Com surrogate
Hey all, picked up this infection. Where and how picked up, I don't know. Loads the CPU at 30-50%, lost packets in the network, lag the browser stops playback of flash applications.The file has the form .dll sits in Вин32, is digitally signed by Microsoft. Antiviruses don't see it.
The question is how to remove this stuff? Maybe someone already faced with this stuff, as it was deleted?
If the registry is killed, throw the key on 10 Wines please.
Help get rid of this Trojan.
Win 10 x 64
UPD: IN General tried to delete the file manually, finding it in the folder Вин32.
Vinda swore at me, saying that I have no rights and that trustedinstaller is preventing me to touch this file. Open access, blocking trustedinstaller, removed from the folder Вин32 the file. Manager all the process Com surrogate is gone, Ccleaner'th was held on the registry errors, removing them. Cleaned browser and system cleaner and walked SecurityTaskManager. The Manager also revealed nothing.
Now the tricky question - I deleted the Com surrogate? Or this stuff is impossible to get rid of?
There are opinions for this reason those who are faced with this stuff?
And than you checked for viruses? Personally, I test Malwarebytes Anti-Malware + Dr.Web CureIt + ESETOnlineScanner. And of course before checking the tick mark, and disk scan.
Спойлерhttp://what-a-process.Russian/com surrogate/
Rottan
I have constant protection Dr Web PRO, chased them. Also chased the defender (standard in wine 10 antivirus).
Trojan can be digitally signed by any manufacturer.
insel260
Well, then reinstalling the System. Faster it is than to look for something. But you passed, at least Dr. Web CureIt and ESETOnlineScanner and read it under the spoiler about Com surrogate. Permanent AntiVir is one thing, but the scanner is a little more.
Спойлерhttps://free.drweb.ru/download+cureit+free/
And I have seven of this process. And in folders too.
Rottan
Reinstall the system will not, this is stupid, it is possible to remove it in a manual, not perestanavlivaya Axis, to lose 200 GB of data there is no desire.. the Virus I have deleted total commander found a match for Dllhost.exe and blew them to hell. Now clean the registry of inactive keys will be all right.
By the way, I draw your attention - carat, even under safe mode, brings not so much good. For example, complex Trojans it cannot detect. Like for example this Com Surrogate Trojan is registered as a Microsoft conventional software ( such as GCD, Kaspersky, DR. web and others) are not detected. They need to look or specialized programs (such as antimalware or the same task Manager) or delete manually using total commander and the registry.
Hope for Korat when searching for malware is not enough.
RFL
Congratulations, especially a hotbed for viruses collect? Well, everyone has his hobby.
insel260
Where did you get this virus? Unable to reinstall Windows. Immediately after reinstalling, go into the task Manager and you will again see this process.
From Google: Description: dllhost.exe is a program supporting the process of Microsoft's Distributed Component Object Model (DCOM), which is part of the system architecture of modern versions of Windows, other Microsoft products, as well as some programmes made by other companies. Under normal circumstances this process is invoked when it is necessary to manage software components dynamic-link library (DLL), and then self-terminates. Is considered a major component of the operating system.
RFL
Because the process limit was 50% of the CPU.
As dllhost.exe needs to Вин32 and nowhere else, I was still in 9 places! By tracking and eradicating all of them came back to normal.
There is a virus that masquerades as this process, because the anti-virus it and not touch. But it is easy to calculate, the standard process from Windows (original) consumes no more than 0.5% of the load, if not at 0% constantly. The virus also produces at least 30%, pain in the ass to remove it, as Windows does not give the right, considering him as his process.
So that's something.
There are different situations. Personally for me it was a virus, after removing it the computer came back to normal.
Rottan
Do you mean Malwarebytes Anti-Malware?
yeah
insel260
As if it may not be the virus,the fact that it is a system component of Windows that is responsible for handling the COM+ process, IIS (Internet Information Services) and other programs. By the way, I noticed that it seems like even player KMPlayer uses this COM+, as I have often had some kind of mistake when I'm the player was turned off. The process dllhost.exe necessary for the work environment .NET, in General, the system COM+ as if needed...And if he sits you in the folder WindowsSystem32 and C:\Windows\SysWOW64 it is unlikely this is a virus
KanSi
In Вин32 on the original in WinSxS is the original (brace), in other places - this is not the original.
I repeat, I have this file lying in 9 (NINE LOCATIONS).
The original file can not be scattered throughout the computer.
This file also was not on the system drive, and in a hidden folder was on the D: Drive is\.
As I wrote earlier, everyone has different circumstances, I it was a virus masquerading as the original dllhost.exe
Read more Wikipedia, it clearly helps to get rid of the infection from the computer.
*sarcasm*
insel260
You said and I quote is specifically a hotbed for virus soberest, do not generalize,if you have a virus on the computer disguised as a DLL,it does not mean that other people have this virus is...
KanSi
But you can with full confidence say that Com Surrogate is not a virus, what is inexorably trying to prove by copying various info from the wiki... I'm talking about the fact that I had a virus that was not monitored by antivirus software and found it only with the help of Total commander, by the way, where was VIR.
Look here:
Com Surrogate is a dangerous Trojan. Masquerades as a system process Dllhost.exe. Changes of network configuration options of Windows firewall. Aimed at stealing sensitive user data — usernames and passwords, payment details etc. Can provide cyber criminals remote access to victim's PC, to load other viruses.
Com Surrogate is to recognize by the following symptoms:
reduced speed of your computer;
slow to load websites in the browser.
unstable work of the network application;
MS Word, Excel, Notepad and others run with errors;
in task Manager observed 5-7 active duplicate Dllhost Com Surrogate process;
the CPU and RAM when fully loaded (95-98%) in the absence of running applications in the system.
link to источникhttp://izbavsa.ru/tehnika/kak-udalit-virus-surrogate-com-windows
About a hotbed of the virus, I meant that you're hard to prove that really do not understand. Are you sure you are not sitting like that? Like I said normal antiviruses do not always notice the virus, then you need something more specialized.
And the more the subject is created not for the explanations that Com... the virus, and to help combat it! And got a bunch of unnecessary and useless information.
GG4
And I somehow will to swing, to pay 4-8 thousand rubles for one game or just spend 30 minutes cleaning a computer from viruses? To each his own.
Dear administration - please close the thread, because I received no useful advice.
insel260 wrote:
Dllhost.the same egeon - Com surrogate. The standard photo viewer Windows, is in C:\Windows\System32 there's the version in WindowsSysWOW64.