How to tell if dllhost.exe is real or virus

Question

I'm not sure if Malwarebytes is just hyperactive or if it's really detecting a virus, but after a recent update, Malwarebytes keep dinging "C:\dllhost.exe" as malware and locks it under quarantine.

This dllhost.exe reappeared (and gets quarantined immediately) every time I boot up the computer, so I'm left wondering if this is a real threat or if it's a benign background process. Nothing wrong happened while that item is quarantined, so I'm assuming that even if it's not a virus it isn't necessary anyway, but the fact that it keeps reappearing and getting dinged is a bit worrying.

Answer 1

Alright, I'll check with them about fasle positives.

However I'm still not clear if this is a bad COM Surrogate or a real one.

I checked the properties of the offending dllhost. This is what it looks like. 

Answer 2

Hey man, thanks for the reply. It was dinged and locked into quarantine before I could check what it says in the process. But its location is apparently in the [C:] main drive itself.

The antivirus also detects these registries as bad: 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ImageFileExecutionOptions\dllhost.exe

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ImageFileExecutionOptions\dllhost.exe

I'm kind of scared of overly-aggressive antiviruses because after running the antivirus, and I was about to log off, it was stuck in a logoff screen. I was afraid deleting those registries harmed the PC. 

Answer 3

Malwarebytes has their own forums for you to check it:  https://forums.malwarebytes.com/forum/122-false-positives/

Answer 4

Check the spelling.

You see where it is filed, as to whether it is good or bad.

https://www.processlibrary.com/en/directory/files/dllhost/22846/

https://www.processlibrary.com/en/directory/files/dlhost/27113/