Note: LucasForums Archive Project
The content here was reconstructed by scraping the Wayback Machine in an effort to restore some of what was lost when LF went down. The LucasForums Archive Project claims no ownership over the content or assets that were archived on archive.org.

This project is meant for research purposes only.

I think I got myself a worm, a wild one too!

Page: 1 of 1
 Tyrion
03-08-2004, 12:15 PM
#1
So anyway, yesterday I installed a new network card (my old one was acting up, I got horrible pings with it) and for the most part it works fine. However, last night I noticed that Zone Alarm blocked a "COM Surrogate" application, which ran with dllhost.exe. I checked on the Zone Alarm site, said that dllhost.exe was the Nachi worm, and the Symantec site had a removal tool.

I tried the tool, couldn't find it. I scanned with an updated Nortan Antivirus, still couldn't find anything. Even checked with Ad-aware, didn't help. Then I thought that Com Surrogate was just some random application I installed that happend to have dllhost.exe as it's launch file. However, every time I tried to end it in Ctrl-Alt-Del, it comes back again. :/

Anyone know what COM Surrogate is, and how to remove it?
 access_flux
03-09-2004, 8:44 AM
#2
send emails to NAV, and all the others, maybe its a new one, that they haven't but updated databases for.... :(
 BCanr2d2
03-09-2004, 11:13 AM
#3
I'd actually check what programs on your system require RPC (Remote Prodecure Call), since this is what DLLHOST.EXE is perhaps being run to use.
(DLLHOST.EXE is a part of the Windows OS)


Try a program like decombobulater to turn off this kind of stuff, since RPC isn't really needed for anything of note.
 Tyrion
03-09-2004, 11:24 AM
#4
Yeah, I figured that out since Symantec said that there was a legitimate dllhost.exe file. Since it isnt a particularily dangerous worm to begin with, and I have the security patch for it, I wont bother with it for now.

Thanks for the help, though.
Page: 1 of 1