You may be infected with Poweliks
(aka Gootkit, a Poweliks clone) which typically affects the ability to browse or download files using Internet Explorer and causes PowerShell error alerts. Task Manager typically shows numerous occurrences of (COM Surrogate) dllhost.exe
. If using a 64-bit version of Windows, then these entries will be listed as dllhost.exe *32
or dllhst3g.exe *32
. These processes are known to spawn and consume a large amount of system resources. When attempting to download files in Internet Explorer you may receive the message "Your current security settings do not allow this file to be downloaded.
" or you may see a pop-up alert advising that "powershell (powershell.exe) has stopped working
If you are having trouble downloading files with Internet Explorer, follow these instructions
to re-enable downloads/reset all Security zones to default.
Please download ESETPoweliksCleaner
and save it to your Desktop
- Double-click on ESETPoweliksCleaner.exe to start the tool.
- Read the terms of the End-user license agreement and click Agree if you agree to them.
- The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
- If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
- If Poweliks was not detected "Win32/Poweliks not found" will be displayed.
- Press any key to exit the tool and reboot your computer.
- The tool will produce a log in the same directory the tool was run from.
- Copy and paste the contents of that log in your next reply.
Note: If the log is too long...you may need to split it and use multiple replies in order to post all the information.