What is Com Surrogate Doing in my PC – Is it a Virus?

If you guys are worried about COM Surrogate, then chances are you’ve come across it in your task manager and are concerned it might be a virus. Before you go and format your machine or replace any hardware, you should know it’s almost certainly not. And in either case, you don’t want to remove it. The COM surrogate process is needed to load DLL files and is actually really important for your PC. In this article, we are going to talk about What is Com Surrogate Doing in my PC – Is it a Virus? Let’s begin!

What Actually is COM Surrogate (dllhost.exe)?

Well, COM stands for Component Object Model. This is actually an interface Microsoft introduced back in 1993. That allows developers to create “COM objects” using a number of different programming languages. Essentially, these COM objects plug into other applications and extend them as well.

Such as, the Windows file manager uses COM objects to create thumbnail images of images and many other files when it opens a folder. The COM object handles processing images, videos, and all other files in order to generate the thumbnails. This allows File Explorer to be extended along with support for new video codecs, for example.

But, this can lead to problems. If a COM object crashes, then it will take down its host process. At one point, it was really common for these thumbnail-generating COM objects to crash. And take down the whole Windows Explorer process with them.

Further

com surrogate

So, if you want to fix this sort of problem, then Microsoft created the COM Surrogate process. The COM actually process runs a COM object outside the original process that requested it. If the COM object crashes, then it will only take down the COM Surrogate process and also the original host process won’t crash. Such as, Windows Explorer (now known as File Explorer) starts a COM Surrogate process whenever it wants to generate thumbnail images. The COM process hosts the COM object which actually does the work. If the COM object crashes, then only the COM Surrogate crashes and the original File Explorer process will keep on trucking as well.

“In other words”, as official Microsoft blog The Old New Thing puts it, then “the COM Surrogate is the I don’t feel good about this code, so I’m going to ask COM to host it in another process as well. That way, if it crashes, then it’s the COM sacrificial process that crashes rather than me process.”

What COM Object a COM Surrogate Is Hosting?

The normal Windows Task Manager does not actually give you any more information. About which COM object or DLL file a COM Surrogate process is actually hosting as well. If you want to see this information, then we recommend you Microsoft’s Process Explorer tool. Download it and you can just mouse-over a dllhost.exe process in Process Explorer to see which COM Object or DLL file it is hosting as well.

Is COM Surrogate a Virus?

There have been many instances in the past where trojans and viruses have hidden in the Windows operating system through masking themselves as COM Surrogate and all other Windows processes.

If you open task manager, right-click on the process and then select Open file location. You will be able to find the source location for this process actually.

If the COM Surrogate process leads to a file that is called ‘dllhost’ in the C:\Windows\System32 folder. Then it’s unlikely to be a virus actually. If it leads elsewhere, then you should run a virus scan immediately.

Mostly, COM surrogate uses very little memory and CPU and there are only one or two instances of it running actually. If there are many dllhosts.exe processes or the process is eating up more than 1 to 2 percent of your CPU. I would suggest performing an offline virus scan, which can better detect tricky hidden viruses as well.

Conclusion

Alright, That was all Folks! I hope you guys like this article and also find it helpful to you. Give us your feedback on it. Also if you guys have further queries and issues related to this article. Then let us know in the comments section below. We will get back to you shortly.

Have a Great Day!

Also See: Why is ctfmon.exe Running on Your Computer

Leave a Reply