How can I stop dllhost.exe *32 which is creating multiple copies, and causing other problems? Webroot SecureAnywhere does not see a problem although it did catch a Trojen right before this started.
Page 1 / 1
Hello daveharney!
Welcome to the Community,
Please follow these instructions Ok?
What you are seeing and describing is what we on the Community refer to as a PUA. (Potentially Unwanted Application)These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
The best thing to do is to submit a Trouble Ticket and ask Webroot Support to take a look and remove these for you. There is NO CHARGE for this for valid WSA license holder.
Also, we have had a lot of discussion regarding these recently, and I have posted an Idea for Webroot to consider asking them to increase PUA detection. The more users that need help removing a particular PUA the more likely and faster that PUA will be added to detection.
I hope this helps!
Welcome to the Community,
Please follow these instructions Ok?
What you are seeing and describing is what we on the Community refer to as a PUA. (Potentially Unwanted Application)These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
The best thing to do is to submit a Trouble Ticket and ask Webroot Support to take a look and remove these for you. There is NO CHARGE for this for valid WSA license holder.
Also, we have had a lot of discussion regarding these recently, and I have posted an Idea for Webroot to consider asking them to increase PUA detection. The more users that need help removing a particular PUA the more likely and faster that PUA will be added to detection.
I hope this helps!
Hi daveharney
Welcome to the Community Forums.
Just to add to what Sherry has responded with, if I may, from the research I have done on this issue (and there has been a recent spate from what I read) there seems to be a small number of possibilities, including malware but determining which is causing your issue, and curing it if it is indeed malware, is best left to the professionals...and for that reason I also strongly recommend what Sherry has recommended in her reply...that you Open a Support Ticket as soon as possible so that the Support Team professionals can take a look and hopefully sort you out.
For your further information, and for completeness there a few other threads on this subject of which one here you may want to peruse in case they can offer further information
I have my thoughts on the subject but as I am only a volunteer, not a professional, it is best you get a professional view on this.
Whilst they work 24/7 as it is the weekend Support may be a little slower at responding than their usual alacrity. But please bear with them and do let us know how you get on/what they advise as this is all useful information for us here in the Community re. supporting users in future.
Regards, Baldrick
Welcome to the Community Forums.
Just to add to what Sherry has responded with, if I may, from the research I have done on this issue (and there has been a recent spate from what I read) there seems to be a small number of possibilities, including malware but determining which is causing your issue, and curing it if it is indeed malware, is best left to the professionals...and for that reason I also strongly recommend what Sherry has recommended in her reply...that you Open a Support Ticket as soon as possible so that the Support Team professionals can take a look and hopefully sort you out.
For your further information, and for completeness there a few other threads on this subject of which one here you may want to peruse in case they can offer further information
I have my thoughts on the subject but as I am only a volunteer, not a professional, it is best you get a professional view on this.
Whilst they work 24/7 as it is the weekend Support may be a little slower at responding than their usual alacrity. But please bear with them and do let us know how you get on/what they advise as this is all useful information for us here in the Community re. supporting users in future.
Regards, Baldrick
Thank you very much for the advice - I did as you suggested and started a Trouble Ticket. I started the ticket at 8:00 am CDT on Saturday and was speaking to a technician by 10:00 am. He waged an epic battle to find and destroy the infection - it took 3 hours of intense activity. I was able to watch the entire event on my screen as the technician took over my computer remotely - fascinating and scary. I believe I'm free of the infection now - many, many thanks to Webroot!
A few observations:
- This infection was more than annoying. In addition to multiple Trojan.Dropper and W32.Rogue viruses popping up in WSA (thankfully getting caught), my machine was slowing down to an almost unusable state with the number of dllhost,.exe *32 processes being spawned. Also, IE11 was being corrupted and becoming unusable. As it turns out, other software was corrupted (more later about this).
- Getting rid of this infection is clearly not a DIY project and clearly takes a skilled technician to deal with it.
