How to remove syshost.exe?

Alex_91

Estimable
Nov 12, 2015
4
0
4,510
Today I started task manager and saw this process syshost ............ i tried to end the program message poped-up that unable to terminate the program ...then i went to it's location which is C:\Windows\Installer\{A4D6E64C-F511-4F97-F321-32B8D1F5A2D1} ............ i tried to delete it and message poped up that the file is too long or something ..... researched on this file on inter net and saw many articles saying that it's a trojan and opens back door for many hackers ..... and for cure they are saying to download softwares like Malwarebytes(present in my PC) and Spy HUnter4 etc etc.......... but non of them worked .....is there any solution for this or i have to format the PC ... i have windows 7
 
Solution
Why you cannot often remove it.
Is because it is in use by windows.

You will have to terminate the process in windows before you try to delete it.
Or simply use the F8 option of windows when the system is first booting and choose safe mode.

You should be able to still run malware bytes in windows safe mode, and if it detects the file as a trojan or malware be able to remove it.

Like wise also with any antivirus scan of your system while in safe mode Alex.

jasonkaler

Distinguished
Nov 22, 2011
45
0
18,610
A little trick that I do with files I can't delete (usually because they're running) is to go to the properties of the file, security, and deny access to the file.
Generally you can just turn off "read" and "read & execute"
Then reboot, the file will no longer be able to execute and you can now delete it

If the file gets re-created at your next reboot, it means there is master trojan that is running that is downloading and installing that one.
This is what usually happens. A single back door or trojan downloads child viruses etc.
What you can do then is deny all access again, as above, and create a folder with the exact same name. nothing will be able to re-create the file.

You may want to search your registry for the file name too, and remove it from there.
 

Shaun o

Distinguished
Why you cannot often remove it.
Is because it is in use by windows.

You will have to terminate the process in windows before you try to delete it.
Or simply use the F8 option of windows when the system is first booting and choose safe mode.

You should be able to still run malware bytes in windows safe mode, and if it detects the file as a trojan or malware be able to remove it.

Like wise also with any antivirus scan of your system while in safe mode Alex.
 
Solution

Diddly

Distinguished
Nov 2, 2006
2
0
18,510
what anti-virus or anti rootkit software have you got installed? Boot into safe mode and run the anti-virus and anti-rootkit software before removing any files.
 

Paul NZ

Admirable
All you have to do is go into safe mode / either run msconfig go to startup delete its entry. Or do it with ccleaner. Then delete its file

I would also run trojan remover. If it finds anything it'll remove it from the registry / wherever as well