• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

dllhost.exe

W

WaIIy

Flightless Bird
I don't recall installing anything new lately.

All of a sudden, I have two instances of dllhost.exe running in Task
Manager upon boot.

If I kill them and their processes, there is no ill effect.

Yes, I've scanned and also run Avira and Zone Alarm Pro.

I'd like to get rid of them.
Thanks
 
P

PA Bear [MS MVP]

Flightless Bird
There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now post the requested information (logs, etc.) in your own, new thread
in one (only) of the following recommended forums for assistance by an
expert in such matters. DO NOT SKIP THIS STEP!!

. SpywareHammer: Malware Removal
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0

. Spyware Warrior: Help with spyware removal
http://www.spywarewarrior.com/viewforum.php?f=5,

. DSL Reports: Security Cleanup
http://www.dslreports.com/forum/cleanup

. Bluetack: Malware Removal
http://www.bluetack.co.uk/forums/index.php?showforum=172

. AumHa: Malware Removal
http://aumha.net/viewforum.php?f=30

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

WaIIy wrote:
> I don't recall installing anything new lately.
>
> All of a sudden, I have two instances of dllhost.exe running in Task
> Manager upon boot.
>
> If I kill them and their processes, there is no ill effect.
>
> Yes, I've scanned and also run Avira and Zone Alarm Pro.
>
> I'd like to get rid of them.
> Thanks
 
W

WaIIy

Flightless Bird
On Fri, 6 Aug 2010 20:41:59 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:

>There is a very good chance that you are seeing the effects of a hijackware
>infection!
>

<snip>
>
>WaIIy wrote:
>> I don't recall installing anything new lately.
>>
>> All of a sudden, I have two instances of dllhost.exe running in Task
>> Manager upon boot.
>>
>> If I kill them and their processes, there is no ill effect.
>>
>> Yes, I've scanned and also run Avira and Zone Alarm Pro.
>>
>> I'd like to get rid of them.
>> Thanks



Thanks for the info, but I have no malware/infection.

I just can't get rid of it on boot. If I kill the two instances in
Task Manager, I'm fine.

Also, I have very little loading on startup. I use Startup Control
Panel to stop just about everything.
 
P

PA Bear [MS MVP]

Flightless Bird
Then what's causing the two instances of DLLHOST.DLL to load at boot?

WaIIy wrote:
> On Fri, 6 Aug 2010 20:41:59 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>> There is a very good chance that you are seeing the effects of a
>> hijackware
>> infection!
>>

> <snip>
>>
>> WaIIy wrote:
>>> I don't recall installing anything new lately.
>>>
>>> All of a sudden, I have two instances of dllhost.exe running in Task
>>> Manager upon boot.
>>>
>>> If I kill them and their processes, there is no ill effect.
>>>
>>> Yes, I've scanned and also run Avira and Zone Alarm Pro.
>>>
>>> I'd like to get rid of them.
>>> Thanks

>
>
> Thanks for the info, but I have no malware/infection.
>
> I just can't get rid of it on boot. If I kill the two instances in
> Task Manager, I'm fine.
>
> Also, I have very little loading on startup. I use Startup Control
> Panel to stop just about everything.
 
P

Peter Foldes

Flightless Bird
Wally

A quick question. How do you know you do not have a malware/infection.


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

"WaIIy" <WaIIy@(nft).invalid> wrote in message
news:pqgp56dm1i1nt2k9otbs96fao0579k5nj0@4ax.com...
> On Fri, 6 Aug 2010 20:41:59 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>>There is a very good chance that you are seeing the effects of a hijackware
>>infection!
>>

> <snip>
>>
>>WaIIy wrote:
>>> I don't recall installing anything new lately.
>>>
>>> All of a sudden, I have two instances of dllhost.exe running in Task
>>> Manager upon boot.
>>>
>>> If I kill them and their processes, there is no ill effect.
>>>
>>> Yes, I've scanned and also run Avira and Zone Alarm Pro.
>>>
>>> I'd like to get rid of them.
>>> Thanks

>
>
> Thanks for the info, but I have no malware/infection.
>
> I just can't get rid of it on boot. If I kill the two instances in
> Task Manager, I'm fine.
>
> Also, I have very little loading on startup. I use Startup Control
> Panel to stop just about everything.
 
