WSA users with an active/current subscription.
Please let us know how you get on.
Regards, Baldrick
Welcome to the Community Forums.
Yes, this is a difficult one indeed as for as many times as we come across this and it is benign/due to some other reason we also see this as a result of malware infection. If I had to give an opinion I would say based on the "...system keeps trying to copy the conhost file in other directories. I also found that the conhost file seems to be getting modified" I would say malware, is the cause but, I would not bet my shirt on that...as I am no expert.
I have done some research and come across this thread over at the Microsoft Forums, that refers to what you are reporting , so perhaps a look at that may assist?
But if still unsure, and given that any uninformed 'tampering' can cause as much damage as a malware infection my recommendation would be to Open a Support Ticket ASAP so that the Support Team can investigate and advise either way and if down to a malware infection then they can look to provide technical assistance to resolve the issue.
This service is free of charge to WSA users with an active/current subscription.
Please let us know how you get on.
Regards, Baldrick
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.