XMan3 Posted June 7, 2015 ID:967846 Share Posted June 7, 2015 Hey, I have heard about this "COM Surrogate", and it seems that I am infected...I noticed it being in my processes, and popping up again when I stopped it, after a while of course. I am really worried that my personal information might go to the wrong hands, And I am not sure can Malware Bytes see it.Just in case, if Malware bytes Doesn't find it, I have located its "homeplace", the dllhost.exe in the System32 folder, so I am not going to touch it.I have gathered some information so far: Size of it 19 264 bytes. (dllhost.exe)Size (on disk) 20 480 bytes. (dllhost.exe)"How it behaves"For my knowledge, it just pops up in my Tasks. If I don't do anything, it will disappear, after a while, re-appear.Infected file(s?):- dllhost.exe [C:\Windows\System32\]Process name: "COM Surrogate" Currently programs ran with it:Adwcleaner (4.206)Malware bytes [Free]RKillAvast (Latest) Can anybody help me with this current situation? I am really worried! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 7, 2015 ID:967847 Share Posted June 7, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967850 Share Posted June 7, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. I tried downloading it (64 bit version), and my windows says that it is dangerous? My downloads might be broken, or infected! Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967851 Share Posted June 7, 2015 And also, When I ran HitmanPro 3.7.9, it reported FRST64.exe being suspicious. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 7, 2015 ID:967852 Share Posted June 7, 2015 Ignore warnings, FRST is safe tool. Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967856 Share Posted June 7, 2015 Sorry, but how do I attach a file to a post? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 7, 2015 ID:967857 Share Posted June 7, 2015 There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools. Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967858 Share Posted June 7, 2015 When I press it, error shows up, directing to a page https://forums.malwarebytes.org/index.php? Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967859 Share Posted June 7, 2015 Alright! Now it is working!Addition.txtFRST.txt Link to post Share on other sites More sharing options...
XMan3 Posted June 7, 2015 Author ID:967867 Share Posted June 7, 2015 Hmm, seems that this COM Surrogate isn't a virus, I looked to a website where they find viruses and document them, COM Surrogate was in there and I noticed it, but now in further investigation, Others say "it is just a typical dllhost.exe". This is starting to weird me out... Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 8, 2015 ID:967895 Share Posted June 8, 2015 PC seems clean to me. Link to post Share on other sites More sharing options...
XMan3 Posted June 8, 2015 Author ID:967926 Share Posted June 8, 2015 PC seems clean to me.Thank you!I heard this being a virus, but good to know that it is false positive! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 11, 2015 Root Admin ID:968641 Share Posted June 11, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts