What is Dllhost.exe

MS Software Shadow Copy Provider - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Dllhost.exe with description MS Software Shadow Copy Provider is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is dllhost.exe?
Dllhost.exe is the Windows DCOM DLL Host Process. It executes COM+ DLLs and controls processes in the Internet Information Services (IIS). As such, is utilized by many different applications, including Visual Basic and .NET applications.

This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved dllhost.exe, as it will only terminate the particular COM+ DLL that is being run. Removing the executable altogether, however, will render your system unable to execute COM+ DLLs and thus render significant parts of the system unusable.

Dangers of dllhost
As this is a critical system process that runs on every Windows machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine dllhost.exe.

Some malicious files will have the same name as this process but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but has slight differences in spelling or with appended or removed digits. The following malware is known to disguise itself as dllhost.exe:
  • W32/Lovelet-Y (%SystemRoot%\dllhost.com, %SystemRoot%\System32\dllhost.com)
    • This is a worm that copies itself to several different locations on your hard drive (22 to be exact), making it very difficult to eliminate.
  • W32/Nachi-A (%SystemRoot%\Wins)
    • This is a worm that spreads via the RPC DCOM vulnerability in Windows XP.
  • W32/Rungbu-B (%SystemRoot%\setup\dllhost.com, %SystemRoot%\System32\dllhost.com)
    • This is a worm that infects .DOC files and spreads to all email addresses in your address book.
  • Troj/Sivion-A (%SystemRoot%\System32\System\dllhost.exe)
  • W32/Lovelet-DR (%SystemRoot%\System32\dllhost.dll)
There can be any number of instances of this process running at a given time. The presence of multiple instances is a not an indicator of a malware infection. Beware, though: dllhost allows any COM+ DLL to be executed, which means a malicious DLL could be running as the genuine dllhost.exe. If this process is exhibiting suspicious behavior, be sure to look deeper.

Common problems
  • Dllhost uses excessive memory with IIS
    • This is a bug in IIS. Restarting IIS should free up the memory.
  • Dllhost.exe uses 100% CPU time
    • Because dllhost.exe allows any COM+ DLL to be executed, and as such the executing DLL will appear as dllhost.exe, any misbehaved COM+ DLL could cause dllhost.exe to use 100% CPU time. Kill the offending dllhost.exe instance to try to determine the cause.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
010 Installed services
034 Winlogon Shell
035 Active Setup Installed Components
038 Winlogon Taskman
065 Image File Execution Options (debugger)
167 HKLM Policies\Explorer\Run

Digital signatures found for this file

    Certificate 
64 Microsoft Windows Component Publisher - Microsoft Timestamping Service
38 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
18 Microsoft Windows - Microsoft Time-Stamp Service
17 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
5 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
4 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
3 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
3 Microsoft Windows - VeriSign Time Stamping Services Signer
1 Sage Software, Inc. - VeriSign Time Stamping Services Signer - G2
1 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
1 Microsoft Windows Publisher - VeriSign Time Stamping Service
1 Microsoft Windows - Microsoft Timestamping Service

MD5 security rating in our database

938 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
7 files (Safe and not signed)
172 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to dllhost.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of dllhost.exe: by 1119 files and users.

Application errors

Fix dllhost.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.


Please add your comments if you have more information about this file or if you know how to solve dllhost.exe application errors.


File safety :

File security rating :

Are you human? How much is 0+29:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

dllhost32.exe dllhostc.exe dllhosts.exe
dllhst3g.exe DLLINFO.DLL DLLMHOST.DLL
dllml.exe dllnbxjv.dll dllpreld.exe
DLLReg.dll dllregshex.dll dllrun.dll

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.