Conhost.Exe | Console Windows Host

Conhost.exe, or Console Windows Host, is a legitimate part of the Windows Operating System and, normally, should not be removed. However malware writers often try to disguise viruses and trojans with this file name (eg the Conhost Miner) and so file should be checked to ensure it is the legitimate Microsoft process.

What is Console Window Host (conhost.exe)?

It’s quite common to see this process running in Task Manager.

The full name of this .exe file is Console Windows Host, an essential Windows process related to the ClientServer Runtime System Service or csrss.exe. and cmd.exe.

Together these files work the Command Prompt, used by system administrators – and many programs – to manage Windows. Here’s what it looks like:

conhost.exe command prompt
Command Prompt

Conhost.exe is needed to by Command Prompt to interface accurately with Windows Explorer.

Both the processes are interdependent. One of its primary duties is to offer users to drag and drop files in the Command Prompt.

Apart from regular users, even third-party programs can use this process of they require access to the command line. It starts whenever you start Command Prompt.

If any program utilizes this command line tool, the process will automatically start in the background even if you don’t see it running.

Is conhost.exe A Virus, Malware Or Trojan?

Finding an unrecognizable process running in the background is unsettling. You never know if it is a malware, virus, or Trojan existing in the computer, and especially for how long.

In most cases, conhost.exe is not a virus. However, as with many other files we have profiled malware writers often try to disguise viruses and trojans with this file name.

Indeed there is a common trojan, Conhost Miner, that does this. Disguised as its legitimate cousin, this uses infected computers to mien bitcoins on behalf of the trojan writer.

How To Check Whether Your Computer Is Infected

You can still check if it is a malware, or just an essential process running to operate Command Prompt. Here’s what you need to do:

• Press Ctrl + Alt + Del on your keyboard to open the Task Manager. You will find various tabs on top, such as Processes, Performance, App History, etc.

• Click on Processes. You will notice the process running in the background. The CPU and RAM usage will also indicate the memory it is using. Right click on entry. You will get various options among which you have to select Open file location.

• If you are redirected to C:WindowsSystem32, and it points towards conhost.exe process, it means that your computer is safe. You can be assured that this process is not a virus.

• You can also double-check by right-clicking on it to go to its properties. Find the Details tab to read more about this process. You will see that it is a Microsoft Windows OS file.

However, the problem arises if the file is located in any other location or folder apart from C:\\Windows\System32. This may mean that the process is malware.

How To Check A File’s Location

a. Press ctrl-alt-del

b. Click on the ‘Details Tab’ as below:

enter image description here

c. Highlight the conhost.exe file as above

d. Right click and click ‘Properties’ to get the following screen:

conhost.exe properties

e. Note the location (circled)

If that is the case, you should run a full scan on your computer -through your antivirus software to identify and delete the virus.

Deleting The Virus

If you suspect that the process is a virus, you shouldn’t waste time to get rid of it. You can use various free tools to delete the virus from your computer and make sure it doesn’t come back. But, it is essential to shut the parent process down that is using the process in the first place. This will offer two benefits:

• It will be unable to run the malicious code anymore.

• It makes it easier for the user to delete the virus.

Steps to delete the virus

Deleting the virus is easy if you follow the steps below:

• Download a program called Process Explorer. It is easily available and can remove this virus quickly.

• Once the download is complete, double click on the application file for it to run. After installing the program, double click on the conhost.exe fill that you want to delete.

• An image tab will appear as soon as you select the files to remove. Select Kill Process, and confirm it by clicking on OK.

Sometimes, users also come across an error message mentioning that the process can’t shut down. You get a confirmation dialog box with OK. Click on it to exit the properties window. This deletes the .exe file attached to the parent program that initially started it. Now, you also need to remove the fake .exe file. Ideally, you should restart your computer after every following step:

• Open the folder where the process file exists. Press Shift + Delete to delete the file permanently. If you manage to delete the file, it means that the programming running it will not recreate the virus file again.

• Install reliable antivirus software on your computer and run a full scan. This will also locate the file virus if it exists in any other folder. Some of the bootable antivirus tools perform a quick check on the whole computer even before the operating system starts up. This gives an idea about the programs that usually run this process when they are used.

One of the complaints that users often have with this process is it consumes high resources and often uses too much RAM and CPU memory. There are a few ways to control this as well.

• If there are multiple command line interface windows opened simultaneously, close all of them one by one.

• Go to Task Manager to check if any of the existing applications are using the command line to execute a task.

• Cross-check your scheduled tasks to see if any applications are running in the background.

• Quickly run a malware check to locate the presence of a virus in the folders.

• Run a system file checker to replace files damaged in the process.


The conhost.exe process is usually safe when working in tandem with Windows Command Prompt. But, if it exists in the form of a virus, you better remove it as soon as possible by following the steps mentioned above.

Featured Posts

RGSS202E.dll is used in games developed using the RPG Maker software and is usually safe. However, out of date dll files, or files masquerading as safe dlls, should be fixed - we show you how: What Is RGSS202E.dll? RGSS202E.dll is a DLL file associated with the Ruby Game Scripting System, ...
Read More
What Is Libcef.dll? Libcef.dll is a DLL file associated with the Chromium Embedded Framework. It is used to embed the open-source Chromium web browser into another application. Who Wrote This Libcef.dll File? Chromium is an open-source browser project from Google – it’s basically the code behind its Chrome browser. In ...
Read More
Svchost.exe, Service Host, like the name suggests, hosts Microsoft services and will load all the DLLs files of the program by itself. Should you remove the svchost.exe file from your computer? It is spyware, a trojan, or a virus, or could it be a legitimate file keeping things neat? We ...
Read More
IAStorIcon.exe is an executable file used by Intel to manage storage devices in your computer set up. It is usually entirely safe and should not be removed. If you've recently noticed the IAStorIcon.exe file in your task manager, then you're probably wondering if it's a virus or spyware. After all, ...
Read More
The Best Malware Removal Tools Reviews: we look at the top 5 tools to remove trojans, spyware, viruses and other malware from your computer. When it comes to malware, there is one thing we can all agree on – we do not want them attacking our computers. Even Warren Buffet ...
Read More
GWX.EXE – What You Need To Know About It You may see gwx.exe in your task manager and are wondering whether it’s safe, or a virus/trojan. Or perhaps you’ve noticed a new logo on the notification bar of your laptop and are concerned it may be adware. Whatever your concern, ...
Read More
Should you remove the HxTsr.exe from your computer? Is this file a virus? Trojan, Spyware, or is it a legitimate executable file? Keep reading as we investigate. What is HxTsr.exe? HxTsr.exe is one of the executable files developed for your Windows Operating System by Microsoft Corporation. The latest release of ...
Read More
What are the best online scanners? Here we review software built to ensure the Microsoft Office and zipped files you download are safe. Reports On The Threat In a cybersecurity report published by Cisco in 2018 during the Annual Cybersecurity Report, a terrifying piece of the cybersecurity puzzle was revealed ...
Read More
Should you remove the sedlauncher.exe file from your computer? Is it a legitimate file or is the sedlauncher.exe file a virus, trojan or even a type of spyware? We investigate. What is sedlauncher.exe? sedlauncher.exe represents a .exe file that belongs to the Microsoft Windows Operating System developed by Microsoft. The ...
Read More
instup.exe is an executable file developed by AVAST that is part of the Avast Free Antivirus software. The file is usually safe and helps keep systems free of malware. What is instup.exe? The AVAST antivirus software is available to download for free on Windows, Android, and Mac operating systems. The ...
Read More