Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is this - taskhostw.exe KEYROAMING


  • Please log in to reply
2 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:16 AM

Posted 09 May 2016 - 07:57 PM

svchost runs taskhostw.exe, which then runs a command:

taskhostw.exe KEYROAMING

what is it doing? I haven't found a thing on google. I know what taskhost is but that KEYROAMING thingie seems odd. Is that normal? Oh, taskhost runs from system32 as it should. As does the usual takshost.

I've also seen taskhostw running a "U" command and "Login" without quotes.

Just curious.


Edited by tos226, 09 May 2016 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 Stormzeey

Stormzeey

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 AM

Posted 09 May 2016 - 08:37 PM

The taskhost.exe is a Task Host which is a generic Host Process for Windows 7 32-bit Services. The full path to this file should be shown in TUT as C:\Windows\System32\Taskhost.exeTASKHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs.



#3 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:10:16 AM

Posted 09 May 2016 - 09:51 PM

The entire command, including "w" in name is on the second line of my post, so unfortunately you did not answer my query, but thanks for trying anyway..

I'm thinking that the KEYROAMING command has to do with certificates. Some googling seems to indicate it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users