vhchost.exe - Useless


Manual removal instructions:

It is a Trojan horse that attempts to steal user names and passwords for certain Internet banking sites, by capturing screenshots and logging keystrokes.
Monitors the URL field in Internet Explorer for the following strings:
e-gold; bank; hsbc; halifax; barclays; openplan; lloyds; abbey; cahoot; nationwide; nwolb; natwest; nationet; woolwich
- Stores keystrokes and the content of the clipboard in the file, %System%\Usert\<10digits>_<8digits>.txt, where the digits are derived from the system time.
- Stores screenshots in the file, %System%\Usert\<10digits>_<8digits>.bmp, where these digits are derived from the system time.
- Using %System%\Winrr.exe, which it previously created, the Trojan creates the RAR file, %System%\Usert, which contains the keystrokes and screeenshots.
- Attempts to send the RAR file to a remote Web server.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Default System Research" = "%Windir%\vhchost.exe"

Or use RegRun Startup Optimizer to automatically remove it from startup.

Remove vhchost.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.