What is dllhost.exe – Is it a Virus in Windows 10

A quick peruse via Task Manager on any Windows system will reveal a process known as dllhost.exe. That is running in the background. If you guys have found that, you’d probably like to know what it and also its description of “COM Surrogate” are doing and if or not it’s a safe process to have running on your PC. This is a process that Microsoft creates and is package in each version of the Windows operating system. Let’s discuss What is dllhost.exe – Is it a Virus in Windows 10.

There is also a small chance that dllhost.exe could get infected by a virus. But, if your computer is up to date with all of the latest security patches from Windows Update. And also you have an anti-virus installed. Like Microsoft Security Essentials then it’s highly unlikely that you will have any problems along with infection.

What Is Dllhost.exe?

Of course, you’ve come here in order to ask, “Why do I get the dllhost.exe application error on Windows 10?” There is a bit of detective work that needs to answer this question (because there are many suspects in the case). However, first, let’s figure out what dllhost.exe is.



The dllhost.exe file is an essential component of the Windows operating system. It is also known as COM Surrogate, dllhost.exe runs in the background and processes pictures, videos. And all other files on your PC to create thumbnail images. You see them when navigating your files and folders. When COM Surrogate crashes, you see pop-ups that says, “COM Surrogate has stopped working”.

What is COM+?

In order to understand what dllhost.exe does, you have to understand what the COM+ Service is. COM+ is actually short for the Component Object Model. Whenever you are pulling up the process/service in Process Explorer it doesn’t really reveal much. Take a look description of the process:

It Manages the configuration and tracking of Component Object Model (COM)+-based components. If you stop the service, most COM+-based components will not then function properly. If you turn off this service, any services that explicitly rely on it will fail to start.

In order to really delve into what the process does we’ll have to take a look at the Microsoft Dev Center library. And it reveals that COM+ is important for the following:

  • Deploying enterprise-level applications for the whole network.
  • Giving pre-existing components for application development as COM+ is considered an object-oriented programming architecture actually.
  • Running an event registry that basically handles system requests, enhances security, triggering process handles,. And also creating service request queues for applications.

COM+ consists of building block components that are self-defining and play well along with others. The usefulness in this basically comes from the design of components shared and reused via multiple applications. Not only does this design lower the demand for system resources, however, it also improves initialization speed. The components object models are not written in any particular programming language. But there are separate classes for each one relying on the programming language intended. On the enterprise level, this gives the benefit of mass-deployment with a GUI tool Microsoft created called DCOM.

Dllhost.exe is a host for DLL files and binary executables.

A DLL (dynamic link library) is essentially a size-unspecific block of code we save in a single file. This code can be the makeup of an application, service, or just an add-on for a graphical user interface. Dllhost.exe, similar to svchost.exe, is a required Windows service for any COM+ oriented programming code. A sample of what dllhost.exe runs is using Process Monitor, which includes both .dll and .exe file types.



Dllhost.exe is typically safe as long as the computer is up to date on all security patches and installing a reliable antivirus. If you see it in the following places you are safe:

  • The official directory location for this process is C:\Windows\System32\dllhost.exe
  • Dllhst3g is also a valid Windows process saves in the same System32 folder.

If dllhost.exe shows anywhere else, it is likely a virus. Some worm viruses mimic the name of dllhost and save themselves in the System32 folder. Here are a few examples:

  • Worm/Loveelet-Y stores itself in /Windows/System32/ as dllhost.com
  • Worm/Loveelet-DR stores itself in /Windows/System32/ as dllhost.dll

High CPU usage

One possible security flaw in the design of the COM+ system is that it permits saving any DLL on the system to run. That assumes that the trigger initiating it need permissions. This means that whenever you see a high CPU usage for dllhost.exe. It is probably not the host process that causes the problem. But instead, a loaded DLL running via the host. You can also use a program like Process Explorer to investigate further.


You are good to go. If you have any queries and issues related to this article then let us know in the comments section below.

Also See: How Do You Pay Someone on Venmo

Leave a Reply

Your email address will not be published. Required fields are marked *