- After the infection was eliminated, I found that my Windows Photo Viewer was corrupted. A Microsoft website suggested running sfc /scannow in an elevated command prompt to repair corrupted system software. I did this (which fixed the photo viewer) and found in the log file that it repaired dllhost.exe in 2 places. Hopefully, this was a good move - I did a full WSA scan afterward and there was no problem.
- This problem raises many concerns. I try to be very careful about what I download, open, or permit to run on my computer. I'm a retired programer (dozen years ago) who volunteered to program a website for our local county. I use a lot of software development tools and need to download new ones and upgrades periodically. Like I said, I try to be very careful and stick with very reputable companies that would have a lot to lose by downloading a virus. But, this did happen to me and I don't know why. Clearly, losing day or two of my time and several hours of a highly skilled technician's time is not workable. Hopefully, something can be done to deal with this more effectively.
However, thanks again to Webroot for coming to my rescue so quickly and competently.
A few observations:
- This infection was more than annoying. In addition to multiple Trojan.Dropper and W32.Rogue viruses popping up in WSA (thankfully getting caught), my machine was slowing down to an almost unusable state with the number of dllhost,.exe *32 processes being spawned. Also, IE11 was being corrupted and becoming unusable. As it turns out, other software was corrupted (more later about this).
- Getting rid of this infection is clearly not a DIY project and clearly takes a skilled technician to deal with it.
- After the infection was eliminated, I found that my Windows Photo Viewer was corrupted. A Microsoft website suggested running sfc /scannow in an elevated command prompt to repair corrupted system software. I did this (which fixed the photo viewer) and found in the log file that it repaired dllhost.exe in 2 places. Hopefully, this was a good move - I did a full WSA scan afterward and there was no problem.
- This problem raises many concerns. I try to be very careful about what I download, open, or permit to run on my computer. I'm a retired programer (dozen years ago) who volunteered to program a website for our local county. I use a lot of software development tools and need to download new ones and upgrades periodically. Like I said, I try to be very careful and stick with very reputable companies that would have a lot to lose by downloading a virus. But, this did happen to me and I don't know why. Clearly, losing day or two of my time and several hours of a highly skilled technician's time is not workable. Hopefully, something can be done to deal with this more effectively.
However, thanks again to Webroot for coming to my rescue so quickly and competently.
Hello there!
WOW... sounds like that took a good bit of work, but I am glad everything is cleaned out now!
While it was quite a battle to remove, that may be a good thing: that example should have provided Webroot with a LOT of data to work with, and that info will be used to do exactly what you mention: "Hopefully, something can be done to deal with this more effectively"
We do appreciate all of your patience, but hopefully your case will help make WSA a stronger program for everyone.
WOW... sounds like that took a good bit of work, but I am glad everything is cleaned out now!
While it was quite a battle to remove, that may be a good thing: that example should have provided Webroot with a LOT of data to work with, and that info will be used to do exactly what you mention: "Hopefully, something can be done to deal with this more effectively"
We do appreciate all of your patience, but hopefully your case will help make WSA a stronger program for everyone.
Hello daveharney!
Thank you for letting us know how the Support Team was able to help you and that you fixed some corrupted files with the command sfc/scannow! I'm happy you got your photo viewer back.
This is very sad to have this happen to someone. There's always that first time it seems to happen to anyone. In your case it's great to know Support was able to fix your computer. Hope all is well now.;) Also in having Webroot this was fixed!
Take care and come on and visit us anytime. We are Volunteers who love to help others with problems and we do have fun learning from eachother.
Fantastic reply and its very helpful to us in helping stir others in the right direction.
Thank you,
Best Regards,
Thank you for letting us know how the Support Team was able to help you and that you fixed some corrupted files with the command sfc/scannow! I'm happy you got your photo viewer back.
This is very sad to have this happen to someone. There's always that first time it seems to happen to anyone. In your case it's great to know Support was able to fix your computer. Hope all is well now.;) Also in having Webroot this was fixed!
Take care and come on and visit us anytime. We are Volunteers who love to help others with problems and we do have fun learning from eachother.
Fantastic reply and its very helpful to us in helping stir others in the right direction.
Thank you,
Best Regards,
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.