dllhost.exe com surrogate multiple processess

[Magic Miguel]

Anyone come across this? It appears to be benign but I can't find anything concrete except for there is nothing out that that specifically says it is a virus/malware. However I've come across two machines so far, within the past month with similar symptoms and have thrown everything at it and have not found a single trace except for minor things. I'm either way behind on the malware removal game or it's something totally different but since I came across it twice I'm sure someone has come across it here. Any ideas?

Symptoms is just multiple, talking 30 or so processes by the actual user called dllhost and it's related to the COM SURROGATE.

Just an update but it might've been a Windows update. Still waiting to confirm.

 

[Magic Miguel]

Just an update it came back. Any ideas? Windows updates were not re-applied. I initially did a system restore and it helped for a little bit but I left and came back and there were all the dllhost.exe taking up all the ram and cpu.

 

[NYJimbo]

You googled this problem and tried some of the suggestions, right ?

 

[citizensmith]

everything what he said ^

re rant
Apologeis for hijacking this thread momentarilly. For the 98 people who read my earlier post - "Give us a clue' - thanks.

I would like

posts that have suficient background tech info & diagnosis included so the nice folk here can actualy give helpfull advice. And it would be nice to know what solution(s) worked to.
Seems to be quite few posts lateley that require psychic powers and then just tail off without knowing how it all ended. Like people have watched "you are a noob on XDA developers" http://www.youtube.com/watch?v=JmvCpR45LKA and decided to do the total oposite
thanks everybody
/rant

I dont sugest we go back to the whole LTMGTFY sniping comments. This thread and others by the googlephobes apear to lack "this is what I tried" backgrounds. Even newer members here are comenting of lack of info.
/rant2 .

On Topic -> OS? SP? IE version? drivers? safe mode? AV?

 

[Xander]

Smith, have you checked out the links in my sig?

 

[citizensmith]

Smith, have you checked out the links in my sig?

No mate. I have 'no sigs = true'

 

[Magic Miguel]

I have tried all of the available options that were out there including turning off DEP on the 64-bit version of dllhost.exe. I've been watching it Process Monitor for a while and it's doing all kinda stuff on its own. Safe mode it does not occur. I do a clean boot with all the non-MS services and all programs disabled but when I startup it regular mode the dllhost.exe are back and taking up all the memory. When I monitor it with Process Monitor it does stuff related to Internet Explorer, doing stuff in the temp file directory, all kinds of stuff and some may be legitimate and some may not or all may be legitimate just that it is over reacting due to something.

The only other thing is that the two PCs I had this problem on were both Sonys so at that point I started uninstalling all of the Sony software that were on them but that did not help either. Other people said that disabling DEP on the C:\Windows\Syswow64\dllhost.exe and this should fix it. Others have just literally given up on it and just formatted their PCs. Ideally I would love to figure it out since I've personally seen it on two of my own client PCs so far. But I am all for throwing in the towel at a certain point. I apologize if I lacked any info, here's hoping this info that I am sharing may prompt a response or find someone who has experienced and fixed this problem in the past.

Windows 7 SP1 64-bit Sony laptop
4GB memory
IE11
Tried changing all drivers/updating them to what was available, again safe mode works ok, however once I switch it to a clean boot into regular windows the dllhosts.exe come back and start taking up all system resources.

 

[Mokester]

Well...first of all...does it happen on all user accounts? Create a test account and see. If, not, migrate data after reloading profile by using registry. Judging by what you described, sounds more like a virus has injected itself into the OS...if it was just one process it might be a codec/thumbnail issue. Does it still happen if you turn off thumbnails?

Yes, malware can sometimes be tricky now. Theres a bunch of things I'd try...probably would take me about an hour billable time. If I couldn't do it by then, I would reload.

 

[BrianofNazareth]

Apologies for being late to the party here, but I came across this a few months ago. Dell laptop, Windows 7. Multiple instances of dllhost.exe "com surrogate" eating up 100% of the CPU whenever there was an internet connection. So, not a problem in Safe mode, but unable to update any tools etc. Safe mode w/networking no bueno.

My work around? In Safe mode, create a firewall rule blocking the process. Then I was able to boot normally and update all the various tools and remove the root kits & viruses.

Mission accomplished

 

[ComputerRepairTech]

i had this just the other day...like the day before yesterday. It was a virus I don't recall which one. The user had their safeboot registry entries removed so remote support techs should be careful about immediately rebooting into safe mode with networking.


Edit: Oh right how I dealt with it...I used process hacker to suspend all dllhost.exe's if I tried to terminate them they would just come right back. I believe the removal was handled by malware bytes anti rootkit.