Conhost.exe Virus Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Conhost.exe Virus. These Conhost.exe Virus removal instructions work for every version of Windows. “Conhost.exe что это” and “Conhost.exe high cpu” are just few of the things we have been asked about recently. 

  • The real Conhost.exe is usually a Task Manager Windows 7, 8 and 10 process that fixes some issues present on older iterations of the OS. Said issues are basically related to the way some of the integral parts of the system, mainly CSRSS.exe, worked. They were unable to be properly themed and had glitches or problems when an active theme was used on the system, hence the fix. An examination through Autoruns shows that the process is running under CSRSS.exe.

BUT! Here is the big thing you should note: in the modern era the Conhost.exe Virus is part of an unidentifiable group of threats that imitate and mask themselves behind the names of system critical processes. In the guide, we have devised a way to find out if the Conhost.exe Virus is in fact hiding in your PC or you are looking at the real counterpart. For many reasons you should NOT  delete any process unless you are 100% this is the Conhost.exe Virus in disguise. We suggest doing a backup and following the guide after that. If something goes wrong, you can just revert.


Name Conhost.exe
Type  Adware – at least that is the most likely type of threat it can be a part of. Conhost.exe can also be completely legitimate; there is more information on this in our removal instructions
Danger Level Medium, but depending on how long it remains, it can be High.
Symptoms Advertisements and pop ups; possibly your Task Manager may indicate the process takes up a lot of CPU memory.
Distribution Method Freeware bundles, spam, following corrupted links.
Detection Tool

1: Enter Safe Mode.
2: Remove Conhost.exe Virus from Chrome, Firefox, Internet Explorer and Safari.
3: Remove attachments to browser shortcuts.
4: Uninstall the virus from your Add/Remove Programs.
5: Permanently delete the threat from Task Manager’s processes.
6: Uninstall the virus from Regedit and Msconfig.

Is this Conhost.exe Virus a real virus or something else?

The Conhost.exe Virus can be practically anything, from a full-fledged malware to a simple Adware. If you are not versed in what these things actually mean, then here’s an explanation for you from lightest to most severe.

PUPs – potentially unwanted programs – is the lightest threat you can encounter. They are not really a virus as the name suggests, but rather something that may slow your system and display annoying messages, and are otherwise harmless.

Adware – these things are primarily viewed as a promotional tool. They DEFINITELY slow down your PC, are very annoying and hard to get rid of, and display countless advertisements. Why would anyone create such things, you may wonder? It is to promote certain products someone is paying for. The number 1 biggest way adware take root in your system is through being bundled with software.

Browser Hijackers – the same as adware, except they are created to drive traffic, meaning you, to certain websites, thus increasing their rank in google. It’s always for monetization purposes.

Trojans – this is where things really start to get rough. These are the things that can steal your accounts, passwords and personal information, as well as drain your credit cards. These are the tools that open doors to whoever created them to monitor and take into account your activities, before doing whatever they please a world away.

Ransomware – if you get hit by a Ransomware you should just “pay up” according to the FBI. Ransomware come into play with the help of Trojans and are by far the worst virus you can expect to encounter in normal-day activities. They backup your personal files and documents and encrypt them, demanding ransom (hence the name) for releasing them.

Conhost.exe Virus Removal


The first thing to do is a reboot in Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:

For Windows 98, XP, Millenium and 7: 

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. Then choose Safe Mode With Networking.

For W8 and 8.1:

Click the Start button, then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required


Then check the Safe Boot option and click OK.  Click  Restart in the pop-up.

For W10:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

W10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

What is Conhost.exe?


If you want to know what is Conhost.exe, here’s how this works: it’s not necessarily a virus. Conhost.exe can be a perfectly legitimate process, as long as it is coming from the system32 folder and is signed under Microsoft. If it is not and you are experiencing a slowness of your system, redirects, advertisements and other kinds of anomalies, then you most likely suffer from an adware infection. Below we have prepared a guide for you that should 100% work for any adware, browser hijacker or simple malware. If you need any directions or are unsure how to proceed, please, contact us in the comments.

ie9-10_512x512  Remove the Malware from Internet Explorer:

Open IE, then click  IE GEAR —–> Manage Add-ons.

pic 3

Find the malware. Remove it by pressing Disable.

If your Home Page is different from the usual, click IE GEAR —–> Internet Options>edit the URL box with your preferred search engine, and click Apply.

firefox-512 Remove Conhost.exe Virus from Firefox:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

pic 6

The problem should be lurking somewhere around here –  Remove it.

chrome-logo-transparent-background Remove Conhost.exe Virus from Chrome:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon(Remove).

pic 8

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Remove everything but the search engines you normally use.

safari Remove the malware from Safari:

Open Safari, and click Safari —–>Preferences —–> Extensions—–>Uninstall the malware.


Right click on the browser’s shortcut, then click Properties.

NOTE: We are showing Google Chrome, but the method is the same for Chrome, Firefox, Internet Explorer, Safari, and Microsoft Edge.


Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, REMOVE EVERYTHING AFTER .exe.


Hold the Start Key and R together. Write appwiz.cpl in the field, then click OK.


You are now in the Control Panel. Search around for the virus and suspicious-looking programs. Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstallchoose NO:


Hold the Start Key and R againbut this time copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t type or change it. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.


Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.


Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can.


This is perhaps the most important and difficult step, so be extremely careful. Doing this can damage your PC significantly if you make a big mistake. If you are not feeling comfortable, we advise you to download a professional remover. Additionally, accounts connected to your credit cards, or important information, may be exposed to the virus.

If you do not remove the virus completely it could leak the information to its creator, so be careful!

Conhost Virus

If you missed it the first time up top, the real Conhost.exe


Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.


Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a Pop Up window. 


Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete/uninstall the registries manually:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious, but bear in mind they are always different.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Did we help you? Please, consider helping us by spreading the word!

  • HowToRemove.Guide Team

    Hi Lily,
    can you post a screenshot on what exactly is preventing you on completing this step? If you are using Microsoft Windows 10 you can also try Right Clicking the pinned icon on the Taskbar. After that from the bottom you can see “Unpin from taskbar” “Browser name” then you can Right click on “Browser name” and then it will show you Properties. Keep us posted if that doesn’t help.

    • Lily Huang

      And *Thanks* :p

  • HowToRemove.Guide Team

    Hi again,
    yes it’s ok to uninstall it like this but with this kind of viruses you can never be too sure. If you notice some suspicious behavior again don’t hesitate to contacts us. We are here to help you 🙂