conhost.exe CPU is almost 99%

Starquest321 used Ask the Experts™
My computer is very slow. I look at the Processes running and I see that conhost.exe is running at96=99% of the CPU. . what is? Malware?  Virus? Using Windows XP with Outlook 2010 running.  . .
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
conhost is a process introduced in Vista and Win7. In XP it is likely a virus/trojan. Search for the executable file. If it is anywhere but system32 it is definitely a bug. Give Malwarebytes a run.

Chris B
Chris BRetired

Notwithstanding the uninformative and misdirected copy and paste above, conhost.exe is not part of XP and should be dealt with accordingly.

The use of a registry cleaner is almost never a good idea. Most do not do what is advertised and generally will make any problem worse.

Chris B
malware :

I have seen virus and malware / trogens appearing more and more in the last 12 months
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Dr. KlahnPrincipal Software Engineer

Recommend you download a copy of Microsoft Autoruns and run it on the afflicted system.  This will tell you where the offending program is located, how it is being started, and allow you to disable it from being run at startup.
The symptom as you have described it is almost certainly due to Malware, as already stated above, and Malwarebytes(MBAM) may well resolve it.
Run MBAM in normal mode.

Tutorial, if required:

If MBAM won't run, download and run Rkill first.
Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools:

Do not re-boot after running Rkill, then run MalwareBytes.

An alternative to Rkill is Rogue-Killer.  Here is a good instructive article: 

If MBAM still doesn't resolve it, try running TDSSKiller:

Download the file and extract it into a folder
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over.
Close all programs and press “Y” key to restart your computer.
Please post the resulting log here.

More detail TDSSKiller tutorial:


So this is the first time I installed malwarebytes - and it keeps "blocking" access to potentially malicious sites. Which software is trying to access it? HOw can I tell?
Sudeep SharmaTechnical Designer
There could be some process (created by Virus/Malware) in the background which is trying to get the access to the Malicious sites.

You would need to run the full system scan with MalwareBytes to clean the system as suggested above by various experts.

You can trust Malwarebytes(MBAM) but remember, if you are unable to run MBAM, run Rkill or Rogue-Killer first, and do not re-boot after running either of them.

As requested earlier please post the MBAM and TDSSKiller logs here, it will help us to identify your problem.


The problem was so bad - I had to simply format the machine. What I don't understand is what advantage does the malware have over a virus? Does my computer send out spam or is it just damage?
>Does my computer send out spam or is it just damage<

The problem can be for a number of reasons, but usually a computer can be disinfected and not require a re-format ...sorry you had to do that.

You may find that some of the explanations in these two links will be helpful>

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial