Pretty sure my conhost.exe is infected
I have 2 conhost running, and both are different icon . The legit icon is like c:\cmd command prompt.
I looked into infected conhost.exe and found the folder
there is a batch file
conhost -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:7777 -u 45XMhiAxtwBJZCZ24xxxxxxxxx -t 3
My server has ESET , and just installed spybot (found nothing )
conhost is eating up all my processing power.
There is no startup program. msconfig showing Startup item are not enabled in this system.
regedit , Current Version |Run & RunOnce shows nothhng except my Eset