Probably, in the world there is not a single user of Windows operating systems who at least someday would not launch the Task Manager to complete some kind of frozen application or to view computer performance. But sometimes, in the tree of currently active processes, many users pay attention to the presence of a certain service in the list in the form of the conhost.exe executable file. What kind of process "hangs" in the system, no one really understands really, considering it a virus (especially if it is run repeatedly). Indeed, it can be a threat, but not always.
Conhost.exe: what kind of process is observed in the "Task Manager"?
First of all, you need to understand what this process is and the executable file responsible for it.
The process itself belongs to the Windows system services and appeared in Windows XP. He is responsible for opening console windows like the command line or PowerShell. Its main purpose is to open the console window using the design set for the current theme set for all graphic elements, in particular for windows.
What is the conhost.exe service for?
To make it clearer, consider all the same Windows XP. Most likely, many paid attention to the fact that with the default theme set, the windows of all programs have the same design, for example, in the form of a voluminous blue header on top.
But when the same command line is called, the window looks different (in the standard design of old systems). To make the window look like the current theme, the system component conhost.exe was developed. The window of the node console when the executable file is triggered opens exactly in the form in which all other windows are presented.
However, the main problem initially was that this service in XP was clearly incomplete, because of which the windows did not open in the right form, and sometimes the whole system could even hang. In Vista, the service was modified, although it worked with a priority rank lower than the scrss.exe component, which in XP was initially responsible for the design of console windows. But here there were many problems.
And only starting with the seventh modification, the service was radically redesigned. Despite the fact that its call and execution priority remained between the scrss and cmd levels, console windows when they called the corresponding programs began to look as expected (for example, in the design of the Aero theme).
Is it possible to disable the service?
This is, in short, the conhost.exe service. What kind of process in front of us, I think, is a little clear. Now a few words about whether this process can be disabled.
In general, this is not recommended, in fact, as for all other system components. However, if you are not confused by the view of the windows without applying the design set for the current theme, you can turn off the process (complete it in the "Task Manager"). Notice, the service only shuts down, and then for a while. Removing it, even having a full set of administrator rights, is impossible (unless it is a virus). The system simply will not allow this, and absolutely all third-party funds will be powerless. In addition, the process starts only when console windows are launched, and if they are absent or when the system is inactive in the Task Manager, it is not. And this service does not particularly affect the speed of the computer.
Conhost.exe virus: checking program file location
A completely different situation is when in the same "Task Manager" in the tree of active processes there is the appearance of several services of the same name (at least more than two). This is already a clear hint of the presence in the system of viruses that are disguised as this service. And if the engine.exe component is also present there, wait for trouble! It is definitely a virus. But even the presence of only one process can indicate the penetration of threats into the system in the form of malicious executable codes. Most often this applies to trojans.
To make sure that the process is systemic (or viral), in the “Task Manager”, using the process tab, through the PCM menu, select the line for opening the file location. The original conhost.exe file is always located in the System32 system folder of the main operating system directory. If a location other than this is indicated , urgent measures must be taken.
Threat Check
Now let's see how to remove conhost.exe. In principle, there is nothing particularly complicated here. However, some nuances should be taken into account. First of all, in the "Task Manager" you need to complete all the processes of the same name. Even if at that moment the original service is left, it's okay (when restarted, it will start again in automatic mode).
After that, you need to use some powerful scanner, preferably a portable type (for example, Dr. Web CureIt! Or KVRT). Running an in-depth scan using an already installed antivirus seems inappropriate, if only because it has already missed the threat.
However, as practice shows, the most effective method of removing this scourge will be the use of special disk programs like Kaspersky Rescue Disk or analogues from other developers specializing in anti-virus protection. The advantage of such utilities is that they have their own bootloader, and when recording to removable media, you can boot from it even before the start of the main OS. In the application, you can use the graphical interface or DOS mode. Next, you just need to check the entire system by setting the advanced scan option and wait for the process to complete. In this case, even those viruses that are very deeply integrated into the system or even reside in the RAM can be detected.
Instead of a total
This is the service conhost.exe. What kind of process happens in the system when you open the consoles, it’s already clear, as well as the fact that the service can turn out to be a malicious element upon repeated start-up. Actually, getting rid of such a virus will not work. You just need to choose the best utility for checking and removing threats.