You will learn how to fix COM Surrogate Windows 10 Virus and how to run an offline virus scan to detect tricky hidden viruses? This article will explain what COM Surrogate is in Windows 10 and whether you should be concerned about it. Have you ever noticed the COM Surrogate process in Windows 10’s task manager? I was running through the list of methods when I saw two active on my system.
Understanding the various processes in task managers can be difficult. I’ve already written a detailed post about svchost.exe, a process that hosts multiple Windows services. Your system may have 10 to 15 of these running at any given time.
What is COM Surrogate?
COM Surrogate is one of those processes that, by looking at it, you have no idea what it does. It lacks a custom icon and sits there with little information about what it does.
Multiple COM Surrogate processes may be running at the same time. When you open task manager, you should see two of them running.
If you right-click on either of them and select Go to Details, you’ll see that the process name is dllhost.exe. You’ll also notice that the process runs as your username, rather than the System, Local Service, or Network Service accounts.
Fortunately, COM Surrogate is not a virus (most of the time). It’s a legitimate Windows 10 background process. The process is known as dllhost because it hosts DLL files. That probably doesn’t make sense, so let me explain further.
Microsoft essentially created an interface for developers to create extensions to programs known as COM Objects. Some programs in Windows 10 also use this. Windows Explorer, for example, has a COM object that allows it to generate thumbnails for images and videos in a folder.
The main issue with these COM objects was that they would crash, bringing the Explorer process down with them. That meant that if a COM object failed for any reason, your entire system would crash.
Microsoft developed the COM Surrogate process to address this issue, which executed the COM object in a separate process from the one that requested it. So, in the Explorer example, the COM object would run in this newly created COM surrogate process rather than the explorer.exe process.
If the COM object crashed, it would only terminate the COM Surrogate process, leaving Explorer running. Isn’t that clever?
If you download Process Explorer, you will see the COM object I mentioned above.
Hovering your mouse over the dllhost.exe entry reveals that the COM class is Microsoft Thumbnail Cache, the extension used to create thumbnails in Explorer.
Can COM Surrogate Be a Virus?
In the past, trojans and viruses have hidden in the Windows operating system by masquerading as COM Surrogate and other Windows processes.
You can find the process’s source location by opening the task manager, right-clicking on the process, and selecting the Open file location.
If the COM Surrogate process results in the presence of a file called ‘dllhost‘ in the C:WindowsSystem32 folder, it is unlikely to be a virus.
You should run a virus scan right away if it leads somewhere else. COM surrogate typically uses very little memory and CPU, and only one or two instances are running. However, if there are multiple dllhosts.exe processes or consumes more than 1 to 2 percent of your CPU, I recommend running an offline virus scan to detect tricky hidden viruses.
This article should have taught you a thing or two about COM Surrogate and Windows 10 background processes. However, it would help if you were less concerned about seeing methods like this running in the background in the future.
If you have any further questions, please leave a comment, and we will do our best to answer them.