Introduction to the dllhost.exe system process

Source: Internet
Author: User
[Dllhost.exe]

Process file: DLLHOST or dllhost.exe

Process name: dcom dll host process

Description: The dcom dll host process supports DLL running Windows programs based on COM objects.

Introduction: COM proxy. The more DLL components attached to the system, the more CPU resources and memory resources the DLLHOST occupies, in August, the "Shock Wave killer" probably made everyone familiar with it.

Resolving the dllhost.exe error of the webserver

An error occurred on my web server. An error occurs when cmddllhost.exe is displayed ". Many errors such as Active Server Pages event 5 are found when I view Application Event Logs. They are displayed as "line 0 memory overflow" in the error message ". This error occurs once every several days, but now it occurs every few hours. It can only be retained for a while after restart. What do you think of this?

I have not encountered this problem yet, but I have seen this error in Microsoft's reference information during the use of Exchange Outlook Web Access. (Http://support.microsoft.com /? Kbid = 224327)

We recommend that you install the latest version of exchange. If you are using exchange, try again. If no, I will give you some suggestions, which are the same as those of those who have ASP 3.0 problems:

Make sure you have all the latest upgrades and service packages.

Process isolation is allowed in each web application.

Upgrade the application to ASP. NET.

Upgrade the Web server to Windows Server 2003.

Is dllhost.exe a virus?

Explanation of dllhost.exe

What is dllhost.exe?

Dllhost.exe is a component used to run COM +, that is, the com proxy. This is required for running web and FTP servers in windows.

What is the current dllhost.exe?

The COM + component program appears. For example, Jiangmin kv2004

Why is the shock wave killer?

The attacker uses dllhost.exe as the process name, but because Windows does not allow the existence of files with the same name in the same directory, the shock wave killer places the virus: dllhost.exe to C: /Windows/system32/WINS directory (Windows 2000 is C:/winnt/system32/wins, and the full-part hypothetical system is installed on the C drive, but the real dllhost.exe should be placed in C:/Windows/system32 (Windows 2000 is C:/winnt/system32)

In other words, in order to confuse users and prevent virus execution from being terminated by the Process Manager, shock wave (worm. Welchia) uses DLLHOST. E protocol to infect worm. welchi.

Let's take a look at the FAQ here.

The first error code is ----the result shows that dllhost.exe is a virus.
Dllhost.exeis the system file, but the result shows that the dllhost.exe process is not equal to a virus.

The second error code ---- dllhost.exe is killed.
In fact, this is not good. Many programs use dllhost.exe. For example, when kv2004 is running in real time or IIS is parsing some asp files, dllhost.exe is displayed in the process.

The fear of the dllhost.exe process is probably due to the shock wave (killer) problem.
In fact, the shock wave (killer) only adopted a method to steal the bar. Because the path of the EXE file in the process cannot be seen in the task manager, some deviations may occur when you analyze the problem.

The impact wave of infection (the killer component is not dllhost.exe in the process, but the svchost.exeand dllhost.exe files (Shock Wave killer) in the RPC service and system32/W insdirectory ). Note the path !!

What is dllhost.exe? Dllhost.exe is the main process of COM +. Normally, it should be in the System32 directory and in the system32/dllcache directory. The dllhost.exe file does not exist in the system32/win sdirectory.
**************************************** **************
[Dllhost.exe]

Process file: DLLHOST or dllhost.exe

Process name: dcom dll host process

Description

Description: The dcom dll host process supports DLL running Windows programs based on COM objects.

Introduction

Shao: COM proxy. The more DLL components attached to the system, the more CPU resources and memory resources the DLLHOST occupies, in August, the "Shock Wave killer" probably made everyone familiar with it.

  Resolving the dllhost.exe error of the webserver

An error occurred on my web server. An error occurs when cmddllhost.exe is displayed ". Many errors such as Active Server Pages event 5 are found when I view Application Event Logs. They are displayed as "line 0 memory overflow" in the error message ". This error occurs once every several days, but now it occurs every few hours. It can only be retained for a while after restart. What do you think of this?

I have not encountered this problem yet, but I have seen this error in Microsoft's reference information during the use of Exchange Outlook Web Access. (Http://support.microsoft.com /? Kbid = 224327)

We recommend that you install the latest version of exchange. If you are using exchange, try again. If no, I will give you some suggestions, which are the same as those of those who have ASP 3.0 problems:

Make sure you have all the latest upgrades and service packages.

Process isolation is allowed in each web application.

Upgrade the application to ASP. NET.

Upgrade the Web server to Windows Server 2003.

  Is dllhost.exe a virus?

Explanation of dllhost.exe

What is dllhost.exe?

Dllhost.exe is a component used to run COM +, that is, the com proxy. This is required for running web and FTP servers in windows.

What is the current dllhost.exe?

The COM + component program appears. For example, Jiangmin kv2004

Why is the shock wave killer?

The impact wave killer uses dllhost.exe as the process name, but because Windows does not allow the existence of files with the same name in the same directory, the shock wave killer places the virus: dllhost.exe to C: /Windows/system32/WINS directory (Windows 2000 is C:/winnt/system32/wins, and the full-part hypothetical system is installed on the C drive, but the real dllhost.exe should be placed in C:/Windows/system32 (Windows 2000 is C:/winnt/system32)

In other words, in order to confuse users and prevent virus execution from being terminated by the Process Manager, shock wave (worm. Welchia) uses DLLHOST. E protocol to infect worm. welchi.

Let's take a look at the FAQ here.

The first error code is that dllhost.exe is equivalent to a virus.

Dllhost.exeis the system file, but the result shows that the dllhost.exe process is not equal to a virus.

The second mistake is that the zookeeper successfully killed the dllhost.exe process.

In fact, this is not good. Many programs use dllhost.exe. For example, when kv2004 is running in real time or IIS is parsing some asp files, dllhost.exe is displayed in the process.

The fear of the dllhost.exe process is probably due to the shock wave (killer) problem.

In fact, the shock wave (killer) only adopted a method to steal the bar. Because the path of the EXE file in the process cannot be seen in the task manager, some deviations may occur when you analyze the problem.

The impact wave of infection (the killer component is not dllhost.exe in the process, but the svchost.exeand dllhost.exe files (Shock Wave killer) in the RPC service and system32/W insdirectory ). Note the path !!

What is dllhost.exe? Dllhost.exe is the main process of COM +. Normally, it should be in the System32 directory and in the system32/dllcache directory. The system32/win sdirectory does not contain the dllhost.exe file.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.