Do you know COM Surrogate? If you navigate around in your Task Manager, there’s a solid chance you’ll see one or more “COM Surrogate” processes running on a Windows PC. These files have the name “dllhost.exe” and are components of the Windows operating system. You’ll notice them on Windows 10, 8, 7, and even more initial versions of Windows.
What Is COM Surrogate (dllhost.exe)?
COM stands for Component Object Model. This interface Microsoft introduced back in 1993 allows developers to create “COM objects” using various programming languages. Typically, these COM objects plug into other applications and spread them.
For instance, the Windows file manager utilizes COM objects to generate thumbnail images of images and other files when it opens a folder. The COM object controls processing images, videos, and extra files to generate the thumbnails. This enables File Explorer to be extended with support for new video codecs, for cases.
Though, this can point to problems. If a COM object falls, it will take down its host process. At one point, it was common for these thumbnail-generating COM objects to hit and take down the entire Windows Explorer process with them.
To solve this sort of issue, Microsoft designed the COM Surrogate process. The COM Surrogate process operates a COM object outside the original method that demanded it. If the COM object collapses, it will only take down the COM Surrogate process, and the original host process won’t break. For instance, Windows Explorer (now known as File Explorer) begins a COM Surrogate process whenever it requires to generate thumbnail images. The COM Surrogate manner hosts the COM object which does the work. If the COM object falls, only the COM Surrogate crashes, and the original File Explorer process will retain on trucking.
How Can I Determine Which COM Object a COM Surrogate Is Hosting?
The standard Windows Task Manager doesn’t provide you any more knowledge about which COM object or DLL file a COM Surrogate process is hosting. If you need to see this report, we suggest Microsoft’s Process Explorer tool. Download it, and you can mouse over a dllhost.exe process in Process Explorer to recognize which COM Object or DLL file its hosting. This special dllhost.exe process is hosting the CortanaMapiHelper.dll object.
Classify the COM Surrogate Virus With Your Antivirus (And Don’t Make the Issue Worse!)
IMPORTANT: Do not join your cell phone, tablet, or USB drive to an infected PC. In doing so, you chance the virus replicating itself onto those devices.
Once you’ve downloaded a distinct antivirus application, run a full disk scan on your PC. Even if you believe you know where the virus started or see where the suspicious .exe file is located, a full disk scan is best.
A whole disk scan will detect, quarantine, and eliminate every copy of the COM Surrogate virus, as well as ensure that your device isn’t tainted with any other malware, including spyware, rootkits, or worms that can usually run undetected.
Remember: Run the full custom scan until it’s completed. DO NOT cut the scan when you see the virus arrive on the infected file list. There’s no process of knowing how many other copies of it exist in your machine.
The full scan can use anywhere from 1–4 hours, so sit set because your antivirus requires you to analyze every single file and process on your computer.
When your antivirus has warned you that the scan is finished, every instance of malware on your machine will be identified and quarantined — including the COM Surrogate virus.
Kill the COM Surrogate Virus Infection and Remove Any Other Infected Files
When your antivirus has recognized and quarantined all of your negotiated files, it will give you the option to delete them. Advanced users can go through the separated files and make sure there are no false positives before tapping the Delete button. But most users will have to trust their antivirus application— if it’s been flagged as malware by an application like Norton, chances are you don’t need it on your device.
After you’ve liquidated all of the compromised files from your PC, it’s a good idea to restart your machine. After you restart your PC, run a second full disk scan to guarantee your antivirus has eliminated all traces of the COM Surrogate infection. This may not take as long during the following scan — many antiviruses, including Norton, remember which files they have previously scanned and can examine your disk much more rapidly after the first full disk scan.
As before, be sure to let your antivirus complete its second scan. Once the scan is ended and you’ve analyzed and deleted all of the endangered files in your quarantine, you can exhale a sigh of relief. Your PC is 100% malware-free!
Even though you’ve completed removing the COM Surrogate virus, there are still thousands of malware data out there that can affect your devices, compromise your online accounts, and circulated through your Wi-Fi network.
Keep Your PC from Getting Re-Infected
Since the COM Surrogate virus has affected you once previously, you’ve witnessed first-hand just how simple it is to get malware on your PC.
New malware is published every day, and there’s also the danger of online data harvesting, identity theft, and public Wi-Fi hackers.
Can I Disable It?
You can’t turn off the COM Surrogate process, as it’s an important part of Windows. It’s just a container process used to run COM objects that other methods want to run. For instance, Windows Explorer (or File Explorer) frequently creates a COM Surrogate process to produce thumbnails when you open a folder.
Other applications you use may also generate their own COM Surrogate processes. All the dllhost.exe processes on your system were started by another program to do something that the program wants to be done.
Is It a Virus?
The COM Surrogate process itself is not a virus and is a normal part of Windows. Though, it can be used by malware—for instance, the Trojan. Poweliks malware executes dllhost.exe processes to do its filthy work.
Suppose you see a large number of dllhost.exe processes running, and they’re using a noticeable amount of CPU. In that case, that could indicate a virus or other malicious application is abusing the COM Surrogate process.