Advice Request Spyshelter premium lots of conhost.exe in the log file

Please provide comments and solutions that are helpful to the author of this topic.

P

patrick85

Level 1
Thread author
Mar 13, 2022
12
Hello, I'm using spyshelter premium version 12.7. I'm also using Avast premium and other security tools on my system. I noticed lots of actions logged in spyshelter for conhost.exe process. This process is excluded from the system protection of spyshelter by default - more specifically it is allowed in rules for "modifying memory of other processes" option and for the rest of the options it is set to default. I see more than 100 allows for conhost.exe by spyshelter in a single day. Is this normal behaviour or should I be suspicious of some malware/rootkit/keylogger or other malicious software on my system? Attaching shelter-log.txt. Thank you.
 

Attachments

  • shelterLogExample.PNG
    shelterLogExample.PNG
    368.1 KB · Views: 161
Last edited:
  • Like
Reactions: Nevi, Dave Russo and Venustus
Venustus

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
patrick85 said:
Hello, I'm using spyshelter premium version 12.7. I'm also using Avast premium and other security tools on my system. I noticed lots of actions logged in spyshelter for conhost.exe process. This process is excluded from the system protection of spyshelter by default - more specifically it is allowed in rules for "modifying memory of other processes" option and for the rest of the options it is set to default. I see more than 100 allows for conhost.exe by spyshelter in a single day. Is this normal behaviour or should I be suspicious of some malware/rootkit/keylogger or other malicious software on my system? Attaching shelter-log.txt. Thank you.
Click to expand...
It's pretty normal to have multiple conhost.exe instances...If they are in system32 then I would say it's pretty safe.You could run a scan just to be sure with Malwarebytes.

Sysinternals Process Explorer is also a great tool and helps identify what's running and the threads within.
docs.microsoft.com

Process Explorer - Sysinternals

Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.
docs.microsoft.com
 
  • Like
Reactions: ng4ever, Zartarra, patrick85 and 4 others

Similar threads

gfgtkitkat34
    • Wow
Kaspersky extreme settings vs default/optimal settings.
Replies
18
Views
676
Kaspersky
jamey910111
J
Adrian Ścibor
    • +Reputation
    • Like
    • Applause
AVLab.pl Summary of the Advanced In-The-Wild Malware Test – September 2024
Replies
4
Views
441
Security Statistics and Reports
simmerskool
simmerskool
lokamoka820
    • Wow
    • Like
New Update Typical Microsoft! Disabling Windows Recall is Breaking File Explorer
Replies
6
Views
332
Windows 11
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top