P

PA Bear [MS MVP]

Flightless Bird
+1

Peter Foldes wrote:
> Wally
>
> A quick question. How do you know you do not have a malware/infection.
>
> "WaIIy" <WaIIy@(nft).invalid> wrote in message
>>
>>> There is a very good chance that you are seeing the effects of a
>>> hijackware infection!
>>>

>> <snip>
>> Thanks for the info, but I have no malware/infection.
>>
>> I just can't get rid of it on boot. If I kill the two instances in
>> Task Manager, I'm fine.
>>
>> Also, I have very little loading on startup. I use Startup Control
>> Panel to stop just about everything.
 
W

WaIIy

Flightless Bird
On Sat, 7 Aug 2010 09:27:28 -0400, "Peter Foldes" <okf22@hotmail.com>
wrote:

>Wally
>
>A quick question. How do you know you do not have a malware/infection.


Hi Peter,

Well, everything runs perfectly. I use Firefox and have every stopper
addon known to man. I run CCleaner twice a day.
Ran Avira and Malwarebytes.

I can stop the instances in Task manager with no known adverse effect.

I use Zone Alarm Pro and I have no unusual outbound requests I can see
using Process Explorer.

I have winxp pro no network, dsl and I'm behind a router.

Google comes up with the same issue, but no real way to stop it.

I haven't installed any new software except an Aimp2 update.

I might have installed a Java and Flash update and I suspect one of
those. I don't load Java on boot and goto the online Flash manager and
kabosh everything.

I don't know for sure I have a malware/infection problem, but highly
doubt it.

Hmm, maybe I'll stop it in Task Manager, do an Erunt and restore the
registry. Well, maybe I don't know.
 
P

PA Bear [MS MVP]

Flightless Bird
So what's causing the two instances of DLLHOST.EXE to load at boot?


WaIIy wrote:
> On Sat, 7 Aug 2010 09:27:28 -0400, "Peter Foldes" <okf22@hotmail.com>
> wrote:
>
>> Wally
>>
>> A quick question. How do you know you do not have a malware/infection.

>
> Hi Peter,
>
> Well, everything runs perfectly. I use Firefox and have every stopper
> addon known to man. I run CCleaner twice a day.
> Ran Avira and Malwarebytes.
>
> I can stop the instances in Task manager with no known adverse effect.
>
> I use Zone Alarm Pro and I have no unusual outbound requests I can see
> using Process Explorer.
>
> I have winxp pro no network, dsl and I'm behind a router.
>
> Google comes up with the same issue, but no real way to stop it.
>
> I haven't installed any new software except an Aimp2 update.
>
> I might have installed a Java and Flash update and I suspect one of
> those. I don't load Java on boot and goto the online Flash manager and
> kabosh everything.
>
> I don't know for sure I have a malware/infection problem, but highly
> doubt it.
>
> Hmm, maybe I'll stop it in Task Manager, do an Erunt and restore the
> registry. Well, maybe I don't know.
 
W

WaIIy

Flightless Bird
That's what I'd like to know. If I find out, I'll let you know.


On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:

>So what's causing the two instances of DLLHOST.EXE to load at boot?
>
>
>WaIIy wrote:
>> On Sat, 7 Aug 2010 09:27:28 -0400, "Peter Foldes" <okf22@hotmail.com>
>> wrote:
>>
>>> Wally
>>>
>>> A quick question. How do you know you do not have a malware/infection.

>>
>> Hi Peter,
>>
>> Well, everything runs perfectly. I use Firefox and have every stopper
>> addon known to man. I run CCleaner twice a day.
>> Ran Avira and Malwarebytes.
>>
>> I can stop the instances in Task manager with no known adverse effect.
>>
>> I use Zone Alarm Pro and I have no unusual outbound requests I can see
>> using Process Explorer.
>>
>> I have winxp pro no network, dsl and I'm behind a router.
>>
>> Google comes up with the same issue, but no real way to stop it.
>>
>> I haven't installed any new software except an Aimp2 update.
>>
>> I might have installed a Java and Flash update and I suspect one of
>> those. I don't load Java on boot and goto the online Flash manager and
>> kabosh everything.
>>
>> I don't know for sure I have a malware/infection problem, but highly
>> doubt it.
>>
>> Hmm, maybe I'll stop it in Task Manager, do an Erunt and restore the
>> registry. Well, maybe I don't know.
 
