Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple DllHost.exe eating all memory


  • This topic is locked This topic is locked
3 replies to this topic

#1 JoeQD

JoeQD

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 02 October 2014 - 07:26 PM

PC began to crawl, being hard to open any application. Ran virus checkup and MSSE found Exploit:SWF/CVE-2014-0515 and VirTool:JS/Obfuscator.EK. Quarantined cleaned. Malwarebites also found/fixed some problems but still have this issue where randomly DllHost.exe begins to run multiple times and each instance is eating more an more memory.

Via Process Explorer found that is being triggered by a registry entry that I can't edit. Also found that is generating a lot of traffic to multiple IP's, all being locked by a firewall on the network.

 

Here the DSS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.7.2
Run by Manager at 20:10:00 on 2014-10-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.2108 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\atashost.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
c:\Docuwise\xyntservice.exe
c:\Docuwise\qmib.exe
c:\Docuwise\util\xyntservice.exe
c:\Docuwise\Util\watchdog.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZMSMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZRCCTL.exe
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\PROGRA~1\SAAZOD\RMHLPDSK.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
D:\Digital Dining\Data\CDROM\Application\DDSERVERMONITOR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\s4service.exe
C:\Program Files\Digital Dining\Application\DDLaunchService.exe
C:\Program Files\Digital Dining\Application\DDTimeService.exe
C:\Program Files\Digital Dining\Application\DDHLSRV.EXE
C:\Program Files\Digital Dining\Application\DDPRINT.EXE
C:\Program Files\Digital Dining\Application\DDCDSRV1.EXE
C:\PROGRA~1\SAAZOD\DMPHelpDesk.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\SAAZOD\zWinPrf.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uProxyOverride = <-loopback>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\users\manager\appdata\roaming\micros~1\windows\startm~1\programs\startup\ddserv~1.lnk - d:\digital dining\data\cdrom\application\DDSERVERMONITOR.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ddstart.lnk - c:\program files\digital dining\application\DDStart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3413623652
TCP: Interfaces\{0F943C8C-848D-4B11-9772-7D81BF1E3EDE} : NameServer = 208.67.222.123,208.67.220.123
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-31 193552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]
R1 MpKsladb3bb5b;MpKsladb3bb5b;c:\programdata\microsoft\microsoft antimalware\definition updates\{b6f10770-490a-491a-9641-0c494ea2dc88}\MpKsladb3bb5b.sys [2014-10-2 39464]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-3-29 137232]
R2 DDLaunchServer;Digital Dining Launch Server;c:\program files\digital dining\application\DDLaunchService.exe [2012-8-2 24576]
R2 DDTimeService;Digital Dining Time Service;c:\program files\digital dining\application\DDTimeService.exe [2012-8-2 24576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-4-11 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-4-11 112800]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-24 212944]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-30 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-31 99272]
R2 QMMgr;QMMgr;c:\docuwise\XYNTService.exe [2013-10-21 77824]
R2 QMWatchdog;QMWatchdog;c:\docuwise\util\xyntservice.exe [2013-10-21 77824]
R2 s4service.exe;Codebase Server;c:\windows\system32\s4service.exe [2006-6-16 45056]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2012-7-6 85296]
R2 SAAZMSMACTL;SAAZMSMACTL;c:\progra~1\saazod\SAAZMSMACTL.exe [2012-7-6 89392]
R2 SAAZRCCTL;SAAZRCCTL;c:\progra~1\saazod\SAAZRCCTL.exe [2012-7-6 93488]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2012-7-6 81200]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2012-7-6 85296]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2012-7-6 85296]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2012-7-6 89392]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-4-11 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\dell\dell data protection\access\advanced\wave\authentication manager\WaveAMService.exe [2011-7-1 1131520]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2010-2-12 57840]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-4-11 269824]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-4-11 41088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2012-6-8 13408]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2010-2-11 1964528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DDServerManager;Digital Dining Server Manager;c:\program files\digital dining\application\DDServerManager.exe [2012-8-2 40960]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2010-2-12 1574408]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-13 7168]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 VJEXVVVJM;VJEXVVVJM;c:\users\manager\appdata\local\temp\vjexvvvjm.exe --> c:\users\manager\appdata\local\temp\VJEXVVVJM.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-31 1343400]
S4 3XService;3X Backup;c:\program files\3x backup\bin\3XAgent.exe [2011-5-3 58528]
S4 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2012-7-6 85296]
.
=============== Created Last 30 ================
.
2014-10-02 22:18:54 -------- d-----w- C:\FRST
2014-10-02 17:01:50 -------- d-----w- c:\program files\ESET
2014-10-02 15:55:44 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6f10770-490a-491a-9641-0c494ea2dc88}\MpKsladb3bb5b.sys
2014-10-02 14:13:51 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6f10770-490a-491a-9641-0c494ea2dc88}\offreg.dll
2014-10-02 10:18:55 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-02 10:17:19 -------- d-----w- c:\users\manager\appdata\local\temp
2014-10-02 10:07:54 -------- d-----w- C:\ComboFix
2014-10-02 06:29:37 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6f10770-490a-491a-9641-0c494ea2dc88}\mpengine.dll
2014-10-02 01:19:09 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{25696468-e5d7-4546-a71a-761f35f9fce8}\gapaengine.dll
2014-10-02 01:09:54 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-02 00:41:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-02 00:40:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-02 00:40:58 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-02 00:40:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M  ====================
.
2014-10-02 20:50:25 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-02 20:50:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-07-19 12:01:39 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-19 12:01:39 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-19 12:01:38 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-19 12:01:38 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-07-16 20:08:12 414392 ----a-w- c:\windows\system32\drivers\aswsp.sys.1405541316147
.
============= FINISH: 20:10:09.79 ===============

 

 

Here the attach file: Attached File  Attach.txt   13.59KB   0 downloads

 

I also ran Farbar. Here the logs

FRST: Attached File  FRST.txt   26.05KB   1 downloads

Addition: Attached File  Addition.txt   32.67KB   2 downloads

 

Thanks in advance for your help.

 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:42 AM

Posted 02 October 2014 - 09:27 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   557bytes   4 downloads

 

 

How is the machine running now?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 JoeQD

JoeQD
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 03 October 2014 - 08:15 AM

When i arrived with this cure, a colleague was already using RogueKiller and it took care of the Poweliks and the files.

 

We applied this cure just in case and now everything seems to be fine.

 

Thanks a lot.!!



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:42 AM

Posted 03 October 2014 - 01:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users