Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe*32 COM Surrogate processes.


  • Please log in to reply
14 replies to this topic

#1 Gary1972

Gary1972

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 05 November 2014 - 12:56 PM

Computer slows, Task manager shows approx. 20 instances of dllhost.exe*32 COM Surrogate. Resets IE security to block file downloads. Previously was trying to upload to web sites Appsrumors.com and Searchnet.Blinkxcore.com. Have run SuperAntispyware, MicrosoftSecurity Essentials, Malwarebytes, AdwCleaner, and others, they've slowed down the culprit but it comes back again and again. System is running Windows 7. Any suggestions?



BC AdBot (Login to Remove)

 


m

#2 bigbootyjj

bigbootyjj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 05 November 2014 - 01:35 PM

I haven't applied this to a laptop I have at home but here is a link to fixing this "Poweliks Virus." Please post on if it works or not :-)

Mod Edit by quietman7: link to non-Bleeping Computer malware removal guide removed.

#3 Gary1972

Gary1972
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 05 November 2014 - 02:02 PM

Thanks for the advice, but I do not consider myself competent to run tools such as ComboFix. I head the advice of the BC experts.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 05 November 2014 - 10:43 PM


@ bigbootyjj

Instructions for posting advice in Am I Infected

Posting referral links to non-Bleeping Computer malware removal guides is NOT permitted with the exception of well known security vendors like Kaspersky, Symantec, etc which sometimes release specialized fix tools with instructional documentation. This is because there are far too many untrustworthy and scam sites which mis-classify detections or provide misleading information and poor removal advice. It is impractical for our staff to monitor and review all such guides for accuracy, therefore, we will not permit members helping others to refer to any of them.


For this reason your link has been disabled/removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 05 November 2014 - 10:50 PM

Gary1972...you are most likely infected with Poweliks.

Please download ESETPoweliksCleaner and save it to your Desktop logo.png
  • Double-click on ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    .
    1.png
    .
    .
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
  • Press any key to exit the tool and reboot your computer.
    .
    2.png
    .
  • The tool will produce a log in the same directory the tool was run from.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Gary1972

Gary1972
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 November 2014 - 10:07 AM

Thanks for the reply Quietman7. I followed your instructions. Poweliks was found and a log file created. I tried to paste it into a response but my reply was too long. Is there a way to attach the file?



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 06 November 2014 - 10:30 AM

Attachments are not permitted in this forum.

If Poweliks was found and you choose Y to clean it...the infection should have been removed.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Gary1972

Gary1972
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 November 2014 - 10:40 AM

So far so good, but I thought this for a while yesterday after running AdwCleaner and the virus reappeared later.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 06 November 2014 - 10:46 AM

Then monitor it for a while longer. ESETPoweliksCleaner seems to be working with others who have been infected.

If it doesn't in your case, we will need more advised tools than we can use in this forum. If that is the case I will advise what to do next.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Gary1972

Gary1972
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 November 2014 - 10:57 AM

Thanks, I'll give you an update tomorrow if all is well til then.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 06 November 2014 - 10:58 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Gary1972

Gary1972
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 07 November 2014 - 10:14 AM

Everything still looking good on my machine. ESETPoweliksCleaner  appears to work well. This is the second time Bleeping Computer has saved me.

 

Thanks Quietman7.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 07 November 2014 - 12:44 PM

You're welcome.
Now you should Create a New Restore Point and purge the rest to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Click the Start Orb and in the Search box type: Create a restore point ...then click on it.
  • When the System Properties window opens, under the System Protection tab, select the Create... button at the bottom. Give the restore point a name, then click "Create". The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then to remove all but the newly created Restore Point, use Disk Cleanup.

.Resources to do the above:

-- Note: When using Disk Cleanup in Windows 7/8, click on the Clean up system files button, then click on the More Options tab.
 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 bigbootyjj

bigbootyjj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 07 November 2014 - 01:33 PM

Hi Global Moderator. Sorry I posted that link. I won't do it again. I'm going to try all those protective things just to see if it works and if it doesn't will go by your suggestion (ESETPoweliksCleaner).



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 07 November 2014 - 02:09 PM

Ok but if you need individual assistance, you should start your own topic in the Am I infected? What do I do? forum
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users