W

WaIIy

Flightless Bird
I haven't quite nailed it down, but I think it has to do with Java.

I uninstalled Java and the two dllhost.exe don't show in Task manager
upon boot.

I'll keep you posted if you'd like.



On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:

>So what's causing the two instances of DLLHOST.EXE to load at boot?
>
>
>WaIIy wrote:
>> On Sat, 7 Aug 2010 09:27:28 -0400, "Peter Foldes" <okf22@hotmail.com>
>> wrote:
>>
>>> Wally
>>>
>>> A quick question. How do you know you do not have a malware/infection.

>>
>> Hi Peter,
>>
>> Well, everything runs perfectly. I use Firefox and have every stopper
>> addon known to man. I run CCleaner twice a day.
>> Ran Avira and Malwarebytes.
>>
>> I can stop the instances in Task manager with no known adverse effect.
>>
>> I use Zone Alarm Pro and I have no unusual outbound requests I can see
>> using Process Explorer.
>>
>> I have winxp pro no network, dsl and I'm behind a router.
>>
>> Google comes up with the same issue, but no real way to stop it.
>>
>> I haven't installed any new software except an Aimp2 update.
>>
>> I might have installed a Java and Flash update and I suspect one of
>> those. I don't load Java on boot and goto the online Flash manager and
>> kabosh everything.
>>
>> I don't know for sure I have a malware/infection problem, but highly
>> doubt it.
>>
>> Hmm, maybe I'll stop it in Task Manager, do an Erunt and restore the
>> registry. Well, maybe I don't know.
 
T

thecreator

Flightless Bird
Hi Wally,

Go to Start then Search and Enter dllhost.

Search the Local Hard Drive and all Hidden Files and Folders. Take a
look at the Date of the file.

You should have a File Creation Date of 8/4/2004 with the mouse hovering
over the name. Date Modified is the Date it was installed on the computer.


--
thecreator




"WaIIy" <WaIIy@(nft).invalid> wrote in message
news:eek:69p56t063dtn0htun0h9d76tevn1vfd21@4ax.com...
>
> I don't recall installing anything new lately.
>
> All of a sudden, I have two instances of dllhost.exe running in Task
> Manager upon boot.
>
> If I kill them and their processes, there is no ill effect.
>
> Yes, I've scanned and also run Avira and Zone Alarm Pro.
>
> I'd like to get rid of them.
> Thanks
 
M

Mike S

Flightless Bird
On 8/7/2010 6:32 PM, WaIIy wrote:
>
> I haven't quite nailed it down, but I think it has to do with Java.
>
> I uninstalled Java and the two dllhost.exe don't show in Task manager
> upon boot.
>
> I'll keep you posted if you'd like.
>
>
>
> On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>> So what's causing the two instances of DLLHOST.EXE to load at boot?

<snip>

Would pocess explorer help with this?

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Ever wondered which program has a particular file or directory open? Now
you can find out. Process Explorer shows you information about which
handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window
always shows a list of the currently active processes, including the
names of their owning accounts, whereas the information displayed in the
bottom window depends on the mode that Process Explorer is in: if it is
in handle mode you'll see the handles that the process selected in the
top window has opened; if Process Explorer is in DLL mode you'll see the
DLLs and memory-mapped files that the process has loaded. Process
Explorer also has a powerful search capability that will quickly show
you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking
down DLL-version problems or handle leaks, and provide insight into the
way Windows and applications work
 
W

WaIIy

Flightless Bird
On Sat, 07 Aug 2010 18:44:20 -0700, Mike S <mscir@yahoo.com> wrote:

>On 8/7/2010 6:32 PM, WaIIy wrote:
>>
>> I haven't quite nailed it down, but I think it has to do with Java.
>>
>> I uninstalled Java and the two dllhost.exe don't show in Task manager
>> upon boot.
>>
>> I'll keep you posted if you'd like.
>>
>>
>>
>> On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
>> <PABearMVP@gmail.com> wrote:
>>
>>> So what's causing the two instances of DLLHOST.EXE to load at boot?

><snip>
>
>Would pocess explorer help with this?
>
>http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
>


I looked with PE. I could see the two dllhost.exe , but couldn't make
sense of what they were connected to.
 
