Multiple COM Surrogate processes and more

Hello,

Could you please help me?

I have multiple COM Surrogate processes. Should I worry?

I always have Avast Premium on that blocks me suspicious activities on the web (and it should do it on PC too) and I regularly scan the PC weekly with both Avast and Malwarebytes. I usually scan every file that I download. From the task manager, all the COM Surrogate (four) are leading to the same file “dllhost” in “sytem32” folder. If I click on “Details” Three of them are under my username and one is under the username “SYSTEM”.

I did another scan with Malwarebytes (with rootkit too this time) and it found C:\Windows\files\bin\KMSS.exe (I guess it’s very old, maybe from an old Office installation I guess…? I’m not sure). All the other plenty of times that I scanned the system with Avast it was clear, I found it just now. I deleted it and deleted also the folder.

I also have 5 Runtimebroker.exe processes -4 with the arrow revealing the “process” and one without the arrow- (that become 8 in “details”) that lead to Runtimebroker.exe in “System32” folder. I also have two “RtkAudUService64.exe Realtek HD Audio Universal Service”, one with the arrow that reveals the process and one without it.

I started to investigate as sometimes I have a process with no name/original icon that is “preventing” the PC to shutdown (actually after two seconds it shut down closing the process automatically). This obiovusly makes me worried too.

The PC is not slowed down as far as I noticed and I don’t have any big suspects caused by any malfunction, I guess I’m just paranoid? I did the scan again and all the PC looks clean again.

Thank you VERY much in advance!

One would be surprised to know how updating your antivirus software can easily fix the COM Surrogate issue.

Majority of the antivirus software such as Avast can assist in the same.

But, bear in mind, in order to fix the issue, make sure that you are using the latest version of the antivirus software.

This particular way of fixing the COM Surrogate issue, suggests that your machine was virus infected instead of the regular service issue.

Closing COM Surrogate Using Task Manager
There are several instances where changing media information such as a picture or video, the user is prompted with the message “The action can’t be completed because the file is open in COM Surrogate.” The easiest fix around the problem is to close the process all alone.

Follow the instructions down below to close the process:

Press the CTRL + SHIFT + ESC simultaneously to open the Task Manager.
Once the Task Manager pops up, make sure to look for COM Surrogate and right-click over the same.
Choose End task from the option. In case you can’t find the program, look for the one dllhost.exe.
Right-click over the same and terminate the same process.

Re-registering DLL Files Using Command Prompt
The COM Surrogate error is often times associated with the DLL files that are present on the computer.

Making subtle changes to the same can assist you to solve the issue. This can be using the steps given below:

At first, open command prompt to open as administrator. Press the Windows + X key and select Command Prompt (Admin). At the same time, you can also go with PowerShell (Admin).
After the command prompt opens, make sure to enter these lines one by one:
regsvr32 vbscript.dll

regsvr32 jscript.dll

Running these commands can assist you in solving the COM Surrogate problem.

Info source: info from Ten Taken 2020 (credits go there)

polonus

Thank you very much! I actually just saw that now I have only one COM Surrogate process (that’s after the antivirus update of yesterday’s night, after I posted).

So I guess it’s solved? What do you think about the others double processes and most important about the no name app that is preventing shutdown? How can I find what app is to be sure that’s not a virus? (I doubt it, I just want to be sure of course).

Thank you very much again

I did another scan with Malwarebytes (with rootkit too this time) and it found C:\Windows\files\bin\KMSS.exe
This indicate that you are using cracked windows software

Actually not. I use a legit copy of Windows. Maybe that’s from a previous Office installation (that I don’t have anymore)

Actually now the thing that worry me the most is that process without name that is blocking the shutdown