Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Instances of dllhost.exe


  • Please log in to reply
27 replies to this topic

#1 awkwarddreamer

awkwarddreamer

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 07:35 AM

As the title says. I can close them but they just pop up again after roughly 5 minutes. Seems to be opening weird programs I've never seen (in Process Viewer).

 

I made a post once before but a bunch of stuff happened and I wasn't able to follow through.

 

Thanks for your time.


Edited by hamluis, 24 December 2014 - 07:48 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 07:42 AM

Start with the scanning for Poweliks. If it is found and removed there will be more cleanup of other malware to do.
 
Please download Powelikscleaner (by ESET) and save it to your Desktop. (let me know if poweliks was found and removed as shown in the last image)
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
 
newtool1_zpsa1caa06e.png
 
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
 
newtool2_zps0e6d39b1.png

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 07:53 AM

Was found and successfully removed, rebooting now.



#4 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 08:10 AM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Check for adware and malware using the programs below. Allow them to remove whatever they find.

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 08:34 AM

The first bit seems to have fixed the problem. So thank you for that. So nice not having to worry about closing those processes. You're my hero.

 

Continuing on with the rest of your procedures (to ensure a clean bill of health) :D

 

Can I move down the list while CCleaner is running or do I need to wait for it to finish? It's going to be a while.



#6 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 09:39 AM

I prefer running one tool at a time. Might be a bit late in responding to your question.

I've experienced conflicts in the past with trying to scan using more than one tool.

You must not regularly dump the temporary stuff. CCleaner or similar tool used regularly takes only a couple of minutes to complete.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 09:59 AM

What powelik does depends on what the criminal using it intends. It is capable of doing most anything from ad fraud

to stealing passwords and financial info to setting your computer up to be used as a server for denial of service or

sending out spam, etc.

That's why it is necessary to use other tools to clean up the computer.

 

You need to check all Adobe products such as Reader and Flash to be sure they have the latest security updates.

Same goes for Java (not java script) and Microsoft programs including your OS. Exploiting those programs is one

way powelik and other malware get on your computer. Another is opening an email attachment.

Be sure to uninstall all old Java programs that may be installed on your computer after updating Java. Most don't need

Java installed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 10:27 AM

Unfortunately, I don't run CCleaner as much as I should. Even now it still says 0% and looks like it's burning through my temp internet files (which I do normally delete regularly).

 

I didn't start running anything else. Just waiting for this to finish, hopefully it will speed up a bit.

 

Thanks for the info on powelik, I was going to have to look it up. I must have gotten it like 3 months ago. Thankfully I've been using my computer only when necessary (I've turned it on maybe 3-5 times since then and only for 2-5 minute windows and I disconnected the wifi unless I absolutely needed it) and when on I've avoided important sites and tried to be careful with my passwords, don't think I logged anywhere but here and that was with an alt email and unused password. Otherwise I've just left the computer off.

 

Thanks again for your time and I'll update you as soon as I finish the scans.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:41 AM

Posted 24 December 2014 - 10:30 AM

What is Poweliks?

Poweliks has the ability to download more malicious files so systems risk being infected by other malware, causing a more damaging infection and compromising security. Once the malware compromises a machine it's able to receive commands from a remote attacker and has the capability to steal system information which may be used by cybercriminals to launch other attacks. Zbot, ZeroAccess, Tracur, Chromeinject and various ransomware variants which encrypt data are commonly downloaded and seen on systems infected with Poweliks.

 

As such it is best to follow all instructions as provided by buddy215.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 10:31 AM

What is Poweliks?

Poweliks has the ability to download more malicious files so systems risk being infected by other malware, causing a more damaging infection and compromising security. Once the malware compromises a machine it's able to receive commands from a remote attacker and has the capability to steal system information which may be used by cybercriminals to launch other attacks. Zbot, ZeroAccess, Tracur, Chromeinject and various ransomware variants which encrypt data are commonly downloaded and seen on systems infected with Poweliks.

 

As such it is best to follow all instructions as provided by buddy215.

I am.



#11 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 11:00 AM

I am curious to know what CCleaner deleted. When the scan finishes it gives the total amount deleted. If you

will, make a note of that and let me  know. Thanks


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 12:15 PM

Haha. It was still at 0% so I canceled it. Didn't delete much but I noticed it did 16 passes or something like.

 

Went into settings and it was set to do 32. I switch it to normal (single sweep) and it's already at 50%. So I guess that's why it was going so slow.



#13 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 12:34 PM

Thanks for reporting that. I will have to tell others to check that before scanning. Must be a bug because another

user I was assisting reported it took CCleaner 2 hours to complete.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 awkwarddreamer

awkwarddreamer
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 24 December 2014 - 12:39 PM

Yeah, the 50% was I guess the initial scan, it quickly moved to 98% but that is when the actual wipe started.



#15 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 PM

Posted 24 December 2014 - 12:50 PM

Okay....did you download CCleaner today or was it already installed on your computer? It's scan has finished....right?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users