csrss.exe remove conhost

[platoon1993]

Hello, I have a problem with windows start up, I'm cleared my system from viruses but, probably there is a left over that slow down computer when windows launch. I'm traced the issue from process explorer program, and found out conhost running from csrss. Command line is like this:

\??\C:\Windows\system32\conhost.exe "-16280804661047425675-402191544-196675375797946611638665267155499230-447558990

That makes the computer work on something but I don't know what. Basically no meaning, just numbers, I don't know what is this. If I close it down, everything run normal again. My question is, how can I remove it from start up? Because there is nothing like that there and as you know, csrss is critical program. So I'm asking what to do.

 

[scout_03]

this link to clean https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/cwindowssystem32conhostexe/6b098704-b200-4fc3-bc6f-02c559bf18cb

 

[platoon1993]

this link to clean https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/cwindowssystem32conhostexe/6b098704-b200-4fc3-bc6f-02c559bf18cb

I already did those steps. Can't detect anything. I don't take any error message either. I just want to know what is that doing. It's maybe a virus leftover but I don't know. If I close it, nothing bad happens but its always there. Numbers are changing everytime as a extra note.

Here is csrss.exe command line:

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 

[scout_03]

see this https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_sirefef.bx

 

[platoon1993]

see this https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_sirefef.bx

Sorry, I'm looked for it. I found out the values already like it should to be "winsrv" is not "consrv" so its normal, but as a side note; I also found out there is a extra paramater I have, I'm not sure what it is: "ServerDll=sxssrv,4"

There is no such a thing at "%Windows%\assembly\GAC_32\Desktop.ini" or "%Windows%\assembly\GAC_64\Desktop.ini" (checked Hidden Files and Folders) actually there is no other folder in assembly folder.

Now I'm thinking, if there is any other option available and looks like there isn't. I better format my computer if there is no other solution.

 

[scout_03]

see this in french install roguekiller https://forum.malekal.com/viewtopic.php?t=43192