RE: strange dllhost and email

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 2 Sep 2003 13:42:06 +0930

Hi Hery,
I am almost certain you have w32.blaster.d
check in c:\windows\system32\wins\ as suggested by chris, although you
can't be sure of which varient of blaster it is so can't be sure where
it puts it - could try searching whole c: for dllhost.exe. Also check
the usual run/runonce key in the registry
(/HKLM/software/microsoft/current version/run).
This variant was released only a couple (maybe 3) days ago, update your
virus defs again or try trend housecall to be sure there is no virus

        -----Original Message-----
        From: Hery [mailto:hery@xxxxxxxxxxxxxx] 
        Sent: Tuesday, 2 September 2003 11:30 AM
        To: [ExchangeList]
        Subject: [exchangelist] RE: strange dllhost and email
        hi Chris,
        the file is located at \winnt\system32.  and the size is 5.76
KB.  i've scan for the virus, but found nothing.  so if this dllhost.exe
is really windows program, i think it safe to run.  nothing to worried.
i also have patch the rpc dcom.
        many thank's for your help.

                ----- Original Message ----- 
                From: Chris Adams <mailto:Chris.Adams@xxxxxxxxxxxxxxxx>

                To: [ExchangeList] <mailto:exchangelist@xxxxxxxxxxxxx>  
                Sent: Monday, September 01, 2003 21:20 PM
                Subject: [exchangelist] RE: strange dllhost and email

                The "normal" DLLHOST.EXE application usually sits in
<SYSTEM DRIVE>:\WINNT\System32 and is roughly 6k.
                The "Infected" DLLHOST.EXE from Nachi et al. is in
<SYSTEM DRIVE>:\WINNT\System32\Wins\ and is about 10k.
                DLLHOST.EXE is used to run COM+ components.
                You may want to check the location and size of your
DLLHOST.EXE file to see if you're infected or not.

        List Archives:
        Exchange Newsletters:
        Exchange FAQ:
        Other Internet Software Marketing Sites:
        Leading Network Software Directory:
        No.1 ISA Server Resource Site:
        Windows Security Resource Site:
        Network Security Library:
        Windows 2000/NT Fax Solutions:
        You are currently subscribed to this Discussion
List as: jabyrnes@xxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to

Other related posts: