Winhost (us!) and winhost.exe (not us!)

You know, when you’re naming a company you might think all you have to do is come up with an appropriate, catchy name, secure the .com and you’re all set. Funny thing is, you can do all those things and still have some unpleasant neighbors in search results.

Let’s take, oh, I don’t know, Winhost for example. For a company that specializes in Windows hosting like we do, it seems perfect. And it is perfect. But when you search for Winhost on any big search engine (meaning Google, but I’m trying to be fair to scrappy little upstart bing), the first things you’ll see is us, but also on that first page you’ll see listings for pages describing a nasty malware Trojan infecting people’s computers.

Yes, we share the name of a virus! Cool, isn’t it?

No?

Yeah, I didn’t think so either.

Luckily winhost.exe is a relatively old piece of maliciousness, so it’s slowly fading from view. But I figured if we’re going to talk about it, I may as well tell you how to get rid of it! So if you’re suffering from this nasty old threat, here’s a solution:

First you want to delete the file itself. It’s commonly found in C:/Windows/System32. It can also be found in your startup directory, so be sure to check there. Also, perform a search on your System folder just in case the file has been copied to other locations.

Okay, here comes the fun part. Of course deleting the winhost.exe file from your hard drive is not enough. Once you have deleted the file(s), you also have to delete it from the registry.

Before you start modifying the registry it is a good idea to back it up. To backup your registry go to Start/Run and type regedit. Click File/Export and save the file.

You may also want to set a restore point on your computer (though you’d be restoring the virus too if you reverted), go to Start/Run and type RSTRUI and follow the wizard to create your restore point.

Now for the registry.

The fastest way to find and delete all of the winhost.exe entries in your registry is to go to Start/Run and type regedit. Make sure you are focused on the top level of the registry key which should be “Computer” so that it will search the entire registry tree. Go to Edit/Find and type winhost.exe. It will go through the registry and you can delete the winhost.exe records one by one. It is important to make sure all the entries are deleted, but the most important registry keys to be sure to clean up are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Next, go to the refrigerator and have a cold drink. because you’re finished!