There is a small chance that dllhost.exe could get infected by a virus. However, if your computer is up to date with all of the latest security patches from Windows Update and you have an anti-virus installed such as Microsoft Security Essentials then it’s highly unlikely that you’ll have any problems with infection.
What is COM+?
To understand what dllhost.exe does, you need to understand what the COM+ Service is. COM+ is short for Component Object Model. When pulling up the process/service in Process Explorer it doesn’t reveal much. The description for the process reads: To really delve into what the process does we’ll have to take a look at the Microsoft Dev Center library. And it reveals that COM+ is primarily useful for the following:
Deploying enterprise-level applications for an entire network.Providing pre-existing components for application development because COM+ is considered an object-oriented programming architecture.Running an event registry that handles system requests, enhances security, triggering process handles, and creating service request queues for applications.
COM+ consists of building block components that are self-defining and play well with others. The usefulness in this comes from the design of components being shared and reused by multiple applications. Not only does this design lower the demand for system resources, but it also improves initialization speed. The components object models are not written in any specific programming language, however, there are separate classes for each one depending on the programming language intended. On the enterprise level, this provides the advantage of mass deployment with a GUI tool Microsoft created called DCOM.
Dllhost.exe is a host for DLL files and binary executables.
A DLL (dynamic link library) is essentially a size-unspecific block of code stored in a single file. This code can be the makeup of an application, service, or just an add-on for a graphical user interface. Dllhost.exe, similar to svchost.exe, is a required Windows service for any COM+ oriented programming code. A sample of what dllhost.exe runs is shown below using Process Monitor, which includes both .dll and .exe file types.
Risks
Dllhost.exe is typically safe as long as the computer is up to date on all security patches and a reliable antivirus is installed. If you see it in the following places you are safe:
The official directory location for this process is C:\Windows\System32\dllhost.exeDllhst3g is also a valid Windows process stored in the same System32 folder.
If dllhost.exe appears anywhere else, it is likely a virus. Some worm viruses mimic the name of dllhost and store themselves in the System32 folder. Here are a few examples:
Worm/Loveelet-Y stores itself in /Windows/System32/ as dllhost.comWorm/Loveelet-DR stores itself in /Windows/System32/ as dllhost.dll
High CPU usage
One possible security flaw in the design of the COM+ system is that it allows any DLL stored on the system to run, assuming that the trigger initiating it the required permissions. This means that when you see a high CPU usage for dllhost.exe it is probably not the host process causing the problem, but rather a loaded DLL running through the host. You can use a program such as Process Explorer to investigate further.
Summary
Dllhost.exe is a safe Windows process created by Microsoft. It is used for launching other applications and services. It should be left running as it is critical to several system resources. References:
COM+ (Component Services)What is COM?
Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.
