Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


COM surrogate malware

  • Please log in to reply
4 replies to this topic

#1 cjdoc2


  • Members
  • 1 posts
  • Local time:01:21 PM

Posted 17 November 2014 - 09:50 PM

Multiple dllhost.exe files running. Norton is unable to fix. Tried to download malware bytes and get user does not have persmission error. This is running as admin.

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,770 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:21 AM

Posted 17 November 2014 - 10:37 PM

Welcome aboard p22002758.gif


Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.


4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.


The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE


#3 Ringer77


  • Members
  • 3 posts
  • Local time:02:21 PM

Posted 18 November 2014 - 08:37 AM

Whenever I have had to deal with this virus, I have had luck removing it with RogueKiller. First, I boot the computer into safe mode with networking, and after that I run RogueKiller. The program will go through and do an initialization scan when you first run it, after this completes you can then hit scan in the top right hand side of the screen. After the scan completes, under the registry tab, there should be an entry marked as red for "Poweliks". Just make sure this entry is selected, and hit delete. I would be weary of deleting any other registry entires, unless they are specifically flagged by RogueKiller.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,073 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:21 PM

Posted 18 November 2014 - 08:56 AM

@ Ringer77

Please read the pinned sticky Instructions for posting advice in Am I Infected

Posting instructions for the use of the following by non-staff members is prohibited in this area, as well as in all other areas of the forums. This list contains tools and procedures that are forbidden, the instructions for using similar tools or procedures should not be posted here, or elsewhere on Bleeping Computer forums, without prior Staff approval.

  • ComboFix instructions or discussion.
  • HiJackThis, DDS, OTL, ZOEK, RSIT, RogueKiller instructions.
  • FRST (Farbar Recovery Scan Tool).
  • Manual rootkit removal using non-automated and advanced ARK tools (MBRCheck, MBR.exe and Esage Bootkit Remover).
  • Automated registry cleaners.
  • Advanced Registry instruction. Simple registry fixes are permitted but they must be accompanied with a warning to back up the registry first.
    The BC staff will monitor (review) registry fixes and if we determine they are dangerous or incorrect, the instructions will be removed.
  • Custom scripts, batch files.
  • Other specialized fix tools the BC Staff deems untrained members should not recommend for use.
Note: This list is not limited and we may add to it as necessary. These restrictions are in place to ensure that only safe and effective methods are given to members seeking help with a malware problem.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Ringer77


  • Members
  • 3 posts
  • Local time:02:21 PM

Posted 18 November 2014 - 09:14 AM

Sorry, my mistake. I will take note of that.


Thank you

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users