Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, November 5, 2014

Remove dllhost.exe *32 COM Surrogate virus (Uninstall Guide)

Tell your friends:
Multiple dllhost.exe *32 (COM surrogate) instances may indicate that your computer is infected with malware, mostly likely a Trojan horse. It could be the Trojan.Poweliks or similar malware. Once your computer is infected, this virus may create 30 or even more instances of dllhost.exe *32 - COM Surrogate, consume 100% of the processor, and all of RAM. In same cases it consumes memory until crash. What is Trojan Horse software, you may ask? Well, just like the ancient Greek mythological horse that it takes its name from, today's Trojan Horse is something which, despite looking innocent, has actually been designed to do a lot of damage. The wooden horse that the Greeks built was created to infiltrate the City of Troy and destroy it from within, and in a similar vein, Trojan Horse malware is a program that makes you think it is safe - and then once installed on your computer, will attack you from the inside. If you have a good anti-malware program it will stop this infection right away or if it missed the Trojan dropper then at least block all the outbound traffic by dllhost.exe *32 virus.

So that the Trojan Horse can infect your PC or laptop you need to install its server function. And it is this that gives this particularly nasty type of malware its name. Because in the Greek tale the Greek army designed the wooden horse to look like a peace offering and presented it as a gift to the people of Troy (but were actually hiding their army inside the horse), modern Trojans also convince you that they're a legitimate application that will do you no harm. Unfortunately, as the people of Troy found out when they were attacked as soon as darkness fell, this is simply not the case.

What do Trojan Horses do to computers?

There are a number of ways a Trojan Horse can affect you. Some types might harass you with endless pop-up or pop-under adverts for goods or services that you probably have little to no interest in. Annoying yes, but this type of Trojan is the least of your worries for an increasingly large proportion of Trojan Horses have been designed to infiltrate your PC to corrupt your data and files. They will prevent you accessing them in some cases, or they might just decide to delete them altogether. And the sickest part? The person who developed the Trojan Horse malware doesn't even gain anything from this – they just do it purely because they can. Now, in this case, dllhost.exe *32 (COM surrogate) instances are usually used to display ads but it may also install spyware on your computer. Everything is done in the background without your knowledge, so there's not other way to spot this malware other than finding multiple instances dllhost.exe processes.

How does a Trojan Horse program get on to my computer?

There are actually a few ways that Trojan Horses can infect your laptop or PC. There are Trojans which come as attachments in spam emails – these will be in the form of .exe files. And there are yet others which will purport to be something useful that you'll stumble across when you’re online. They might be disguised as a fun looking game or even (ironically) as the latest and greatest, must-have new anti-virus program. The Trojan Horse's MO, or Modus Operandi, is to convince you to drop your guard and let it in through your defenses – so it can cause chaos. Just as it did to the good people of Troy.

How do I protect myself from Trojan Horses?

As always you want to ensure you're running a good anti-malware program on your computer. You should also make sure your PC is up to date with the most current Windows security patches too. Crucially you should be careful when you're downloading programs or applications. And don't forget the golden rule when dealing with spam emails. Don't open them - delete them!

To remove dllhost.exe *32 COM Surrogate virus and other threats that may have been installed on your computer, please follow the removal guide below. If you have questions, leave a down comment below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur,

Dllhost.exe *32 COM Surrogate virus removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer.

NOTE: If you are using Internet Explorer and can't download anti-malware software because "Your current security settings do not allow this file to be downloaded" then please reset IE security settings and try again.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.

3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.


Anonymous said...

Doesn't work. I've tried both ways and none of them work.

David Dearing said...

Same here. Issue just started after a windows update. I have no sound from flash, can't download anything, malwarebytes can't find anything, and TDSSkiller doesn't see anything either.. This sucks...

Anonymous said...

What is up with Norton? Should they not notify me that they are aware of the problem and working on a fix/sending a fix? This seems stupid to me that I need to do something about it and Norton, that I paid good money for, doesn't recognize and have a fix for it??? Does someone have a way to convince Norton that this is a problem? Hello? ding ding???

Admin said...

I'm pretty sure Norton team is aware of this virus and working on a fix.

d i r k said...

Seems to be a iexplorer & dllhost.exe virus that hijacks your system and eats all your cpu usuage.
I've tried Microsoft security essentials, tdsskiller, ccleaner, malwarebytes and even sfc /scannow all in safe mode and nothing works.
There's gotta be real fix for this thing.

David Dearing said...

Malwarebytes released an update yesterday which fixed it on my machine. It found 740 files that had to be quarantined. On Monday, it found nothing (before the update). I have no more issues.

Markus said...

Have same problem on my machine. So far neither Norton or Spybot did clean this out. For now I used the ProcExp from SysInternals Suite and just suspended the SVCHOST.EXE and the 8 DLLHOST.EXE instances. At least machine is useable again. I do have TCPView.exe from SysInternals always open to make sure nothing else is going on.

Anonymous said...

I didn't have anything on my pc I was worried about losing so I just wiped the drive and re-installed windows...I have yet to meet a virus that can survive a format.

d i r k said...

I found a temp fix to bypass the dllhost.exe. Just create a new windows adm account and sign into that, problem gone.

REM said...

hold alt, ctrl, and delete at the same time, let go and a selection list will appear, open Start Task Manager When that opens start deleting all the actions listed as "Surrogate"
This will get your computer back to usable right away until the Trojan starts bringing surrogates in again. I'm doing this while searching for a fix to the virus. Avast is not stopping it but at least I can use my computer in the interim.

Anonymous said...

i have found what you have said cant i just delete it the exe?