C:\WINDOWS\SYSTEM32\CONHOST.EXE attempting to access computer

Hi, 4 minutes after I log in on my computer C:\WINDOWS\SYSTEM32\CONHOST.EXE always attempts to access my computer. So, it appears that malware has somehow externally programmed an attack to take place 4 minutes after I log in on my computer. Norton says that it has blocked an attack of moderate severity. So I have had a look at the conhost file as follows: In Windows 7 search programmes and files enter C:\Windows\system32\conhost RC on conhost file and then go to Norton insight. File is good according to Norton insight. Any ideas on how to prevent this systematic attack that always takes place 4 minutes after I log in, and who is behind it. (I have recently set my computer back to factory settings, but that didn’t stop it. Also 3 other internet security computer programmes I tried out on my computer could not stop, or cope with this type of attack. I then tried Norton which blocked it. There is some kudos to Norton there. Norton appears to have very good security around/with its firewall, particularly when the computer is starting up. As to who is behind it, I did receive an uninvited overseas phone call from a lady, with an Indian accent, offering to assist me with computer problems, and purporting to be “computer maintenance”. An attempted con. The offer was declined. Also 3rd party cookies atdmt.com, m.webtrends.com have been tracking me, even though the firefox browser is set to inform sites not to do 3rd party tracking. The question arises who is using these cookies.) At 4:55 to 4:56 pm on Tues 20 07 2011 there were 59 attempts in succession by C:\WINDOWS\SYSTEM32\CONHOST.EXE to access my computer.

Hello,

 

This is normal and nothing to worry about. It is not malware. C:\WINDOWS\SYSTEM32\CONHOST.EXE is a Microsoft file, and it does try to read (among many others) Norton files a few minutes after booting a system. What you see is just Norton's self-protection kicking in an blocking that. 

 

It is not an attack, and it happens on all systems, and you can safely ignore it. Norton's self-protection blocks ALL programs that in any way tries to read or otherwise access any of its files, processes or folders, and this produces this entry in the log. The CONHOST.EXE you describe is a system file doing the accessing, though, and there is nothing at all to worry about. You can't and shouldn't stop it from doing so.

 

And cookies are harmless text files. They are no threat in any way. They are managed by your browser settings, and will appear again on your hard drive as soon as you visit a web site. If you are using Firefox, they can still be from Internet Explorer, as many other programs will use IE indirectly. For example, I don't use IE either, but whenever i launch World of Worldcraft, that uses IE (without actually opening IE), and writes IE temp files to the hard drive.

 

The lady who called and offered computer maintencance was probably a scam, though, and you did the right thing declining. It was unrelated to conhost.exe or cookies or your Norton program, though.

When I ran Process Explorer, it induced a large number of recorded Unauthorized Access Blocked entries.  But the program was clearly identified, with Norton files as the targets.

 

While conhost.exe might not be suspicious, the large number of entries in succession may be.  What programs were running concurrent with these entries' timestamps?  I would certainly consider the entries as a sign that something is amiss.  Perhaps the event viewer may have entries with the same timestamps.