Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate - dllhost.exe *32 -- Multiple instances


  • This topic is locked This topic is locked
5 replies to this topic

#1 tdnxxx444

tdnxxx444

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 23 September 2014 - 04:08 PM

I have multiple instances of this running on my computer and hogging up resources.  They seem to be trying to launch IE browser sites.  I have attached FRST.txt and addition.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 24 September 2014 - 08:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 tdnxxx444

tdnxxx444
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 24 September 2014 - 10:27 PM

Marius, thanks for the help! I tried to run Gmer rootkit scanner, however, while loading it would crash.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 25 September 2014 - 08:24 AM

Reboot into safe mode and try again to run Gmer.

If it fails, skip Gmer and proceed with TDSS-Killer.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 tdnxxx444

tdnxxx444
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 September 2014 - 12:51 PM

Rebooted in safe mode and ran Gmer sucessfully, however, nothing was found so the ark.txt was blank.  I attached the TDSSKiller log file -- It said no malware was found.


Attached File  TDSSKiller.3.0.0.40_25.09.2014_11.47.54_log.txt   196.81KB   0 downloads 


Edited by tdnxxx444, 25 September 2014 - 12:52 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 26 September 2014 - 05:42 AM

Due to the evidence of crossposting and pirated software, this topic is closed now.

 

 

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CB8QFjAA&url=http%3A%2F%2Fmalwaretips.com%2Fattachments%2Ffrst-txt.22306%2F&ei=0EIlVPP0KsqrPIKjgLgP&usg=AFQjCNGjn_fBufuwwlgkmkmx4upF0fZY_A&bvm=bv.76247554,d.ZWU

 

 

2014-09-15 12:33 - 2014-09-15 12:32 - 00000000 ____D () C:\Users\tnguyen\Downloads\SpyHunter 4.1.11.0 + Crack

 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users