Severity scale:  

COM surrogate virus. How to remove? (Uninstall guide)

removal by Julie Splinters - -   Also known as Dllhost.exe *32 COM surrogate virus | Type: Trojans

COM surrogate is a malicious process closely related to Trojan

COM surrogate process in action

COM surrogate is a process, which can be found in Task Manager. Typically, it has a file name dllhost.exe com surrogate, which is one of the Windows OS core files. It stands for the Component Object Model, which is an interface allowing to create COM objects used by Microsoft for more than 20 years. However, since 2015, hackers started camouflaging the COM surrogate process to disguise malicious Trojan horses[1], such as Trojan.Poweliks. According to the reputable security vendors, a more precise name for this malicious process is Dllhost.exe 32 COM surrogate virus. 

Name of the virus COM surrogate
Type of malware Trojan
Danger level High. Trojans can steal personal information, such as credit card details or login information, open backdoor to other cyber infections, allow hackers to connect to the PC remotely, etc. 
Related files Dllhost.exe
Error message displayed “COM surrogate has stopped working”
Symptoms Multiple COM surrogate processes running in Task Manager, high com surrogate disk usage or CPU consumption, system's slowdowns
Removal options Manual Trojan removal is hardly possible. You should use Reimage or another professional anti-malware tool

Many Windows users are looking for an answer to a question is com surrogate a virus or not. In fact, the answer is simple – the first COM surrogate is not malicious. Contrary, it's one of the crucial Windows OS files that cannot be removed under any circumstances. However, criminals can disguise Trojan under the fake copy of this process. In fact, the ability to concealing itself under the name of legitimate Windows process is a key feature of COM surrogate Trojan. If you happen to find it in your Task manager, don't hesitate and remove it from the system.

Just like many other Trojan horses[2], COM surrogate can be used for a long list on malicious activities, such as stealing personal information and other data which is considered sensitive. Besides, this virus can be used to help other viruses infiltrate the system, give the remote control to the cybercriminals and initiate other computer-related problems.

You should immediately check your computer with reputable anti-spyware if you suspect that it is infected with COM surrogate virus. Typically, affected systems start working slower than previously, tend to crash. Besides, you might have problems when using Microsoft Office programs, Notepad or other applications. Finally, pay attention to suspicious programs showing up on your PC, and interrupting your browsing sessions. They can also be considered as one of signs showing that the system is infected. 

COM surrogate Trojan horse causes high COU

However, you should also note that these problems can be caused by many different computer viruses[3]. Though, if you can find strange and unknown processes running in the Task Manager, you should think about COM surrogate virus removal. Take our advice and scan your PC with Reimage or another reputable anti-malware software.

Please, do NOT mix this entry with with Dllhost.exe COM surrogate which is a critical system process used for hosting some of Windows operating system services and processes. Typically, this interface gives the ability for the developers to create COM objects that attach themselves to various programs and extend them. 

To make it more clear, COM object is used to generate thumbnail images of files in the folder and many other at first sight intangible processes. Due to this functionality, sometimes users are presented with “COM Surrogate has stopped running” error which means that they need to double check codecs, display driver or even the web browser.[4]

Thus, due to its specific and diverse purpose, users are not able to recognize it and often confuse between the original and virus versions. To spot a malicious Trojan horse that just impersonates a legitimate process dllhost com surrogate, you should pay attention to these tips:

  • Depending on the version of the Windows OS, the original file should be located in c:\windows\system32 or c:\winnt\system32 directories;
  • The virus is using a tremendous amount of your CPU power while the necessary process' usage is significantly lower;
  • A large number of dllhost.exe *32 operating in the Task Manager is also an indication that your computer is infected with a COM surrogate virus.

However, If you got infected with the malware that obfuscates this activity, you should not try to stop it on your own. You may end up with removing essential files and cause severe damage to your computer.

For this reason, you have to employ an antivirus or anti-malware software, and let your preferred software to remove COM surrogate virus from the computer.

Trojan version spreads via rogue websites

Developers of the malicious process distribute it via malicious websites that might promote fake updates of regal applications. Thus, users are lured into unconsciously downloading the infected file instead by the delusional look of it. Moreover, you should avoid illegal downloads since crooks often use them to spread the trojan and other high-risk computer infections.

COM surrogate virus

If that is not enough,[5] analysts noticed that some victims got infected via spam e-mail messages sent under the name of DHL or FedEx shipping company. The subject line stated that it failed to deliver a package and submitted an attachment with further details. Once the user opened an attachment, the Trojan infiltrated on the computer and started its malicious activity.

Thus, if you want to stay safe, you should start avoiding illegal websites, ignore suspicious emails[6], never download their possibly infected attachments and also close all misleading ads[7] that may show up on your way while browsing the web.

If an advertisement is offering you to update your Flash Player, FLV Player or similar program, you should close it. If you have any doubts that you need to update these programs, you should visit their official websites. As we have already said, you should never leave this particular virus on your computer. If you have even the smallest doubts about it, please use our tips below and fix your computer.

The right method to remove COM surrogate virus

You should employ a reliable security software to remove COM surrogate virus if you want to protect your confidential data like bank logins, credit card details, passwords and similar information. Our top pick options are Reimage, Malwarebytes or Plumbytes Anti-MalwareNorton Internet Security

Remember that if you get rid of the original Windows file, you might completely damage your operating system, thus do not try to eliminate it by yourself. That's why manual COM surrogate removal is not advisable. 

To avoid making unnecessary mistakes, download a robust anti-malware and run a full system scan with it to remove COM surrogate virus from the system. In case the Trojan blocks anti-virus scanner, follow these steps to fix that:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Alternate Software

To remove COM surrogate virus, follow these steps:

Remove COM surrogate using Safe Mode with Networking

One of the options to bypass virus helper objects is to restart Windows into Safe Mode with Networking. If that did not help, try an alternative method described below.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove COM surrogate

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete COM surrogate removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove COM surrogate using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of COM surrogate. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that COM surrogate removal is performed successfully.

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions


Removal guides in other languages