W

WaIIy

Flightless Bird
Yup, Aug 4, 2004 for dllhost.exe

Anyway, I solved it.

I opened Revo Uninstaller and noticed I had two different Java updates
in there. ( damn things showed 90 megs)

I uninstalled all Java.

I found the firefox Java dll in Firefox and deleted it.

Reboot

I installed newest Java

(The new one shows 90.95 megs but no way I downloaded 90 megs, must be
some kind of error)

Went to Java icon in Control Panel set - no auto update - no
quickstart-no cache

Java works fine in Firefox.

No dllhost.exe in Task Manager

Reboot

No dllhost.exe in Task Manager

Odd thing, eh?


On Sat, 7 Aug 2010 21:32:57 -0400, "thecreator" <thecreator@home.com>
wrote:

>Hi Wally,
>
> Go to Start then Search and Enter dllhost.
>
> Search the Local Hard Drive and all Hidden Files and Folders. Take a
>look at the Date of the file.
>
> You should have a File Creation Date of 8/4/2004 with the mouse hovering
>over the name. Date Modified is the Date it was installed on the computer.
 
W

WaIIy

Flightless Bird
Thanks

I looked at that before and don't have that registry key. I disabled
half of my Services and that didn't do me any good.


On Sat, 7 Aug 2010 21:40:44 -0400, "Daave" <daave@example.com> wrote:

>See:
>
>http://searchtasks.answersthatwork.com/tasklist.php?File=DLLHost
>
>WaIIy wrote:
>> I haven't quite nailed it down, but I think it has to do with Java.
>>
>> I uninstalled Java and the two dllhost.exe don't show in Task manager
>> upon boot.
>>
>> I'll keep you posted if you'd like.

>
 
M

Mike S

Flightless Bird
On 8/7/2010 6:46 PM, WaIIy wrote:
> On Sat, 07 Aug 2010 18:44:20 -0700, Mike S<mscir@yahoo.com> wrote:
>
>> On 8/7/2010 6:32 PM, WaIIy wrote:
>>>
>>> I haven't quite nailed it down, but I think it has to do with Java.
>>>
>>> I uninstalled Java and the two dllhost.exe don't show in Task manager
>>> upon boot.
>>>
>>> I'll keep you posted if you'd like.
>>>
>>>
>>>
>>> On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
>>> <PABearMVP@gmail.com> wrote:
>>>
>>>> So what's causing the two instances of DLLHOST.EXE to load at boot?

>> <snip>
>>
>> Would pocess explorer help with this?
>>
>> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
>>

>
> I looked with PE. I could see the two dllhost.exe , but couldn't make
> sense of what they were connected to.


post the results if you'd like more folks to look at them.
 
M

Mike S

Flightless Bird
On 8/7/2010 6:46 PM, WaIIy wrote:
> On Sat, 07 Aug 2010 18:44:20 -0700, Mike S<mscir@yahoo.com> wrote:
>
>> On 8/7/2010 6:32 PM, WaIIy wrote:
>>>
>>> I haven't quite nailed it down, but I think it has to do with Java.
>>>
>>> I uninstalled Java and the two dllhost.exe don't show in Task manager
>>> upon boot.
>>>
>>> I'll keep you posted if you'd like.
>>>
>>>
>>>
>>> On Sat, 7 Aug 2010 15:50:18 -0400, "PA Bear [MS MVP]"
>>> <PABearMVP@gmail.com> wrote:
>>>
>>>> So what's causing the two instances of DLLHOST.EXE to load at boot?

>> <snip>
>>
>> Would pocess explorer help with this?
>>
>> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
>>

>
> I looked with PE. I could see the two dllhost.exe , but couldn't make
> sense of what they were connected to.


How about giving Process Monitor a try?

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Process Monitor is an advanced monitoring tool for Windows that shows
real-time file system, Registry and process/thread activity. It combines
the features of two legacy Sysinternals utilities, Filemon and Regmon,
and adds an extensive list of enhancements including rich and
non-destructive filtering, comprehensive event properties such session
IDs and user names, reliable process information, full thread stacks
with integrated symbol support for each operation, simultaneous logging
to a file, and much more. Its uniquely powerful features will make
Process Monitor a core utility in your system troubleshooting and
malware hunting toolkit.
 
Top