Search the Community
Showing results for tags 'comsurrogate'.
Dear Malwarebytes Team, My 2y old Laptop is totally overheating for no easy to discover reason. (I carefully opened, cleaned and reassembled my laptop to make sure ventilator and heatsink are in 100% clean condition.) I believe i have a nasty malware on my system. My Laptop HP Pavillion Corei5 4200 ULT bought in Oct. 2015 with preinstalled Windows 8 upgraded to 10, 1709, mechanical drive swapped to SSD with 555MB/s R+W. Using Core Temp v1.1 to analyze my system in idle and under heavy load I could find the temperature of both cores rising up to 100°C as soon as I start any application. The CPU maximum load was capped at 50% and dropping to 30-45% by breaching TPoint 100C every couple of seconds. I used the rootkit scanner GMER and could see my hard drive showing an unknown Master boot record entry. (No fixes done) I found another post here which recommended to use RogueKiller which could help me to detect and delete some Malware. RogueKiller found 1 folder and three executable files of an already uninstalled Bitcoin Mining Software. (Minergate, classified as Malware) I used RogueKillers function to disinfect me system. Odd seems to me that me having a BTC Mining Software trial is already about a month ago and also the creation time stamps of the folder and the .exe showed up dating accordingly about a month ago, yet I actually had no performance issues in that time since - until a couple of days ago the overheating issue came down on me while gaming. Sadly me laptop still tends to overheat and it seems to be disinfected only partially. I found "Windows Modules Installer Worker" service causing some 30% load to me CPU in idle and causing it to run 96-97C nearly meeting TPoint (100C) whenever I run any application. Manually ending the Windows Modules Installer Worker via Taskmanager made the core values return to normal. Another time at the same day after I had already used RogueKiller for disinfecting, I found the "comsurrogate" service running twice by checking on the Taskmanager during gaming "Warcraft III" Manually closing the service improved the games performance - restoring normal conditions to the game operation. Of the two comsurrogate services only one had the signficant CPU load and 50% of memory consumption, the other showed permanent idle and 0% memory consumption. The initial overheat issue occurred out of nowhere while gaming online. While gaming online a very old game title "Warcraft 3" (min req. PII-233MHz MMX, 16MB 3D) me laptop unusually started the fans on high speed and the game showed extremely low frame rates. Me laptop got a dedicated grafix card Nvidia GeForce 840M 2GB GDDR5 which I use for hardware acceleration by standard. The game uses TCP and UDP ports 6126 and is known to enable malicious players to somewhat hijack other players systems, usually to manipulate games to their favor. Mostly the aim is to force others to disconnect from the game, or slow the connection of players over the game time (by redirecting their game network packages with some altered addressing) in order to gain an advantage in ingame resource flow. (RTS game, similar to LOL and DOTA) As a player with a huge lack in coding and understanding in depth network technologies I have to live with a certain percentage of manipulated games and frequently rebooting the game, but there has never been such a persisting thermal issue ever so far. Nowadays intentions and motivations may have changed, I just read an article about a Monero Mining Virus and I am now trying to bring things together. Ironically another player told me that he believes that his pc had been hijacked for crypto mining just minutes before my laptop started showing thermal issues and a massive lack of computing performance. Can someone here please help me and guide me through how to further identify possible threads and clean my Laptop again, like i've seen you were about to help another member called Kevin, having similar problems in another post? I could manage to run FRST64.exe and I am ready to send you the two files it created as scan result (running the app standard settings). Thank you for your attention and also - Thank you already in advance for your advice. I do highly appreciate your help. With best regards from Australia, Thomas
Hello, My computer seems to have a problem whenever i only open on my /F: folder (not /C:) to view some other folders inside the hdd. My computer began to slow down and RAM Memory is slowly increasing every second. From what i notice in the task manager, there's a process call dllhost.exe where its eating away all the ram and its description under COM Surrogate. To recover normally i have to restart every time when i open the F folder, and after that everything is okay, but ill never touch the /:F just to avoid it. I look around with Mr.Google and which quite confuse whether its a malware or link to the system32. Please help and thank you Look at the picture for more info... Using Windows 7 64 Bit, 16gb of RAM
For a couple of weeks, one of our users has had non-stop ESET popups informing him that "an address has been blocked." As this is happening, many dllhost.exe *32 COM Surrogate processes build up in the task manager. This problem is only present on his user account on the computer. I deleted his user profile and had him log in again. The problem cleared for almost a week before it came back. Any help ridding this computer of it would be greatly appreciated. I've run a FRST scan and attached the logs. FRST.txt Addition.txt
Hi, first of all thanks in advanced for the help you could provide me. I will try to be short but detail. I noticed my laptop Dell Latitude running slow and overheating after a Windows Update and I began to notice pop ups from Norton telling me that COM Surrogate was consuming too much memory. Here began the nightmare. I ran Norton, Viprerescue, Microsoft Scanner, Norton Power eraser, Kaspersky, etc. and all of them no threat found. I contacted Norton support and they performed a remoted session and did something trought de cmd and after all, they told me everything was clear. Great!! But not. The pc was fast as before but many features, programs and shortcuts didn't response to the mouse click. Can't open programs, etc. by the way I am not an IT but I love pc. I was checking under windows/system32 and there is a dllhost.exe file and its properties looks good. But there is another one dllhost.exe under windows/syswow64 and that one looks weird, properties different, permissions and security details looks bad. When the permission under security tab in the prperties of the files are denied works fine but then no response to certainly features and programs but if I change the permission and allow everything those features works but COM Surrogate begin to consume high memory. Also I check the same files on my wife's pc and both dllhost.exe are in those location windows system32 and syswow64 but looks perfect and works perfect. I hope you can understand and appreciate your help and support. Thanks a lot in advanced.