Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected by Powessere.A!reg


  • Please log in to reply
5 replies to this topic

#1 Cain57

Cain57

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 21 December 2014 - 08:00 AM

My wife managed to get her PC infected by Powessere.A!reg.

 

I have no idea how she did it.  She was web surfinig on some very questionable sites using mainly the Chrome for PC browser.

 

She had MalwareBytes (MB) running actively so it immediately started blocking Powessere.A!reg  which kept trying to ping out, and which immediately brought me to her office.

 

How can I stop this from happening again??  Her browser of choice is MSIE, but she decided to use Chrome on this day. 

 

Normally we use Firefox, and I have never seen it get a PC infected like this.  I was unable to detect or remove the trojan with MB but MSSE saw it on a scan and apparently removed it.  I then proceeded out of paranoia to run every other AV I could get my hands on, and none saw anything any longer.

 

So how do i make web surfing safer???

 

Many thanks!!

 

-- Cain

 

 



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:51 AM

Posted 21 December 2014 - 08:04 AM


You are most likely infected with Poweliks which typically affects the ability to browse or download files using Internet Explorer and causes PowerShell error alerts. Task Manager typically shows numerous occurrences of (COM Surrogate) dllhost.exe or dllhst3g.exe. If using a 64-bit version of Windows, then these entries will be listed as dllhost.exe *32 or dllhst3g.exe *32. These processes are known to spawn and consume a large amount of system resources as described here.

If you are having trouble downloading files with Internet Explorer, follow these instructions to re-enable downloads/reset all Security zones to default.

Please download ESETPoweliksCleaner and save it to your Desktop logo.png
  • Double-click on ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    .
    1.png
    .
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
  • Press any key to exit the tool and reboot your computer.
    .
    2.png
    .
  • The tool will produce a log in the same directory the tool was run from.
  • Copy and paste the contents of that log in your next reply.
Note: If the log is too long...you may need to split it and use multiple replies in order to post all the information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Cain57

Cain57
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 21 December 2014 - 08:18 AM

Thank you for the quick reply quietman!!  I'm fairly confident I've already removed it (first with MSIE, then with abery other AV I could get my hands on from ComboFix to TrendMicro's free tool, etc.), but I will also grab and download ESETPoweliksCleaner.exe to make certain.

 

How can I prevent this from happening again??  Would one of these newer browing companions, have stopped it perhaps?? 

 

Lots of companies have them now I see - Adaware, MB, TrendMicro, etc. 


Edited by Cain57, 21 December 2014 - 08:19 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:51 AM

Posted 21 December 2014 - 08:35 AM

What is Poweliks?

Poweliks has reportedly been spread and delivered through social engineering...by opening malicious spam emails (attachments) and by exploiting a vulnerability in Microsoft Word (CVE-2012-0158 Exploit). Emails from fake Canadian Post or U.S. Postal Service typically use subjects (missed package delivery, purchase orders, bills, complaints, other business communications) that will entice a user to read the email and open the attachment. Poweliks can also spread via exploit kits that deliver drive-by downloads.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Cain57

Cain57
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 21 December 2014 - 08:41 AM

Thank you!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:51 AM

Posted 21 December 2014 - 08:46 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users