vhchost.exe - Useless


Manual removal instructions:

It is a Trojan horse that attempts to steal user names and passwords for certain Internet banking sites, by capturing screenshots and logging keystrokes.
Monitors the URL field in Internet Explorer for the following strings:
e-gold; bank; hsbc; halifax; barclays; openplan; lloyds; abbey; cahoot; nationwide; nwolb; natwest; nationet; woolwich
- Stores keystrokes and the content of the clipboard in the file, %System%\Usert\<10digits>_<8digits>.txt, where the digits are derived from the system time.
- Stores screenshots in the file, %System%\Usert\<10digits>_<8digits>.bmp, where these digits are derived from the system time.
- Using %System%\Winrr.exe, which it previously created, the Trojan creates the RAR file, %System%\Usert, which contains the keystrokes and screeenshots.
- Attempts to send the RAR file to a remote Web server.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Default System Research" = "%Windir%\vhchost.exe"

Or use RegRun Startup Optimizer to automatically remove it from startup.

Remove vhchost.exe now!

Reviewed by:


vhchost.exe Dangerous Rating: 5 out of 5

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial of UnHackMe.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.