TechSpot

Not sure what is normal computer behavior for dllhost.exe

By Dadair
May 6, 2016
Post New Reply
  1. This last march I clicked a link to watch a video, stupid of me I know, and of course it opened a page using scripts or something that told me I was infected. Not long after when I had chrome open, something was trying to send data out, thankfully malwarebytes premium trial protection caught it. I then proceeded to try and clean it with Avast, Malwarebytes, and then lastly spybot S&D. Everything seemed okay after that point on, did not see anything else try and go through malwarebytes protection. Then not a few weeks ago I started seeing strange things, first Windows updater, which I had told not to run, was using up 25% cpu usage on it's own, and then so was trustedinstaller after windows updater wasn't running. I changed a few things and turned windows updater service to manual instead of automatic, and it didn't show up. At this point I was watching my preformance monitor daily for anything out of the ordinary, and thus started the slight paranoia I had trying to make sure my computer wasn't somehow compromised. I started seeing Dllhost.exe showing up often enough and then closing almost as soon as it opened, not actually letting me look at it in properties, and the few times it did it just showed it in the system folder. Started reading up on it and things started to sound like I had a bad trojan that hides itself in dllhost.exe, even though it wasn't eating up massive amounts of cpu like some others had described. I basically tried to figure out what was going on and even took the measure of trying to use combofix. I completely agree that was a stupid decision to do without a professional, but I don't really know what happened to combofix, and reading the log didn't seem to really help my understanding of it.
    So then, I thought to myself, "Hey, I'm still using Windows 7 professional, why don't I try just updating to windows 10 and format the C drive and then it should all go away..right?" So I proceeded to update to windows 10, and things seemed okay, but then I started seeing the rundll32 and dllhost.exe showing up and it seemed like it was doing even more. I realize these are also used in normal computer use, but it seemed to just go about using the dllhost.exe even when I wasn't doing anything with the computer at the time other than looking at resource monitor and process explorer. So, not determined to let it go, I proceeded to get a win 10 iso and go to the startup and do a full format instead of the upgrade from win 7 to 10. Needless to say, I am still seeing dllhost.exe show up, and now 2 copies of taskhostw.exe which disappear when I move my mouse. When I am doing nothing at all, I see 25% cpu usage from resource monitor, of which NT Kernel & System is using up the cpu.

    Long story short, does anyone think I need to actually post in the virus/malware removal section and get things looked at, or can someone in some way confirm that dllhost.exe running and closing over and over when things aren't happening seems like business as usual for windows 10?

    Edit: I forgot to mention, I took a look at the event viewer after the updated from win 7 to 10, and there were over 2000 security logs in the first like 20-30 minutes of windows 10 running. I've read that security logs are created for basically any changes made, but there were quite a few talking about new users and it just seemed suspicious
     
  2. Dadair

    Dadair TS Rookie Topic Starter Posts: 19

    I decided to try and clarify a bit, I currently have 4 dllhost.exe processes showing up in task manager of which 3 are named DllHost.exe with process ids and one that is named dllhost.exe, also with a process id but lacking the capital letters the other 3 have. Also, running process explorer, I see the 3 DllHost.exe running, with their process id's matching the 3, but I do not see the 4th one. The 4th one under the details tab of task manager is under the user name system, so I wonder if the 4th one isn't showing up in process explorer for some specific reason. Still clueless as to why I have 4 dllhost.exe running, they don't seem to be using up anything more than memory and not very much of it at that.
     
  3. Dadair

    Dadair TS Rookie Topic Starter Posts: 19

    I have found the 4th dllhost.exe in process explorer. Still doesn't add up why there are 4 dllhost.exe. Maybe just specific to my computer as I normally only see one com surrogate on other windows 10 pcs. I still will see an occasional dllhost.exe open on resource monitor and then terminate right away.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...