Skip to main content
dllhost.exe*32 COM surrogate  is consuming most/100% of my CPU--Must delete soon--HOW?? 
Hello this will need to be manually removed by myself or one of the other techs please submit a Trouble Ticket and ask Webroot Support to setup a remote session.
Hello reevesjb, welcome to the Webroot Community!

 

Rakaniseu is quite correct.. you will want to have Webroot Support take a look at this.  Here is the link to submit a Trouble Ticket.

 

 

@ Out of curiosity, we have seen an unusual number of threads the last couple of days referring to dllhost.exe.  I am well aware that it is very commonly used by malware writers to hide their nasties as it is also a legit Windows file.  I am curious though if the little surge of threads have been due to a new malware or PUA or just coincidence and the result of several different infections.
Poweliks has become quite a scourge of late.Lots of forums i frequent are loaded with threads regarding infections.It's hitting pretty much all purveyors of security software,some far worse than others.New variants are constantly appearing.Thankfully we have pros like Roy here who excel in getting rid of it.You definitely would never want to attempt getting rid of it yourself.I really would like to know how and where people are getting infected by Poweliks.
Despite what people are saying about this it does need a dropper first to run. The droppers arent anything new really, they are coming in via SPAM emails and the usual website junk (fake Java/Flash updaters). The DLLhost is just a parent process that the malware uses to execute (its been seen to use SVCHost though).It has no way to run otherwise, I have seen a few different versions flying around. The latest is breaking IE so it cant save any files (like the way Zero Access does).

 

But I have a cunning plan to fix this that I have tested it and it works.

Reply