+ Post New Thread
Results 1 to 8 of 8
Windows Thread, conhost.exe malware in Technical; Just to let eveyone know that we have just been hit with conhost.exe and sophos didn't detect it. It basically ...
  1. #1

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125

    conhost.exe malware

    Just to let eveyone know that we have just been hit with conhost.exe and sophos didn't detect it.

    It basically installs into a machine and then anyone who logs into the infected machine, their profile gets hit.

  2. #2
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    43
    What did detect it?

  3. #3

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    In the end we had to use ccleaner and Malwarebytes. We discovered it by uses not been able to use the internet as it sets the proxy address of the machine to 127.0.0.1 and a random port. Fortunately we had about 10 members of staff affected and about 6 machines... not too bad, could have been a lot worse but had to re-create profiles. Also, conhost was starting up at machine startup so had to disable it here too.

  4. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,838
    Thank Post
    974
    Thanked 1,407 Times in 851 Posts
    Blog Entries
    1
    Rep Power
    460
    Have you submitted it to sophos, MSE and clamav (who submit to others)?
    I have submitted 3 bits of crud in recent days to all 3 so if you want details I can pass them on.

  5. #5

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    Quote Originally Posted by ZeroHour View Post
    Have you submitted it to sophos, MSE and clamav (who submit to others)?
    I have submitted 3 bits of crud in recent days to all 3 so if you want details I can pass them on.
    Zerohour, if you could please.
    Im surprised it didnt detect it

  6. #6

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,838
    Thank Post
    974
    Thanked 1,407 Times in 851 Posts
    Blog Entries
    1
    Rep Power
    460

  7. #7

  8. #8

    Join Date
    Sep 2007
    Posts
    90
    Thank Post
    7
    Thanked 32 Times in 17 Posts
    Rep Power
    20

    What is conhost.exe and Why Is It Running?

    be carefull, conhost.exe is also a legitimate windows process in windows 7, it handles drag & drop for console windows.
    What is conhost.exe and Why Is It Running? - How-To Geek



SHARE:
+ Post New Thread

Similar Threads

  1. Annoying csrss.exe final.exe virus
    By AXE in forum Windows
    Replies: 1
    Last Post: 17th August 2010, 08:58 AM
  2. Malware/Spyware...
    By azrael78 in forum Windows
    Replies: 2
    Last Post: 18th June 2009, 11:17 PM
  3. Lsass.exe and Lssas.exe
    By ndavies in forum Network and Classroom Management
    Replies: 5
    Last Post: 30th October 2007, 04:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •