dllhost.exe IS a system file, yes, but I can pretty much guarantee that your infected file is <i>not</i> dllhost.exe. The virus writer simply got the virus to write itself to a file with the same name as a system file.

Look for dllhost.exe elsewhere on your computer. You will find it, and the filesize will be different from the infected file.

Just trash it.

Why am I so sure? Easy. I know that you run Windows XP. Furthermore, I know you are running Windows XP as a home computer. Therefore you are not using WINS.

The only time a Windows XP computer would have to be a WINS client is if it is a member of a Windows NT domain--Even if it's a member of a Windows 2000 domain which has a WINS server in it, there's no need for the XP machine to be a WINS client, since it can use DNS, which must be present in a Windows 2000 domain.

WINS stands for Windows Internet Naming Service, and it acts in a similar manner to DNS, except that instead of resolving DNS names to IP addresses, it resolves NetBIOS names to IP addresses--which is nice if you're using NetBIOS, but totally redundant if you are using TCP/IP. Which you are, otherwise you wouldn't be able to access the internet.

NetBIOS is a depreciated protocol that was used back in the days of MS-DOS Lan Manager and Windows 3.11. It gives each computer a "friendly" name (maxiumum 15 characters), and when computers need to communicate with each other, it finds a computer's friendly name by broadcasting. (Computers ultimately reach each other by their MAC addresses, and broadcasting resolves NetBIOS names to MAC addresses).

Think of it as one big street. When you want to find Frank, you go to the end of your driveway and scream "WHERE ARE YOU, FRANK?" at the top of your lungs, and then Frank comes out and screams "I AM FRANK, AND MY PHONE NUMBER IS..." And then you go back into your house and call Frank, since you probably don't want to shout intimate hemorrhoidal details at the top of your lungs for the whole street to hear.

That's fine if there's only a couple of people on your network (street), but what happens when there's hundreds, and you can't communicate at all through all the shouting? That's where WINS comes in. WINS is like Directory Assistance. You contact the WINS server (dial 411) and ask what Frank's IP address is, and the operator (WINS server) tells you. All of your communication is two-way--no shouting.

After Windows 2000, though, TCP/IP became the preferred protocol of communication (No broadcasting! Yay!) and name-to-address resolution is provided by the more robust Domain Name Service (DNS)

Even if you use NetBIOS names on a local workgroup (i.e., a peer-to-peer network within your house), you probably have only two or three computers, not 500, which is how many you'd need before NetBIOS broadcasts slowed your network noticeably.

WINS is useful for centralizing NetBIOS name to IP address mappings (Everybody uses the same WINS server, so if a machine changes its name or IP address, the change only has to be made on the WINS server, not everybody's lmhosts file...not that you have to use an lmhosts file either, if you're on a small network using broadcasting), and it allows down-level clients to locate a domain controller on a Windows 2000 domain, which you don't have.

The obligatory user-education speech done with, I can also simply tell that you are not running the WINS server because Windows XP is not a server operating system. In order to install the WINS service, you must be running Windows 2000 Server, Windows NT Server, or Windows Server 2003. (Linux may be able to act as a WINS server, but I doubt it, since Linux has never used NetBIOS)