Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe*32??? Virus or normal proccess?


  • Please log in to reply
31 replies to this topic

#1 GeorgeStam89

GeorgeStam89

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 07 June 2015 - 08:14 AM

Hello days ago  when seeing some pictures in Google  Avast alerts and told me that blocked some viruses URL:Mal see previous posts http://www.bleepingcomputer.com/forums/t/576242/am-i-clean-how-can-i-check-for-sure/?view=getnewpost http://www.bleepingcomputer.com/forums/t/576537/avast-blocked-urlmal-type-of-infection-5-times-i-dont-remember-url/?view=getnewpost

Many days now,my pc(desktop) laggs with or without internet proccessions and also i see a dllhost.exe*32 with 29-30K at C:\Windows\SysWOW64 folder!!!
Can you help me to remove all the viruses from my computer andworks good??


Edited by hamluis, 07 June 2015 - 09:47 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:09 PM

Posted 07 June 2015 - 10:29 AM

According to your previous topic you were asked to create new topic in malware removal forum.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 PM

Posted 07 June 2015 - 10:30 AM

Shelf life, a member of the Malware Removal Team, determined on the 14th of May that in this topic there was no malware.

 

Edit:

 

Hi Broni, they did.  That's where the link will take you.


Edited by dc3, 07 June 2015 - 10:31 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:09 PM

Posted 07 June 2015 - 10:34 AM

Thanks DC :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 PM

Posted 07 June 2015 - 10:39 AM

:thumbup2:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:08:09 PM

Posted 07 June 2015 - 11:29 AM

Hmmm...

 

http://www.bleepingcomputer.com/forums/t/576242/am-i-clean-how-can-i-check-for-sure/?p=3709114

 

OS-BC_zpsutz7lycj.jpg

 

   :whistle:    :ph34r:


Edited by Union_Thug, 07 June 2015 - 11:32 AM.


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 PM

Posted 07 June 2015 - 11:33 AM

 
Please download Microsft Genuine Advantage Diagnostic Tool.  Clicking on this link will immediately initiate the download.
 
When the diagnostic tool opens you will see a image like the one below.  Click on Continue.
 
mgadt1_zpssea2rxt2.png
 
Click on Copy, copy and then paste the content in your topic.
 
mgadt2_zpsbrkf74ab.png
 
If the Copy option does not work, take a screenshot of the content of the image and post that in your topic.
 
How to make a screenshot
 
1. Download and run A Thousand Words .
 
2. Follow the wizard to capture a screenshot
 
3. Use the built-in editor to resize, edit, or re-capture your screen shot. 
 
4. Your screen shot will be saved to your desktop when you finish the wizard.
 
You can post the screenshot in your next post as an attachment.  
 
Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options
 
Post2_zpsf05c0430.png
 
When you click on More Relpy Options  you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you want to post, then click on Attach This File, then Add Reply.
 
BCreply1_zpsc36d42fc.png 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 07 June 2015 - 01:23 PM

Dan, this topic is now in Am I Infected and does not allow attachments.

#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 PM

Posted 07 June 2015 - 01:31 PM

GeorgeStam89

 

Alex is correct, you can't post an image in this topic.

 

Please download the program and run it.  Click on the Windows tab and post what the Validation code is in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 08 June 2015 - 01:01 PM

post the results in this topic or previous with same questions?



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,031 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:09 PM

Posted 08 June 2015 - 02:20 PM

Download the program I suggested in post #7 and run it.

 

Click on the Windows tab, under Validation info: post what the code is for the Validation Code:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 08 June 2015 - 05:12 PM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GK4PY-FDWYH-7TP9F
Windows Product Key Hash: u3xU6PnmumgYLgUpnmbqEw9Q2OA=
Windows Product ID: 00371-OEM-8992671-00004
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {3163450E-0BBC-477D-8075-20248329B80B}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150525-0603
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3163450E-0BBC-477D-8075-20248329B80B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7TP9F</PKey><PID>00371-OEM-8992671-00004</PID><PIDType>2</PIDType><SID>S-1-5-21-1889768098-1045734326-830431835</SID><SYSTEM><Manufacturer>ASUS</Manufacturer><Model>All Series</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1205</Version><SMBIOSVersion major="2" minor="7"/><Date>20130626000000.000000+000</Date></BIOS><HWID>CD7E3907018400F4</HWID><UserLCID>0408</UserLCID><SystemLCID>0408</SystemLCID><TimeZone>Χειμερινή ώρα GTB(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Έκδοση υπηρεσίας παραχώρησης Αδειών Χρήσης λογισμικού: 6.1.7601.17514
 
