What is fontdrvhost.exe? Should I remove it?
fontdrvhost.exe is a legitimate file for Windows that is used for font driver management software
fontdrvhost.exe is an executable file that runs on all Windows operating systems with administrative privileges. It is primarily used to as one of of the vital components of the OS and can be found running on the Task Manager under Usermode Font Driver Host. As it is a root process, it should be located in C:\Windows\System32\ and reach approximately 0.5-0.6 MB in size. Thus, fontdrvhost.exe should not be shut down, or normal operation of Windows might become impossible.
However, fontdrvhost.exe can also be malicious, so users should always take a close look if the file is causing problems. The easiest way to make sure that the process is from Microsoft is by checking its location. If the executable is not located in System32 folder, it is highly likely that it has been hijacked by a Trojan, rootkit,[1] keylogger, worm, or another malware and poses significant threat to your computer safety and online security. In such a case, fontdrvhost.exe removal should be performed as soon as possible.
Name | fontdrvhost.exe |
Type | Font driver software |
Location | The genuine file is always located in C:\Windows\System32\ |
File size | Between 0.54MB and 0.62MB |
Developer | Microsoft |
Rights | fontdrvhost.exe has Administrative rights on Windows operating systems |
Is it a virus or malware? | While it is highly unlikely, the executable can be malware in disguise. To find out whether it is malicious it is always recommended scanning your computer with anti-malware software. AV applications can remove the malware off of the PC. Also, after that, system tools such as FortectIntego might help with safe but corrupted or damaged files |
Other malware signs and symptoms | The executable is located in C:\Users\[username] folder, the file is not signed by Microsoft and its size is 13MB |
The genuine fontdrvhost.exe file is signed and verified by Microsoft. Typically, knowing whether the file is sight can often indicate if there is anything fishy about it, even if you do not know exactly what it does. Note that Windows OS uses thousands of executables and processes that run at all times, knowing everything about each of such files is practically impossible.
Therefore, if you want to know whether fontdrvhost.exe or any other executable is malicious, follow these easy steps:
- Press and hold Ctrl + Shift + Esc simultaneously
- Once Task Manager opens, click on More details
- Scroll down to locate Usermode Font Driver Host entry
- Right-click on it and select Properties
- In the General tab, you should see the Location section.
- Another thing you could check is the file signature – go to Details tab for that, it should be signed by Microsoft
If you find any irregularities with the file, you should immediately take action to remove fontdrvhost.exe virus from your machine. For that, you should use reputable anti-malware software. When the file is not determined to be malicious, we suggest using FortectIntego as another checking tool. This repair tool can help with system files, or altered registry entries when they cause issues. Be aware that if the process is infected or fake, you might end up giving away all the information you type on your machine directly to cybercriminals.
Remember, getting rid of a legitimate fontdrvhost.exe would cause you tremendous troubles with the Windows operating system. You would not be able to view File explorer and other windows normally, as most of the fonts would simply not function.
Ways that malware spreads
Malware is usually a sophisticated piece of software that is designed for malicious deeds, such as financial information stealing, money extortion, spying, including the machine into a botnet, redirecting users to malicious sites for ad revenue, etc. Regardless of what it is set up to, you do not want it on your computer, and you should do everything to make sure to prevent its entry.
Malware can spread in various ways, including exploits, fake updates, spam emails, web injects, drive-by downloads,[2] and many other methods. Therefore, it is vital to ensure comprehensive security measures combined with careful internet browsing habits. Here are some tips from industry experts:[3]
- Always update your operating system along with the installed programs as soon as new patches are out;
- Never download pirated software or cracks/keygens;
- When installing new software from third-parties, make sure you dispense of all the “Optional” installs;
- Use complicated passwords when protecting your accounts and never reuse them;
- When using Remote Desktop, avoid the default port 3389;
- Install reputable anti-malware software and setup daily scans to be performed;
- Backup your personal files on an external drive or online storage.
Remove fontdrvhost.exe only if you are sure that the file is part of malware
fontdrvhost.exe removal should not be executed until you are completely sure that it is taken over by malware. Since it is a critical system file, the operating system might greatly malfunction and prompt the reinstallation of it. Therefore, it is vital to make sure that the file is indeed related to a computer virus.
As we previously mentioned, there are several checks you can perform when looking for infection vectors – checking file location is one of them. However, if you employ a reputable security tool, you will not have to do that in the first place, as anti-malware software can detect and remove fontdrvhost.exe automatically. We suggest using FortectIntego or SpyHunter 5Combo Cleaner, Malwarebytes for the damaged file diagnosis. These might be the only software you need, although other powerful security software should do the job as well.
- ^ Rootkit. Techopedia. Where IT and Business Meet.
- ^ Drive-by download. Wikipedia. The free encyclopedia.
- ^ Usunwirusa. Usunwirusa. Cybersecurity advice from Poland.