Regarding file conhost.exe in temp folder

**Abhishek** · 10-01-2018, 08:24 PM

btw would you help me with the system restore error too?

**jmarket** · 10-01-2018, 11:20 PM

We’ll get to that. First let’s clean up our “mess”

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click “run as administrator”

Place a tick in the following checkboxes

[ol]
[li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][/ol]

Then select “Run”

Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post:slight_smile:

I will then suggest some stuff for you. We’re not quite done yet. We removed the infection, but now it’s time for prevention and other goodies

**Abhishek** · 10-02-2018, 05:37 AM

i thought its already done when you asked how’s my pc running
, attached the log below.

**jmarket** · 10-02-2018, 06:12 AM

You’re missing Service Pack 1. You’re best to install that and get Windows up-to-date as a first step.

Service Pack not Installed Warning! Download Update
Possible re-activation of Windows will be needed.

New restore point created !
Looks like system restore is working again

After you install Service Pack 1, please install ALL the hotfixes below:

HotFix KB3115858 Warning! Download Update
HotFix KB3140735 Warning! Download Update
HotFix KB3138910 Warning! Download Update
HotFix KB3138962 Warning! Download Update
HotFix KB3145739 Warning! Download Update
HotFix KB3146963 Warning! Download Update
HotFix KB3156013 Warning! Download Update
HotFix KB3156016 Warning! Download Update
HotFix KB3156019 Warning! Download Update
HotFix KB3155178 Warning! Download Update
HotFix KB3153171 Warning! Download Update
HotFix KB3170455 Warning! Download Update
HotFix KB3178034 Warning! Download Update
HotFix KB3185911 Warning! Download Update
HotFix KB3184122 Warning! Download Update
HotFix KB3192391 Warning! Download Update
HotFix KB3197867 Warning! Download Update
HotFix KB3205394 Warning! Download Update
HotFix KB4012212 Warning! Download Update
HotFix KB4019263 Warning! Download Update
HotFix KB4022722 Warning! Download Update
HotFix KB4015546 Warning! Download Update
HotFix KB4025337 Warning! Download Update
HotFix KB4034679 Warning! Download Update
HotFix KB4041678 Warning! Download Update
HotFix KB4056894 Warning! Download Update
HotFix KB4056897 Warning! Download Update
HotFix KB4074587 Warning! Download Update
HotFix KB4103712 Warning! Download Update
HotFix KB4343899 Warning! Download Update
HotFix KB4457145 Warning! Download Update

After you do all this, please re-run Security Check and repost a fresh log

**Abhishek** · 10-02-2018, 06:20 AM

should i download all the files showing and if anything goes wrong would i be able to roll back to the current version? how would i reactivate the windows?

**jmarket** · 10-02-2018, 06:28 AM

You want the DVD version.

You would need the license key, but it’s very unlikely you’ll need to re-activate it.

You could go through Windows Update

**Abhishek** · 10-02-2018, 06:37 AM

I need to find the license key in my storeroom , if it asks for one i would get stuck unless i have it. Would you enlighten me how to update through .iso dvd version?

**jmarket** · 10-02-2018, 06:40 AM

You can wait on SP1 until you find the key. You can work on the hotfixes. The priority is getting Windows patched and secured so this doesn’t happen again

**Abhishek** · 10-02-2018, 06:42 AM

would the hotfixes work without the SP1 installed ? the restore point got deleted on its own, i went to system restore and it said no restore points. what could be the reason of it?

**jmarket** · 10-03-2018, 06:26 AM

Is the file in the TEMP folder back?

The hotfixes should work without SP1 yes. Your only other option is to upgrade to Windows 10, which released a new update today to bring it to version 1809. You could buy a key for $15 USD on eBay. And if you decide to go that route, it’d be best to do a clean install.

**Abhishek** · 10-03-2018, 11:19 AM

No it didnt create by itself again and thanks to you for all your help. I would work on hotfixes ,my pc is old i dont think it can run windows 10 that good.

Im puzzled about that system restore point getting deleted automatically.

**jmarket** · 10-05-2018, 04:03 AM

At this point I think a re-install would be best. But you would need to find the license key.

It could be a misconfigured Windows install, and you’ll need the key anyways to install SP1.

How you got cryptomining malware on your PC is unknown. But to prevent it and further malware in the future, I would sincerely recommend using Malwarebytes + Emsisoft Anti-Malware. I have a review of EAM here on PCHF.

**Abhishek** · 10-05-2018, 05:00 PM

I am already using malware bytes and also gonna install emsisoft anti malware, looking forward to update my system to sp1 as soon as i find the key. I am so grateful to you for all the help.

**Abhishek** · 10-05-2018, 06:34 PM

sadly that conhost.exe file in temp folder got auto created again

**jmarket** · 10-05-2018, 07:12 PM

Post fresh logs for me. It seems like I’m going to need to bring in fresh eyes for this one. I’m going to request @gus and @Malnutrition to assist if possible

Regarding file conhost.exe in temp folder

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment