Ok, I've read 2 other threads about dllhost, and I think I've got the trojan.. In the Windows\System folder(not system32), I've found the file DLLHOST.exe in caps and the file size is 24k. Do I delete this file? Will there be any consequences if I do?

hello you could try online virus scan and see if it finds a problem. free trojin scan http://www.trojanscan.com/trojanscan panda scan http://www.pandasoftware.es/activescan/ housecall http://housecall.trendmicro.com/housecall/start_corp.asp nrav av http://www.ravantivirus.com/scan/ virus scan http://www.bitdefender.com/scan/licence.php avast cleaning tool http://www.avast.com/i_idt_171.html mcafee avert stinger http://vil.nai.com/vil/stinger/ scans for open trojin ports http://scan.sygate.com/pretrojanscan.html test my sheilds grc https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2

Thanks, I did the trojan scan and came up no trojans found. I'm guessing the file must be ok :) The scan took about 40 min.

hello the file might be spyware d/l spybot search and destroy,update it,run it.d/l ad-ware do the same.

Oops that didn't work her you go again. Follow these instructions from the Symantec site, obviously the links won't work. Visit Symantec.com for the patches How Can I Remove the Welchia or MSBLAST.D worm? Follow these steps in removing the Welchia or MSBLAST.D worm. 1) Disconnect your computer from the local area network or Internet 2) Terminate the running program Open a command prompt window. Click Start>Run, type CMD and then press the Enter key. At the command prompt, type the following: NET STOP "Network Connections Sharing" Press the Enter key. A message should indicate that the service has been stopped successfully. Do the same to stop the following service: NET STOP "WINS Client" Close the command prompt window. 3) Remove the Registry Entries Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services> In the left panel, delete the subkeys: RpcPatch RpcTftpd Close Registry Editor. 3) Install the patches for the DCOM RPC Exploit or WebDAV exploit, you can download the patches from the links below before disconnecting DCOM RPC Exploit Windows XP Pro/Home Edition Windows 2000 WebDAV Exploit Windows XP Windows 2000 4) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well) Click Start, point to Find or Search, and then click Files or Folders. Make sure that "Look in" is set to (C:\WINDOWS). In the "Named" or "Search for..." box, type, or copy and paste, the file names: svchost.exe dllhost.exe Click Find Now or Search Now. Delete the svchost.exe file in the c:\windows\system32\wins directory Delete the dllhost.exe file in the c:\windows\system32\wins directory Empty the Recycle bin. 7) Reboot the computer, reconnect the network, and update your antivirus software, and run a thorough virus scan using your favorite antivirus program. This worm is similar to the MSBlaster worm, you can find more information about MSBLAST.A by visiting this page

P.S. Be very careful in the Registry editor mistakes can be costly. P.P.S. If you notice an unusual process running type the name exactly as it appears DLLHOST.exe for example, into Google search box and have a look at some of the results to establish what the process does and if it is associated with a virus or something. Symantec has tons of stuff for manually removing virus'and trojans and stuff.

Ok, thanks for advice and tips. As for typing it into google, thats what I did, and this site came up :). I think this dllhost might actually be a windows program, and haven't ran adaware in awhile.. I think it is time I updated it, and clean out spyware.