Όνομα: Windows® 7, Professional edition
Περιγραφή: Windows Operating System - Windows® 7, OEM_SLP channel
Αναγνωριστικό ενεργοποίησης: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Αναγνωριστικό εφαρμογής: 55c92734-d682-4d71-983e-d6ec3f16059f
Εκτεταμένο PID: 00371-00178-926-700004-02-1032-7601.0000-3252014
Αναγνωριστικό εγκατάστασης: 016173459072406244739333790212371223420756770664852604
URL πιστοποιητικού επεξεργαστή: http://go.microsoft.com/fwlink/?LinkID=88338
URL πιστοποιητικού υπολογιστή: http://go.microsoft.com/fwlink/?LinkID=88339
URL άδειας χρήσης: http://go.microsoft.com/fwlink/?LinkID=88341
URL πιστοποιητικού αριθμού-κλειδιού προϊόντος: http://go.microsoft.com/fwlink/?LinkID=88340
Μερικός αριθμός-κλειδί προϊόντος: 7TP9F
Κατάσταση άδειας χρήσης: Με άδεια χρήσης
Εναπομένων αριθμός επανενεργοποιήσεων των Windows: 3
Αξιόπιστη ώρα: 9/6/2015 1:09:08 πμ
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:24:2015 20:59
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAAACAAAAAgABAAEAln0IXfyMwhvcGHTE2rJw9WqLJLGchCBTKmXI9g==
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC ALASKA A M I
  FACP ALASKA A M I
  HPET ALASKA A M I
  MCFG ALASKA A M I
  FPDT ALASKA A M I
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  SSDT PmRef Cpu0Ist
  BGRT ALASKA A M I
  SLIC ACRSYS ACRPRDCT
 
 
 
 


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:09 PM

Posted 09 June 2015 - 07:17 PM

dllhost.exe*32??? Virus or normal proccess?

Processes that end with *32 are 32-bit applications running under WOW on a 64-bit OS. WOW64 allows 32-bit Windows-based applications to run on 64-bit Windows.

fixedbyvonnie-task-manager-32-bit-applic

Windows-Task-Manager.pngMicrosoft created the folder named SysWOW64 for storing 32-bit .dll files. WOW64 equates to "Windows 32-bit on Windows 64-bit". This folder contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. The C:\Windows\System32 folder still exists in the 64-bit version of Windows but it is used as a repository for 64-bit .dll files.

For a more detailed explanation, please refer to:Dllhost.exe is the Windows DCOM DLL Host Process that manages DLL based applications and executes COM+, a part of Microsoft Component Object Model technology in Windows which enables software components to communicate. COM+ controls processes in the Internet Information Services (IIS), handles programming tasks like resource pooling, disconnected applications, event publication/subscription and distributed transactions. The Dllhost.exe process is utilized by many different applications to include Visual Basic and .NET applications. There can be multiple instances of DLLhost.exe running at the same time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 09 June 2015 - 08:06 PM

Of course but only in this path C:\Windows\System32,dllhost.exe is normal proccess...In other case is a virus (for example SysWOW64 folder)(http://www.neuber.com/taskmanager/process/dllhost.exe.html)



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:09 PM

Posted 09 June 2015 - 08:15 PM

Also i forgot to tell you that when i open task manager there are 3 dllhost.exe that 2 of them vanish and the 1 with 30.000K exists...Sometimes i have a little laggish..Is it an issue from malware or something...?

The multiple instances of dllhost.exe are ok.


So are you now saying your Dllhost.exe is running from a different path?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users