Severity scale:  
  (75/100)

COM surrogate virus - difference between real and fake COM surrogate

removal by Julie Splinters - -   Also known as Dllhost.exe *32 COM surrogate virus | Type: Trojans

COM surrogate virus is a type of malware that replaces a legitimate Windows OS process

COM surrogate virus infection
COM surrogate virus is a computer infection that runs in the background by mimicking the vital Windows process and performs various malicious activities, including data stealing.

COM surrogate virus is a malicious version of the Component Object Model[1] – a legitimate file used by the Windows operating system that usually runs in the background and is related to the dllhost.exe. While the initial functionality of COM is to allow to create COM objects used by Microsoft, COM surrogate virus is there for far more malicious deeds.

Since 2015, hackers started camouflaging the COM surrogate process to disguise malicious Trojan horses[2], such as Trojan.Poweliks. According to the reputable security vendors, a more precise name for this malicious process is Dllhost.exe 32 COM surrogate virus.The infiltration of such treats might reveal sensitive information about users and even allow hackers to steal money directly from a bank account.

Masking malicious executables by using Windows legitimate names is not a new tactic, as hackers are merely trying to mislead users to make them think that COM surrogate virus is just another harmless process. In reality, any executable can be replaced, duplicated, or corrupted by malware.

To separate malicious executables like COM surrogate virus from legitimate processes, users should run a scan with security software and/or check the location of the file (it should be C:\Windows\System32).

Name of the virus COM surrogate virus
Type of malware Trojan
Danger level High. Trojans can steal personal information, such as credit card details or login information, open backdoor to other cyber infections, allow hackers to connect to the PC remotely, etc. 
Related files Dllhost.exe
Error message displayed “COM surrogate has stopped working”
Symptoms Multiple COM surrogate processes running in Task Manager, high com surrogate disk usage or CPU consumption, system slowdowns, program crashes, etc.
Removal options Manual Trojan removal is hardly possible. You should use anti-malware software instead
Recovery Use Reimage to recover from the infection damage

Many Windows users are looking for an answer to a question is com surrogate a virus or not. In fact, the answer is simple – the former COM surrogate is not malicious. Contrary, it's one of the crucial Windows OS files that should not be removed under any circumstances.

However, criminals can disguise Trojan under the fake copy of COM surrogate virus process. In fact, the ability to conceal itself under the name of legitimate Windows process is a key feature of COM surrogate Trojan. If you happen to find it in your Task manager, don't hesitate and remove it from the system.

COM surrogate Trojan horse causes high CPU usage
If the COM surrogate is displaying high CPU or RAM usage, it is highly likely that the process is malicious and should be removed.

COM surrogate virus peculiarities

Just like many other Trojan horses[3], COM surrogate virus can be used for a long list on malicious activities, such as stealing personal information and other data which is considered sensitive. Besides, this malware can be used to help other viruses infiltrate the system, allow remote code execution, and used for many other purposes.

You should immediately check your computer using reputable anti-spyware if you suspect that it is infected with COM surrogate virus. Typically, affected systems start working slower than previously, tend to crash, use excessive amount of RAM or CPU.

Besides, you might have problems when using Microsoft Office programs, Notepad or other applications. Finally, pay attention to suspicious programs showing up on your PC, and interrupting your browsing sessions. They can also be considered as one of signs showing that the system is infected with COM surrogate virus.

However, you should also note that these problems can be caused by many different computer viruses[4]. Though, if you can find strange and unknown processes running in the Task Manager, you should think about COM surrogate virus removal. Take our advice and scan your PC with reputable anti-malware software. Once you get rid of the virus, scan your device with Reimage to repair the damage done and bring your system back to normal.

Ways to distinguish between a real and fake COM surrogate

Please, do NOT mix this entry with with Dllhost.exe COM surrogate which is a critical system process used for hosting some of Windows operating system services and processes. Typically, this interface gives the ability for the developers to create COM objects that attach themselves to various programs and extend them. 

