Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I had a trojan that used dllhost.exe apparently to upload data from my machine. I read of one that does this and uploads files with the .com extension. I was wondering what types of files are these?
I have gotten this "virus". Could it be from MP3s? I recently downloaded a song I saw on MTV, its called "A.F.I. - Girls Not Grey". Those RIAA lamers may have bound it with the MP3. I have read about their plans to do this and they may have started doing so... I isolated the activity and have been monitoring it. I have been getting Smurf attacks for the past 4 hours on my internet connection, in which it has unsuccessfully blocked my access. The odd thing is, when I disconnect, it stops. When I start the connection, it resumes. If you block certain ports it cannot hinder the connection and/or send out information. I cannot tell you the ports it is using, I need to look into it a little further. Luckily I had them closed :) My computer is telling me that is has 100% CPU usage. I need to get rid of this nuisance. Whew!
0 
I think i also got this trojan. At first, im wondering that my network was always transmitting data in the internet. I tried to run my netstat in my box, then i saw many connections. I tried to configure im firewall but still, transmitting data in the net, and the unknown connections that i saw in "netstats". I thought it was ok.
Then the following day, i've experienced 100% CPU resource usage. I looked up in my task Manager, i saw DLLHOST.exe running in my processes. I terminated its process and i tried to delete all DLLHOST.exe file. And know nothings bothering me again.And i started to doubt that it was a trojan or something. Now? im sure it was :D
0
Sorry to intrude, but you should be aware that a copy of dllhost.exe in your ..\system32\wins folder is in fact an operating infection of the welchia worm. Go to www.symantec.com or your AV vendor of choice for more info and a removal tool.
This uses the same backdoor as MSBlaster, so you should also visit Microsoft and get the blaster patch.
It uses an exploit that MS left in Win2K and XP, and as such is not tranferred in mp3s or programs you may have downloaded.
It is not a trojan, although there are reports of trojans exlploiting this same vulnerability.
Good Luck.
(I've been dealing with this at work for two weeks)
0
Thanks for giving me such information. Now i know :D
Q. What is the dllhost.exe process on my machine that seems to use a lot of CPU?
A. DLLHOST.exe acts as a host to execute any COM DLL outside a process address space. Microsoft KB article Q198891 has more details.
With SQL Server this may be used for a linked-server/OLE-DB type connection to another machine or if you are
invoking a COM object out-of-process using the sp_OAcreate stored-procedures.
0
Id downloaded a Welchia Repair Tool from symantec website.
-->The service "RpcPatch" is viral. It is deleted.
The service "RpcTftpd" is viral. It is deleted.
The tool has deleted the viral file "C:\WINDOWS\system32\wins\DLLHOST.exe".
The tool has deleted the viral file "C:\System Volume Information\_restore{7063A181-48D4-45F8-8E23-F551A6544A56}\RP55\A0074614.exe".
The file "C:\WINDOWS\System32\wins\svchost.exe" is deleted.
W32.Welchia.Worm has been successfully removed
from your computer!Here is the report:
The total number of the scanned files: 79923
The number of deleted files: 3
The number of repaired files: 0
The number of viral processes terminated: 0
The number of viral services deleted: 2
The number of registry entries fixed: 0
0
I used both McAfee & Trend Micro to clean my home machine, running XP over 98. Having got bored being unable to delete dllhost I powered down overnight. Next day it had disappeared from wins, BUT my firewall was going bonkers with dial-out attempts. CPU @ 90-100%, partially due to firewall & anti-virus activity.
The solution was in running Ad Aware, a free download from Lavasoft. 76 diallers picked up!! Delete = no outbound = no firewall/anti-virus activity = I get back my CPU.
0
I have a question. A friend of mine was trying to install DSL through msn and our local telephone company. Now, before we started to do this she had internet access, but once we were loading the disc (DSL for MSN) she now has no access to her internet what so ever. Now, MSN told her to delete the file DLLHOST.exe. What exactly can I tell her to get this problem taken care of?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
