Question taskhostw.exe - potential malware

Tom_T1993

Commendable
Jul 13, 2016
37
0
1,540
4
Hi all,

I'm quite stumped by this and would love to hear some insight into what I'm seeing.

I have a desktop gaming PC, and recently i had a run in with an exe supposedly hogging CPU performance. However this is far from straightforward from what I'm seeing.

Ok, so occasionally i run perfmon, using perfmon /report to check everything is ok. Well this morning i ran it and ran into a warning message saying taskhostw.exe is using a lot of CPU performance. ~89%

Quick google search confirms that it's not standard behaviour for the legitimate process, and the setting that would utilise it in defender isn't even on.

Seems like it's a virus, can't see a reason why it wouldn't be.

But here's where it gets wierd, CPU performance isn't being utilised, it's idling most of the time, temps are in the 30s, and it's not running at full speed. Task manager shows no taskhostw.exe processes. there isn't a single process using more than 1% of its performance.

Malwarebytes full scan on all 3 installed disks finds nothing. Defender also finds nothing, and is switched on.

System performance is great, certainly doesn't seem like a process is utilising my cpu like perfmon states.

Anybody seen this before, any advice, don't particularly want someone using my device to crypto like what I've read, but i can't kill the process because task manager doesn't even show it.

When it reports in perfmon, it shows its PID changing each time, so i can't kill it using a cmd either.

I'll provide screenies and the like later. But I'm just interested to know if there's anyone out there that has had this issue before. I've installed nothing recently, so I'm quite stumped on how I've obtained any potential malware at all.

Components and info:

CPU: I7-7700k
MOBO: MSI Z270 Gaming m7 - Bios is flashed to most recent version, done well before this issue
OS: WIN10 64BIT - Up to date legit copy
Antivirus software used: Malwarebytes Free, up to date + Windows defender is on
Disks: Samsung 960 evo PCIe 1tb, Samsung 860 evo 1tb sata, Sandisk ultra II 1tb sata

Any help would be massively appreciated. Cheers.
 

Tom_T1993

Commendable
Jul 13, 2016
37
0
1,540
4
Hi,

Thanks for your reply, checked that after work. nothing malicious, although it does list the PID of the true taskhostw.exe, which believe it or not, perfmon shows a different PID.

I'm reformatting, don't particularly feel comfortable knowing it's there.

Thanks for the help. Hopefully a fresh install will get rid of whatever the hell it was.
 
my own system shows a taskhostw.exe in a ProcessExplorer listing, PID 6850 (it can be suspended/resumed from within ProcessExplorer), and it shows as a subset of one of the numerous svchost.exe listings.... path is/should be "C:\Windows\System32\"

My own showed no readable processor usage whatsoever, currently....
 

ASK THE COMMUNITY

TRENDING THREADS