What worries me are the graph results from Virustotal (see pictures). I've run Roguekiller, Rkill, Malwarebytes, SAS, TDSSkiller, and my regular AV/Firewall in both safe mode and normal windows mode countless times. One is the presumably safe one in System32, most are in the winsxs/amd64_microsoft-windows-consolehost31b(various strings of numbers and letters here), one is a file in C:/programdata/sectaskman, and so on. When I search the file name in explorer I get many results. I've done some searching and what I found is that people whose conhost is either infected or malware all together have multiple processes of it running at once.
0 Comments
Leave a Reply. |