Quite often, users of all skill levels have to run the “Task Manager” (in Windows 7, for example). Most ordinary users usually do not pay attention to active processes, but when it comes to the load on the processor and RAM, they try to find out what affects resources so much. And in the "Dispatcher" displays a lot of obscure processes, one of which can be called conhost.exe. What kind of service it is and what it is responsible for will be shown later. Along the way, we also pay attention to the fact that it can be a virus. How to neutralize it, we will consider separately.
Conhost.exe process: what is it?
In general, this active process does not apply to viruses, but is a very important system service, which is intended for the so-called rendering of console windows.
If you recall the earlier Windows systems that came out before the XP modification appeared, the same cmd console (command line) was displayed in the form of such a DOS-like window in standard design. In the XP version, the developers tried to fix this problem. The bottom line is that the console window has a design that matches the current theme.
This is what is meant. For example, in Windows XP, all program windows have a characteristic blue volumetric heading. When you call the same command line, the window began to look exactly like all other applications, and not in the standard design, a la Windows 95. That's just what conhost.exe service is responsible for. What it is is a little understandable. Move on.
Appearance story
Indeed, this process first appeared in Windows XP. Despite a rather interesting idea, the innovation turned out to be very unfinished.
The console windows themselves did not always have the look that was supposed to, and the service sometimes even “crashed”, causing critical errors, which caused the whole system to become completely inoperative (there were times when even a reinstallation was required). Yes, and the load on system resources at that time was completely unjustified, since the process was initially launched along with the system, and even used the resources when calling the consoles. It was necessary to get rid of this somehow.
Deficiencies in Windows Vista
Modification of Vista is not far from XP. Although a lot of errors were fixed in the service itself and the launched windows had exactly the appearance corresponding to the currently installed theme, nevertheless, working with the same command line, as it is supposed now, was impossible.
This means that all commands or, for example, file paths had to be written exclusively manually. There was no talk of any copying or pasting.
Redesigned Service on Windows 7 and Above
But in Windows 7, the service has changed dramatically. Not only did it almost never crash, not to mention the normal appearance of console windows, now it is possible, for example, to indicate the full path to an object, do not enter data manually, but simply drag it to the window of the same command line . The conhost.exe service is also responsible for this. What kind of tool is this about the input commands?
But here: they can be completely elementary copied, say, from Notepad or from an Internet site, and then pasted into the console for execution.
What if it is still a virus?
In general, I think it’s clear what the described system process is responsible for. Everything would be fine, but since its appearance in Windows-systems, various kinds of virus threats have begun to actively develop, which, when they penetrate the computer, are masked precisely under it. The user believes that the "Task Manager" of Windows 7, for example, shows exactly the system process, with the same attributes, but in fact it is an active service of the virus itself, which is currently producing its destructive effect on the system. Most often, a false process loads the processor and RAM, although the original process never behaves this way. And this is the first sign by which a threat can be identified.
The second distinguishing feature can be called the fact that in the "Task Manager" there are never more than two active processes conhost.exe. Two is the maximum! If there are more processes of the same name, these are definitely viruses. To find out which of them is related to the threat, it is enough to access the file location through RMB on the selected process.
The original always has the full path c: \ Windows \ System32 \ conhost.exe and no other. If you see a different location, immediately remove the threat. If it is impossible to perform such actions, use portable anti-virus scanners (it is best to use disk utilities with built-in Rescue Disk loaders and check the system before it starts).
Finally, the most important condition that you should pay attention to. The described system process starts exclusively and only in those cases when a console window is launched (command line, PowerShell, etc.). In any other situation, the process is inactive or the consumption of resources on its part is at zero.
Instead of a total
Here is a brief summary of everything about such a mysterious at first glance process as conhost.exe. And to summarize, it can be noted that the original service itself is one of the most important components responsible for the interface of Windows-based systems. Ending the process in the "Task Manager", if you plan to launch console applications, is not recommended.
If it is a virus, finding this using the above criteria will not be difficult. As for the means of neutralizing the threat, it is completely optional to immediately use disk programs. To get started, use at least the Dr. Scanner Web CureIt, marking for verification all the items presented in the main menu of the application.