Hello , im new in here and i have one question.
Im using Comodo Firewall and the file dllhost.exe is trying to connect on port 80.
I block the connection but i don’t set to remember , because dllhost is a Windows system file.
My operative system is Windows 7 x64 and the file dllhost.exe is located in 4 places :
The winxsx (or side by side) folders hold copies of previous versions of applications or system files. For an extensive description of the function of the side by side folders read the following article: http://www.winvistaclub.com/f16.html .
As you see file sizes are different ,
Different sizes is what we expect in the light of the above.
i've been reading about a virus the copy dllhost.exe and do other things.
Can someone help me to get rid off it ?.
Thanks in advance.
It has not been established you are infected. We need to take a closer look at this.
What are your CIS settings? What configuration are you using? Look under More → Manage My Configuration and see what configuration is active. Is your Firewall set to Safe Mode or Custom Policy?
To know for sure that dllhost.exe is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.
Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.
When this is done navigate to the system32 or SysWOW64 folder folder, look up and select dllhost.exe click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.