Windows Update – Dllhost.exe – Program Information

   June 30, 2024  Posted in Bleeping Computer


  • DLLHOST.EXE Information

    This is an undesirable program.

    This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

    If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.

  • Name

    Windows Update

  • Filename

    Dllhost.exe

  • Command

    C:UsersAppDataLocalTempDllhost.exe

  • Description

    Added by the NJRat remote access trojan. This malware provides remote access to infected devices and allows threat actor’s to steal data, files, take screenshots, and execute further programs.

    If Dllhost.exe is found running from the Temp folder, it should be removed immediately and an antivirus scan run on the computer.

  • File Location

    %Temp%

  • Startup Type

    This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.

  • HijackThis Category

  • Note

    %Temp% refers to the Windows Temp folder. By default, this is C:WindowsTemp for Windows 95/98/ME, C:DOCUMENTS AND SETTINGSProfileNameLOCAL SETTINGSTemp for Windows 2000/XP, and C:UsersProfileNameAppDataLocalTemp for Windows Vista and Windows 7.

  • This entry has been requested 14 times.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable
with making the suggested changes. BleepingComputer.com will not be held responsible if
changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or
the Close Program window (CTRL+ALT+DEL) but a list of startup applications,
although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs
that are currently running – not necessarily at startup.
Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an “X” recommendation,
please check whether it’s in MSCONFIG or the registry first.
An example would be “svchost.exe” – which doesn’t appear in either under normal conditions but does via CTRL+ALT+DEL.
If in doubt, don’t do anything.



Source link