Results 1 to 2 of 2

Thread: COM Surrogate (dllhost.exe) trying to do weird things to ZA

  1. #1
    riceorony Guest

    Default COM Surrogate (dllhost.exe) trying to do weird things to ZA

    Guru's help!

    COM Surrogate (dllhost.exe) was trying to communicate with (FileWrite) all of the files in the ZA folder in the Programs Folder (I think that's what ZLDir stands for?)

    What could attribute this occurrence? This is the first time I'm seeing this under the OSFirewall tab of my logs. Is it possibly attributed to me performing an online scan using Panda's activescan 2.0?

    All of the occurences were blocked by OSFirewall, but then mysteriously ZA-ISS 7.1 closed and my computer became unusable so I had to do a hard-shut down and restart.

    Thanks

    Operating System:
    Windows Vista Ultimate
    Software Version:
    7.1 (Vista)
    Product Name:
    ZoneAlarm Internet Security Suite

    Message Edited by riceorony on 09-21-2008 01:13 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: COM Surrogate (dllhost.exe) trying to do weird things to ZA

    HI old buddy!
    Almost missed your post.

    It is part of the ZA self protection alerting you.
    Really harmless by itself.
    If you happen to see something like 21OOPX43QR.exe doing these attempts or perhaps svchost.exe (coming from the %WINDOWS% and not the %WINDOWS%system32) or perhaps explorer.exe (coming from the %WINDOWS%system32 and not the %WINDOWS% ), then there is a malware attacking the ZA.
    Otherwise, it is ignoreable.

    Doing an online scan (which uses activeX and the COM server components) would need to use the dllhost.exe, as it is com and activeX related.
    The ZA saw the dllhost.exe as a parent process in the online scanner attempts to open the ZA files.

    You could open the Options (in the right click of the dllhost.exe in the ZA program listing) and check the first two items and apply/ok to reduce the "noise" of the alerts.


    Open the OSFWRULES.XML with the notepad.exe and take a look at the self protection for the ZA and the protection the ZA is providing for Windows against malware.
    All kinds of registry, file, internet explorer protection is shown and described.
    This is all part of the OSFirewall protection of the ZA.
    {if you understand the .xml and windows and the ZA you could selectively edit and do a custom congifuration of the osfwrules.xml}


    Best regards.
    Hope you are doing okay!
    Oldsod.

    Message Edited by Oldsod on 09-24-2008 06:03 AM

    Message Edited by Oldsod on 09-24-2008 08:04 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •