You may be infected with Poweliks
(aka Gootkit, a Poweliks clone) which typically affects the ability to browse or download files using Internet Explorer and causes PowerShell error alerts. Task Manager typically shows numerous occurrences of (COM Surrogate) dllhost.exe
. If using a 64-bit version of Windows, then these entries will be listed as dllhost.exe *32
or dllhst3g.exe *32
. These processes are known to spawn and consume a large amount of system resources. When attempting to download files in Internet Explorer you may receive the message "Your current security settings do not allow this file to be downloaded.
" or you may see a pop-up alert advising that "powershell (powershell.exe) has stopped working
Poweliks is also a Trojan Downloader
...meaning it has the ability to download more malicious files so systems risk being infected by other malware
, causing a more damaging infection and compromising security. Some ransomware
variants which encrypt data are commonly downloaded and seen on systems infected with Poweliks.
If you are having trouble downloading files with Internet Explorer, follow these instructions
to re-enable downloads/reset all Security zones to default.
Please download ESETPoweliksCleaner
and save it to your Desktop
- Double-click on ESETPoweliksCleaner.exe to start the tool.
- Read the terms of the End-user license agreement and click Agree if you agree to them.
- The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
- If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
- If Poweliks was not detected "Win32/Poweliks not found" will be displayed.
- Press any key to exit the tool and reboot your computer.
- The tool will produce a log in the same directory the tool was run from.
- Copy and paste the contents of that log in your next reply.