Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am Infected? ( Dllhost.exe

  • Please log in to reply
3 replies to this topic

#1 vinicoringa


  • Members
  • 4 posts
  • Local time:10:55 AM

Posted 04 September 2010 - 11:51 AM

Hi everybody,

When I run Rkill, it shows up:

Processes terminated by Rkill or while it was running:

Then I run MalwareBytes-Anti MaLware, but it tells my PC is clean. So I donīt if itīs really clean or the MalwareBytes-Anti MaLware is not being
able to get the "suppose" Malware.

Edited by vinicoringa, 04 September 2010 - 12:40 PM.

BC AdBot (Login to Remove)


#2 CStew23


  • Members
  • 1,484 posts
  • Gender:Male
  • Location:USA
  • Local time:11:55 AM

Posted 04 September 2010 - 12:56 PM


A quick google yielded this: http://www.liutilities.com/products/wintas...ibrary/dllhost/

but if you believe you are infected I'd follow the instructions here:

Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#3 sdcchurricane


  • Members
  • 2 posts
  • Local time:11:55 AM

Posted 15 September 2010 - 10:38 AM

I have gotten the same error message as above and it looks to do a quick restart of windows, so the safe mode help page shows up. How do I get rkill to run?

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,097 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:55 AM

Posted 15 September 2010 - 01:31 PM

What error message are you referring to. vinicoringa posted an RKill log.

All files listed in an RKill log are not necessarily malware related. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.

Dllhost.exe (COM Surrogate aka DCOM DLL host process) is a legitimate Windows component that resides in the system 32 folder. It's presence and termination in RKill's output log is not uncommon.

RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable some of the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill (itself). Other than what is listed above, it does nothing else.

RKill - What it does and What it Doesn't - A brief introduction to the program

Rkill also terminates executable files running from a user profile by design as programs should not be running from a userprofile since they are meant to hold data, preferences, settings, and configuration files. If you are you able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill. Using Rkill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situtations.

If you're having problems running RKill, you can download renamed copies, and try them instead.iExplore.exe
If one of them does not work, then try downloading and running another copy.

-- You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

Edited by quietman7, 15 September 2010 - 01:32 PM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users