What is Taskhostw.exe Coin Miner? And how does it function?
Taskhostw.exe Coin Miner is a Trojan infection that exploits a victim’s CPU processing power to mine a digital crypto-currency known as Monero. The crypto-currency mining Trojan might enter a computer unnoticeably and drop several malicious files after it connects it to a mining pool and will start to overheat component while mining crypto-currency for its developers.
The moment it enters a system, Taskhostw.exe Coin Miner drops its malicious files in this directory – %UserProfile%\AppData\Local\Microsoft\WindowsUpdate\updatechecker.exe and taskhostw.exe – this executable file will then launch the taskhostw.exe on the infected computer. Take note that there is a legitimate file located at C:\Windows\system32\taskhost.exe. This legitimate file should not be confused with the Taskhostw.exe Coin Miner as they are totally different from one another even though they have almost identical names.
Once this Trojan is executed, it will connect to the Monero pool at xmr-eu2.nanopool.org:2828 and starts to mine Monero digital currency which causes the CPU utilization to rise steeply and stays that way while Taskhostw.exe Coin Miner is running in the background.
The update checker file may also perform a series of unwanted tasks on the infected computer such as schedule the other file Taskhostw to automatically run and display a fake Adobe Flash Player web page. In addition, this file might also execute other unwanted tasks such as taking screenshots, log your keystrokes, copy passwords that are saved on your web browsers, copy files, activate your camera, update itself, download other malicious software as well as replicate its processes to make its removal even more difficult.
Aside from the fake Flash Player, there is no other outward indication that Taskhostw.exe Coin Miner is running in your computer so here’s a list you can tick off to see if you are indeed infected with this Trojan horse:
- You should see a process named Taskhostw.exe running in your Task Manager that almost takes up most of your CPU power.
- You should also see a process called Updatechecker.exe with a name “Microsoft Windows Update Checker” in the Task Manager although it does not use any CPU.
- You should see an autorun file named WindowsUpdateChecker which starts the updatechecker.exe on login.
- You will suddenly find it hard to browse Windows files as it minimizes and maximizes excruciatingly slow.
- Your Windows programs don’t open as quickly as before.
- You will notice a sudden decline in the overall performance of your PC.
How does Taskhostw.exe Coin Miner spread online?
Taskhostw.exe Coin Miner spreads as a fake Adobe Flash Player Update which is offered on a malicious website. The site will display a message stating that the Flash Player needs to be updated and then it will download the malicious program automatically. And once you open this malicious program, it will install the Taskhostw.exe Coin Miner right away. This is the reason why you have to be careful in downloading any software update especially if the download source can’t be trusted. To avoid this kind of instances, it’s best to download software updates directly from the software’s official website.
Terminate Taskhostw.exe Coin Miner from your PC with help of the following steps.
Step 1: Tap Ctrl + Shift + Esc keys on your keyboard to pull up the Task Manager
Step 2: After opening the Task Manager is opened, go to the Processes tab and locate the malicious processes that are named Taskhostw.exe, Updatechecker.exe and WindowsUpdateChecker which are all processes of the crypto-currency mining Trojan. Then end all of these processes.
Step 3: Close the Task Manager and tap the Win + R, then type in appwiz.cpl and then tap Enter or click OK to open Control Panel.
Step 4: Look for Taskhostw.exe Coin Miner and then uninstall it.
Step 5: Close Control Panel and then tap the Win + E keys to open File Explorer.
Step 6: Navigate to the following locations.
- %HOMEDRIVE%\Applications\
- %WINDIR%\Tasks
- %WINDIR%\System32\Tasks
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 7: Look for the malicious files created by Taskhostw.exe Coin Miner such as Taskhostw.exe and Updatechecker.exe and delete them.
Step 8: Close the File Explorer.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that the Trojan has created. PC Cleaner Pro is a trusted program that helps in improving your computer’s overall performance by repairing any registry issues as well as optimizes your system. If you are not familiar with the Windows Registry skip to Step 14 onwards. However, if you are well-versed in making registry adjustments, then you can proceed to step 10.
Step 9: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 10: Go to the following locations and delete all the registry keys and sub-keys created by Taskhostw.exe Coin Miner.
- HKEY_CURRENT_USER\Software\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\
Step 11: Close the Registry Editor
Step 12: Empty your Recycle Bin.
Once you got rid of Taskhostw.exe Coin Miner from your PC, follow the advanced guide below to get rid of it’s the files it has created.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be dispayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialogue box will be displayed by Internet Explorer. Click Run to begin downloading the program. The installation will start automatically once a download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.