Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe -> ctfmon.exe -> multiple iexplore.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 ^knightmastery

^knightmastery

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 28 May 2014 - 11:46 PM

Picked up something today.  Malwarebytes was executed a number of times, but the problem still persists.  Essentially I get multiple iexplore.exe processes running, each taking up massive amounts of memory and some cpu cycles.  I kill the processes in task manager, but they keep popping up.  From what I can observe, it looks like a dllhost.exe pops up first, then a number of ctfmon.exe, then both the dllhost.exe and ctfmon.exe exit and an iexplore.exe starts.  This keeps going, taking up memory and cpu, then another is added, and so on.

 

I executed DDS, but it only generated one log file... attach.txt (attached)

 

 



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:38 PM

Posted 02 June 2014 - 04:40 PM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 ^knightmastery

^knightmastery
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 03 June 2014 - 09:40 AM

Elle

 

One of the things that infected my PC was Crypto-Locker.  Lost all my files.  But I had recent backups.  I was forced to re-install from scratch and recover from backup.  Everything is OK now.

 

Thanks for checking in.



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:38 PM

Posted 04 June 2014 - 04:50 AM

Hello, 

 

Thank you for letting me know! :)

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:38 PM

Posted 04 June 2014 - 04:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users