Tech

Latest In

Tech

What is Conhost.exe in Windows: Everything You Need to Know

This article breaks down the whole process for your better understanding and knowledge on what Conhost.exe is in Windows

Author:Daniel BarrettJul 21, 202248307 Shares766776 Views
There is no doubt that you strumbled on this article because you have taken cognizance of the Conhost.exe process. Whether deliberately or per chance, you have stumbled upon it and are here to know more about it. This article breaks down the whole process for your better understanding of what Conhost.exe is in Windows.

What Exactly is the Console Window Host Process?

To fully explain this, we have to start from the origin. During the era of Windows XP, the ClientServer Runtime System Service (CSRSS) was saddled with the responsibility of the Command Prompt.
The CSRSS was a system-level service. This was quite problematic as a crash in CSRSS could affect the whole system, this was a backlash on security vulnerability and reliability issues.
Another problem was that CSRSS could not be themed, because the developers didn’t want to risk theme code to run in a system process. So, the Command Prompt always had the classic look rather than using new interface elements.
Don’t miss: Kernel Data Inpage Error: How To Fix BSOD
Notice in the screenshot of Windows XP below that the Command Prompt doesn’t get the same styling as an app like Notepad.
Image_editor_output_image1127709604-1621021619305.png
Image_editor_output_image1127709604-1621021619305.png
Following through, Windows Vista came along with the introduction of the Desktop Window Manager—a service that “draws” composite views of windows onto your desktop rather than letting each app handle that on its own.
Features of Command Prompt increased with edges like superficial theming from this (like the glassy frame present in other Windows), but it came at the expense of being able to drag and drop files, text, and so on into the Command Prompt window.
Still, that theming only went so far. If you take a view at the console in Windows Vista, it looks like it utilizes the same theme as everything else, but you’ll know that the scrollbars are still utilizing the old style. This is because the Desktop Window Manager deals with drawing the title bars and frame, but an old-fashioned CSRSS window still sits inside.
Image17.png
Image17.png
Proceeding to Windows 7, the Console Window Host process. As the name suggests, its a host process for the console window. The process sort of rests in the middle between CSRSS and the Command Prompt (cmd.exe), allowing Windows to fix both of the previous issues—interface characteristics like scrollbars draw correctly, and you can again drag and drop into the Command Prompt.
Even though the Task Manager presents the Console Window Host as a separate entity, it’s still closely associated with CSRSS. If you check the conhost.exe process out in Process Explorer, you can discern that it really runs under the csrss.exe process.
Chp_3.png
Chp_3.png
In the end, the Console Window Host is something like a shell that maintains the power of running a system-level service like CSRSS, while still securely and reliably granting the ability to integrate modern interface elements.

Software that Uses Conhost.exe

The conhost.exe process is launched with each instance of Command Prompt and with any program that uses this command-line tool, even if you don’t see the program operating (like if it’s running in the background).
Here are some processes known to start conhost.exe:
  • Dell’s “DFS.Common.Agent.exe”
  • NVIDIA’s “NVIDIA Web Helper.exe”
  • Plex’s “PlexScriptHost.exe”
  • Adobe Creative Cloud’s “node.exe”

Is the Process a Virus?

While there is a slight possibility that a virus had masked the real Console Window Host with its own, the Process itself is still an official Windows component.
You can check to confirm:
  • Go to task manager
  • Right-click on the Service Host process
  • Select the “Open File Location” option.
Chp_5.png
Chp_5.png
  • If the file is stored in your Windows\System32 folder, then you can be fairly certain you are not dealing with a virus.
Chp_6-1-650x267-1.png
Chp_6-1-650x267-1.png
Note:A trojan exists out there named Conhost Miner which poses as the Console Window Host Process.
Of course, using a good virus scanner is the best way to prevent (and remove) malware like the Conhost Miner, and it’s something you should be doing anyway. Better safe than sorry!

Why is Conhost.exe Using so Much Memory?

A typical computer running conhost.exe without any malware might pose the usage as around several hundred kilobytes (e.g., 300 KB) of RAM, but probably no more than 10 MB even when you’re utilizing the program that launched conhost.exe.
On the chance that conhost.exe is using a lot more memory than that, and Task Manager displays that the process is utilizing a significant portion of the CPU, there’s a huge chance that the file is fake. This is especially true if the steps above lead you to a folder that isn’t C:\Windows\System32.
There’s a particular conhost.exe virus called Conhost Miner that stores its “conhost.exe” file in this folder and perhaps others:
%userprofile%\AppData\Roaming\Microsoft\
This virus attempts to operate a Bitcoin or other cryptocoin mining operation without your consent, which can be very demanding of the memory and processor.

Removing a Conhost.exe Virus

If you confirm or even suspect that conhost.exe is a virus, it should be fairly simple to get rid of it. There are lots of free tools available that you can use to delete the conhost.exe virus from your computer, and others to help make sure it doesn’t come back.
However, your first attempt should be to shut down the parent process that’s using the conhost.exe file so that it will no longer be operating its malicious code and to make it simpler to eliminate.
Note:If you realize which program is using conhost.exe, you can omit these steps below and just try to eliminate the application with the aim that the related conhost.exe virus gets discarded, too. Your best chance is to use a free uninstaller tool to make sure all of it gets deleted.
Follow the steps below in order, restarting your computer after each one and then checking to see if conhost.exe is really gone. To do that, launch Task Manager or Process Explorer after each reboot to make sure the conhost.exe virus has been deleted.
  • Attempt to delete conhost.exe
  • Install Malwarebytes and launch a full system scan to find and remove the conhost.exe virus.
  • Install a full antivirus program if Malwarebytes or another spyware removal tool doesn’t work
  • With a free bootable antivirus tool, scan the entire computer before the OS boots. This is a certain fix for the conhost.exe virus since the process won’t be running at the time of the virus scan.
Editor’s picks:
Jump to
Daniel Barrett

Daniel Barrett

Author
Latest Articles
Popular Articles