Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove poweliks, multiple COM Surrogate/dllhosts, frst attached


  • This topic is locked This topic is locked
3 replies to this topic

#1 schwartzm

schwartzm

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 11:11 AM

We've ran roguekiller, mbam, etc and we can't remove this poweliks infection. Roguekiller finds two reg entries but errors out on deleting the second one.

 

Could anyone help with a fixlist from this frst.txt that is attached if they find anything in it?

 

Thank you

Attached Files

  • Attached File  FRST.txt   27.19KB   7 downloads


BC AdBot (Login to Remove)

 


#2 schwartzm

schwartzm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 01:28 PM

We may have taken care of the issue with a newer version of roguekiller (old version would detect but would error on deletion). The key, I believe, is to have no dllhosts open and there are also conhost(s) processes that are infected as well that you need to end during/after/before clean up. If you don't, the virus reloads itself.

 

Update -- still no signs of poweliks, another scan with MBAM w/ rootkit scanning found 4 trojans and an exploit


Edited by schwartzm, 13 October 2014 - 03:44 PM.


#3 schwartzm

schwartzm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 October 2014 - 11:02 AM

Computer appears to be clean, no longer need any help with removal.



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:34 AM

Posted 18 October 2014 - 05:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users