Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this suspicious?


  • Please log in to reply
5 replies to this topic

#1 zewolfe

zewolfe

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 November 2014 - 10:31 AM

I have 18 copies of svchost.exe and 3 copies of conhost.exe running in my task manager.  I am not doing anything from the command line. 



BC AdBot (Login to Remove)

 


#2 zewolfe

zewolfe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 November 2014 - 11:19 AM

I checked with SysInternals Process Explorer, everything being run by all those instances of svchost looks like a real service, stll curious about conhost.exe.

The command line looks strange in Process Explorer. 

Will need to send screenshot, don't know how to do that here



#3 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:05:03 PM

Posted 19 November 2014 - 12:13 PM

http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows

 

Attach the picture to your post.



#4 zewolfe

zewolfe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 23 November 2014 - 11:22 AM

Every time I paste into the reply, it says I do not have permission to perform that action - how do I attach the screenshot?



#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:33 AM

Posted 23 November 2014 - 12:18 PM

Hi Zewolfe,

 

Open Process Explorer 

Go to menu Options > VirusTotal.com > Check VirusTotal.com

A popup will come asking to agree the terms click Yes.

Then see the status of process at right side.It will show red color if there is virus.

 

Tell me if you find any.

 

 

 

Tenis :busy:



#6 zewolfe

zewolfe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 25 November 2014 - 01:30 PM

No, everything is green, the command line just looks weird: \??\C:\Windows\system32\conhost.exe "1255757873125012521917760194162065924015459292919-862237394-1286996818-1106721756






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users