If we have ever snooped a bit on the list of processes running in the Task Manager, we may come across AggregatorHost.exe that may possibly catch our attention and we are not sure if it may be linked to any program or if it may be a virus. , raising the question whether it is safe to be harmful to the PC. For this reason, we are going to see what it consists of and how we can deactivate it if we consider it appropriate.
What Is AggregatorHost.exe
We talk about a host executable which always runs in the background along with other system processes. It usually starts to appear in the previous version of Windows or in the betas, so it is something uncommon. Although it does not seem to carry out any malicious task, it is not possible to know which system function it belongs to because it is not associated with any editor.
Locate the file
To obtain more information about it, we must open the Windows «Task Manager» by pressing the keyboard shortcut «Ctrl + Alt + Delete». Once located within the “Processes” tab in the “Background processes” section, click on it with the right mouse button. This will bring up a context menu where we click on the “Open file location” option.
This will take us to the “System32” subfolder found inside the Windows folder. This makes us indicates that we are possibly before a process linked to the system.
Here we right-click on the AggregatorHost.exe file again and select the “Properties” option. This will open a new window where we will click on the “Details” tab. Here we should see within the “Copyright” section the copyright of Microsoft, however, is not signed so it appears white as we can see in the image.
This is something that can make us doubt if it is a system file, because in that case it should be signed by Microsoft. Perhaps it may be associated with the telemetry collection, as it is even available after a clean install. That is why it suggests that it is originated by Microsoft, despite not being signed. It can also be a temporary file used by Windows Insider Builds, or Windows Defender, or perhaps associated with Adobe products… In the worst case, it cannot be ruled out that it is a virus, although since it does not do anything malicious action, suggests that it is not.
It is safe?
As we have indicated, this is a process that is especially found in beta or preliminary versions of Windows, so when we update the system we may keep the process running in the background. If the file is in the correct path (System32) can be considered safe. In case it is in another place it can be more strange.
In any case, the most advisable thing to do in case of doubt is to run a complete analysis of our antivirus on all the system units, since we cannot rule out that there is a malicious file that is camouflaged inside AggregatorHost.exe.
Ways to remove it
If for the reasons mentioned, such as the lack of Microsoft Copyright or because it is located in a folder other than System32, we can think that the process has been manipulated and is malicious, so we must get rid of it. For this we can try the following actions to perform.
Perform a full scan
If we use Windows Defender, we can run a Complete analisis, typing “Windows Security” in the Start menu search box. In the new window, click on “Antivirus and threat protection”, located in the menu on the left. Then we click on “Exam Options” and select “Full Exam”. Finally, click on “Scan now”.
We can also choose to download a program like malwarebytes, a complete software to search for viruses and malicious files. Although it is a paid tool, it offers a 14-day trial version totally free. During these days we will be able to test all the functions of this security software without limitations, so it will be of great help to confirm if this file may contain any type of malicious software inside.
Kill the process from Safe Mode
In the event that it is a malware or virus and we have not been able to eliminate it with an antivirus, we can enter Windows safe mode and finish the process manually.
To do this we have to open the “Settings” section of Windows, using the key combination “Windows + I”. Then click on the “Update and security” section. In the next window, in the left panel we select the “Recovery” section. Now on the right side we see an Advanced Startup section, so we click on the “Restart Now” button.
When restarting the computer, a blue screen appears, where we must follow the following route:
Solucionar problemas / Opciones avanzadas / Configuración de equipo
Once here, click on Restart and we can see the different boot options. From the list we select number 4 “Enable safe mode”.
Once the system has started in safe mode, we go to the C:/Windows/System32 folder, find the AggregatorHost.exe file and move it to a different location.
If nothing works we can choose to reset Windows. With this option we can choose keep our files or delete them and then reinstall the operating system. In this way, in case the file had a virus or malware in its previous state, it should completely disappear from the system.
To do this, simply press the keyboard shortcut “Windows + I” and access the Configuration section. Click on “Update and security” and then on “Recovery”. Now in the “Reset the PC” section, we click on the “Start” button. In this way, the wizard will take us through the entire process until the system is completely restored. Once finished we can check from the “Task Manager” or the “System32” folder if the file appears again.