Is this malware?
June 15, 2011 3:12 PM   Subscribe

Is this malware, and what do I do to handle this?? Long, convoluted problem inside.

First of all, my system specs:
Windows 7 Home Premium
AVG Free, up to date
Intel Core i7 CPU, quad-core with hyperthreading
6GB of RAM, 500GB HDD with 150GB free.

I've got a folder with four WAV files of about 60MB each. When I open this folder and click on one of the files, the little progress bar at the top of the Explorer window goes across almost to the end and keeps throbbing.
I can't rename or delete any of the files - the window just freezes when I try. Deletion and renaming works for other, non-WAV files.

If I open My Computer, it takes forever for anything to turn up and the Favorites, Libraries, Homegroup and Computer headings in the sidebar don't turn anything up- just little magnifying glass animations.

At this point, Task Manager says explorer.exe is using 62% CPU, and that dllhost.exe is using 12%. This seems to mean that explorer is using 100% of 5 cores and that dllhost is using 100% of one core.

I used Unlocker on the containing folder to see what's going on- This is what turns up.
dllhost and explorer seem to have ownership, even before I open the folder. I can kill dllhost and rename and delete the files if I'm quick, but it starts back up again. On checking again, it says searchprotocolhost has a lock on the files as well.

Finally, sometimes after having to restart Windows Explorer, it says there's a problem with the RPC server. Killing dllhost takes care of this.

What I'd really like is for my computer to not act funny every time I have to deal with a WAV file.
posted by dunkadunc to Computers & Internet (7 answers total)
If you disable avg does the system still do this?
posted by majortom1981 at 3:29 PM on June 15, 2011

According to this, it's a known problem.

See here for a hotfix (the microsoft link) and a registry edit to hand fix it if that doesn't work. If you need help with the registry file being created / used, let me know.
posted by deezil at 3:40 PM on June 15, 2011

This doesn't sound like any malware I've heard of. The WAV files appear to be (labeled as) songs by Public Transport (Soundcloud page, nothing appearing nefarious there).

A quick search for searchprotocolhost Windows 7 turns up a way to disable Search Protocol Host:
Type services into the search box and press enter --> Double-click the Services(Local) --> look for Windows Search --> Right-click it --> choose properties --> click stop. Change startup type to disable then click apply.
And this thread on How To Geek has other solutions that might help.
posted by filthy light thief at 3:41 PM on June 15, 2011

deezil's answer is more specific to your issue - mine are broad search protocol host complaints. You could probably start with his, if you aren't having any other search issues.
posted by filthy light thief at 3:43 PM on June 15, 2011

deezil's got it! Whew, I thought it was reformat and reinstall time.

Metafilter wins!
posted by dunkadunc at 3:56 PM on June 15, 2011

Just curious, was it the microsoft fix, or the registry hand fix that did it?
posted by deezil at 4:05 PM on June 15, 2011

Sorry, I came back here to clarify that!

I got the x64 hotfix but it said that it wasn't compatible with my system- so I had to use the registry fix instead. All seems to be well now!
posted by dunkadunc at 4:10 PM on June 15, 2011

« Older Information about Maryland marijuana possession   |   Effect of torrents and/or free downloads on... Newer »
This thread is closed to new comments.