Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 COM Surrogate - Windows7 - *w/ temp fix


  • This topic is locked This topic is locked
9 replies to this topic

#1 Eyebereej

Eyebereej

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 07 October 2014 - 10:02 PM

Need help on this one. I'm having this dllhost.exe problem like others. Checked out other posts so I've followed the instructions laid out in regards to using FARBAR. I've temporarily alleviated the problem by creating a batch file using the command "taskkill /F /IM dllhost.exe". I've scheduled it to run every 2 minutes, which has helped keep the memory usage at bay. Hopefully this will help others stay productive while they wait for a fix as well. Here's my reports attached below. Thanks in advance for the help.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 09 October 2014 - 05:32 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 15 October 2014 - 12:10 PM

Hello,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 Eyebereej

Eyebereej
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 16 October 2014 - 02:26 AM

Hi Georgi,

 

Thank you for your help! I've been out of town for the past 7 days and I just arrived back this evening. My apologies for not getting back to you sooner. I will try it out tomorrow and post the log once it completes. Thanks again and sorry for the delay.

 

Regards,

Reja



#5 Eyebereej

Eyebereej
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 16 October 2014 - 01:01 PM

Hi Georgi,

 

Here's the results from the Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02
Ran by Admin at 2014-10-16 09:34:53 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1505720049-667710781-3379530977-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Task: {5A2DD76C-E464-4A64-A297-4FA9BDD1B8FD} - \Security Center Update - 161994501 No Task File <==== ATTENTION
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Taokapyzn" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xyxeoqyzhiakw" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ydecowmoec" /f
C:\Users\Admin\AppData\Roaming\Zeseqyat
C:\Users\Admin\AppData\Roaming\Utpadape
C:\Users\Admin\AppData\Roaming\Gufuotah
emptytemp:
end
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-1505720049-667710781-3379530977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1505720049-667710781-3379530977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A2DD76C-E464-4A64-A297-4FA9BDD1B8FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A2DD76C-E464-4A64-A297-4FA9BDD1B8FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 161994501" => Key deleted successfully.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Taokapyzn" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xyxeoqyzhiakw" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ydecowmoec" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
"C:\Users\Admin\AppData\Roaming\Zeseqyat" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Utpadape" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Gufuotah" => File/Directory not found.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 18 October 2014 - 12:13 PM

Hello,

 

I am sorry about the delay. I was out of town for a couple of days so I couldn't reply earlier.

The log above is cut-off. Can you please post it again?

 

Although the infection seems to be removed if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 4

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 5
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 6

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 7

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 8

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 October 2014 - 12:19 PM.

cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 25 October 2014 - 04:04 AM

Hi,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Eyebereej

Eyebereej
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 11 November 2014 - 12:43 PM

Georgi, everything is working great now. Apologies for not responding sooner. Thanks so much for your help and doing what you do, you're awesome man!



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 11 November 2014 - 05:12 PM

You're more than welcome. I am glad I could help! :)

I'll leave the topic opened for a while in case you have any remaining questions...

 

Take care!

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:16 AM

Posted 19 November 2014 - 03:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users