PDA

View Full Version : I think I got myself a worm, a wild one too!


Tyrion
03-08-2004, 01:15 PM
So anyway, yesterday I installed a new network card (my old one was acting up, I got horrible pings with it) and for the most part it works fine. However, last night I noticed that Zone Alarm blocked a "COM Surrogate" application, which ran with dllhost.exe. I checked on the Zone Alarm site, said that dllhost.exe was the Nachi worm, and the Symantec site had a removal tool.

I tried the tool, couldn't find it. I scanned with an updated Nortan Antivirus, still couldn't find anything. Even checked with Ad-aware, didn't help. Then I thought that Com Surrogate was just some random application I installed that happend to have dllhost.exe as it's launch file. However, every time I tried to end it in Ctrl-Alt-Del, it comes back again. :/

Anyone know what COM Surrogate is, and how to remove it?

access_flux
03-09-2004, 09:44 AM
send emails to NAV, and all the others, maybe its a new one, that they haven't but updated databases for.... :(

BCanr2d2
03-09-2004, 12:13 PM
I'd actually check what programs on your system require RPC (Remote Prodecure Call), since this is what DLLHOST.EXE is perhaps being run to use.
(DLLHOST.EXE is a part of the Windows OS)


Try a program like decombobulater to turn off this kind of stuff, since RPC isn't really needed for anything of note.

Tyrion
03-09-2004, 12:24 PM
Yeah, I figured that out since Symantec said that there was a legitimate dllhost.exe file. Since it isnt a particularily dangerous worm to begin with, and I have the security patch for it, I wont bother with it for now.

Thanks for the help, though.