Thus, due to its specific and diverse purpose, users are not able to recognize it and often confuse between the original and COM surrogate virus versions. To spot a malicious Trojan horse that just impersonates a legitimate process dllhost com surrogate, you should pay attention to these tips:

  • Depending on the version of the Windows OS, the original file should be located in c:\windows\system32 or c:\winnt\system32 directories;
  • The virus is using a tremendous amount of your CPU power or memory while the necessary process' usage is significantly lower;
  • A large number of dllhost.exe *32 operating in the Task Manager is also an indication that your computer is infected with a COM surrogate virus.

The COM object is used to generate thumbnail images of files in the folder and many other at first sight intangible processes. Due to this functionality, users are sometimes presented with “COM Surrogate has stopped working” error which means that they need to double check display drivers, renew codecs, temporarily turn off anti-virus software, check disk for errors, etc.[5]

It seems like the problem usually occurs when browsing pictures or trying to view a video, although some reported cases also related to printing. Nevertheless, COM Surrogate is supposed to help you view thumbnails of the files and, if the service fails, users encounter “COM Surrogate has stopped working” error.

However, If you got infected with the malware that obfuscates this activity, you should not try to stop it on your own. You may end up removing essential files and cause severe damage to your computer.

For this reason, you have to employ an antivirus or anti-malware software, and let your preferred software to remove COM surrogate virus from the computer.

Trojan version spreads via rogue websites

Developers of the malicious process distribute it via malicious websites that might promote fake updates of regal applications. Thus, users are lured into unconsciously downloading the infected file instead by the delusional look of it. Moreover, you should avoid illegal downloads since crooks often use them to spread the trojan and other high-risk computer infections.

If that is not enough, Lesvirus.fr[6] analysts noticed that some victims got infected via spam e-mail messages sent under the name of DHL or FedEx shipping company. The subject line stated that it failed to deliver a package and submitted an attachment with further details. Once the user opened an attachment, the Trojan infiltrated on the computer and started its malicious activity.

Thus, if you want to stay safe, you should start avoiding illegal websites, ignore suspicious emails[7], never download their possibly infected attachments and also close all misleading ads[8] that may show up on your way while browsing the web.

If an advertisement is offering you to update your Flash Player, FLV Player or similar program, you should close it. If you have any doubts that you need to update these programs, you should visit their official websites. As we have already said, you should never leave this particular virus on your computer. If you have even the smallest doubts about it, please use our tips below and fix your computer.

COM surrogate has stopped working example
If COM surrogate stops working, the associated program will crash.

Terminate COM surrogate virus by using anti-malware software

You should employ a reliable security software to remove COM surrogate virus if you want to protect your confidential data like bank logins, credit card details, passwords and similar information. 

Remember that if you get rid of the original Windows file, you might completely damage your operating system, thus do not try to eliminate it by yourself. That's why manual COM surrogate removal is not advisable. 

To avoid making unnecessary mistakes, download a robust anti-malware and run a full system scan with it to remove COM surrogate virus from the system. In case the Trojan blocks anti-virus scanner, follow these steps to fix that:

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove COM surrogate virus, follow these steps:

Remove COM surrogate using Safe Mode with Networking

One of the options to bypass virus helper objects is to restart Windows into Safe Mode with Networking. If that did not help, try an alternative method described below.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove COM surrogate

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete COM surrogate removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove COM surrogate using System Restore

System Restore can also be used to get rid of COM surrogate virus:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of COM surrogate. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that COM surrogate removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from COM surrogate and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References

Removal guides in other languages


  1. demos_malikai@hotmail.com says:
    September 1st, 2015 at 2:30 am

    Com surrogate trojan and Have tried several antivirus and anti-malware programs with no luck including MalwareBytes it keeps finding its way back to working and It Causes My Gaming Ping to max out when it gets going heavy, any Suggestions anyone

Your opinion regarding COM surrogate virus