Windows 10: Multiple Conhost.exe Tasks - Potential Malware Concerns

I hope you can help me with an issue I’m experiencing on my Windows computer. I’ve noticed that there are over 11 instances of Console Window Host conhost.exe running in Task Manager, and it’s raising some red flags for me.I have a reasonable suspicion that my system might be compromised, possibly with a cryptocurrency miner like Bitcoin or XMR. I’m particularly concerned because I see multiple tasks running under NT AUTHORITY\SYSTEM privileges and they appear to be linked to my user account User/Alex.Here’s the backstory: recently, while using a public library computer, I stepped away f

:)

 

conhost,exe using IMMENSE amount of memory.

Hello, I'm Greg, here to help you with this.

1) Try these fixes for high CPU usage by conhost.exe:

Conhost.exe: How to Fix Console Window Host High CPU Usage

https://wethegeek.com/what-is-conhost-exe-and-w...

What is Conhost.exe? Is it a virus? Does it consume High CPU?

(Avoid ad links which intrude into editorial copy, especially DO NOT INSTALL Restoro, PC Repair Tool and Reimage ads)

2) Go over Windows 11 with this Performance Checklist to try to find and fix problems:

https://answers.microsoft.com/en-us/windows/for...

Feel free to ask back any questions. Based on the results you post back, I will have other suggestions if necessary.

____________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

 

Malware tprdpw64.exe after installing 7zip

Thank you for the reply and the suggestions. However neither link provided a working solution. I followed each set of instructions step by step, to the T, but the viruses are still there.

I killed the processes with Rkill as instructed, and it found and ended the malware process `tprdpw64.exe`. It, however, did nothing
about the adware `svcvmx` & `svcvmx client` processes. After doing so I downloaded and installed Zemana, as instructed, and let it do a full system scan. Might I add that this took over
10 hours to complete, as I have 1,396,541 files on my PC, so this whole thing wasted nearly half a day of my time with no results.

Zemana detected the malware virus `tprdpw64.exe` located at "C:\WINDOWS\System32\tprdpw64.exe"
(among other, smaller "threats"), and labeled it as malware. After it finished the scan, it said it has placed all files into quarantine, including `tprdpw64.exe`.
However, when checking the quarantine list `tprdpw64.exe` is
not listed. I then decided to have Zemana remove the files in the
quarantine list from my system and then rebooted my PC. It removed them all successfully, except for `tprdpw64.exe`
which is still on my system, and still runs (I can still see it in task manager after rebooting). So the 10+ hours of waiting were all for nothing.

I then used Zemana's "drag-and-drop" feature to re-scan just `tprdpw64.exe`
(in order to not have to wait 10+ hours again). It scanned it, and now says the file is not a threat (but it clearly is).

I then proceeded to step 2, using AdwCleaner to remove the adware. This did not work in the slightest. AdwCleaner did not detect the adware virus at all, and thus did nothing about it. I still cannot remove the viruses manually, either. However for some
reason, the adware `svcvmx` & `svcvmx client` processes no longer seem to run (my PC has been on for about an hour, and the processes
have yet to startup). However, even so the files are still on my file system and would like to delete them.

EDIT

I have just searched my registry, looking for any possible signs of tprdpw64 being listed, and there was nothing there.

 

Did our Epson printer get hacked?

Another question, is this on a home network or a work network? The steps @eidairaman1 listed are always a good first step. If this is on a work network you manage, I'd be much more concerned than the home one. It is possible someone is screwing with you, but malware could also be the culprit.