COM Surrogate Infection

less than 1 minute read


Lately there have been reports of viruses that do not infect the file system except by dumping huge amounts of files in the %temp% directory. Follow these steps to remove the infection. Initial complaints from end users will be that the computer is so slow they cannot open anything.

To Resolve:

  1. Find out if you have this particular infection by running taskmgr.msc. Processes running will look like legitimate processes but will not be. Examples include: COM Surrogate, CTF Loader, Windows Picture Acquision Wizard, etc. (see screenshot below).


  1. After doing a bit of searching, I found that if you run ESET Poweliks Cleaner (found here), it will target this infection and remove it. You just need to reboot afterwards.