Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus in DLLHOST....!!

Status
Not open for further replies.
GoatyGoat

GoatyGoat

Technical User
Sep 28, 2003
91
GB
AVG Anti-Virus 6 says that I have a worm in the file DLLHOST which is in C:\Windows\System32 (Windows XP Pro - SP1a).

It can't "heal" the file...and I know it can't be deleted since its an important file..........

So what do I do? Does Windows XP Pro have a System File Checker like 98? Will that solve it?

Is this file available for download anywhere so I can overwrite it?

Any help appreciated.
 
Sort by date Sort by votes
Does Windows XP Pro have a System File Checker ?
Yes it does.

Sometimes the SFC won't run properly when doing
Start > Run sfc /scannow

If not try this

Start > Run cmd
then type inside the command window
sfc /scannow


//Regards Soaplover
 
Upvote 0 Downvote
It is likely that you have the W32/Nachi Worm virus on your machine. This is a varient of the MSBlaster virus, this worm actually attempts to patch your computer to stop you getting the actual Blaster Virus. If the dllhost.exe file is in the c:\windows\system32\wins folder then you can just delete it. If you want more details check out:


-or-


Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
A second opinion may be in order, just in case it is a false alarm.

Try these.
Free online scanners
faq760-3862

The file DllHost.exe version 5.1.2600.0, size 4608 bytes, may be replaced by using the Expand in Msconfig. Or you can borrow one from another XP.

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

XP uses System File Checker and Windows File Protection (refer to Help and Support).

If this file is infected and you replace it, remember to stop it (the old one) ending up in the System Restore folder.
 
Upvote 0 Downvote
I fought this problem all last week on 28 machines throughout 2 schools. Greg Palmer is right on. Be sure to have all critical Windows updates, especially Service Pack 4, then run the data files on the McAffee site, then the newest Stinger from that same site. I found that I even had to run Stinger twice, everythings been fine since.
 
Upvote 0 Downvote
Welchia worm will do that too..
It's also a variant of the blaster.

Symantec has a file "fixwelch.exe" that you can download and run and it'll clear things up for ya.

Good luck.
-IQ
 
Upvote 0 Downvote
I delted the file manually, then AVG detected the registry key and got rid of it.
Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Virus
Replies
15
Views
902
dik
dik
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
522
bobadams52
bobadams52
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
721
pjw001
pjw001
dpellegrini
  • Locked
  • Question
Clear All Credentials in Credential Manager
Replies
0
Views
405
dpellegrini
dpellegrini
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
1K
guitarzan
guitarzan

Part and Inventory Search

Sponsor

Back
Top