COM Surrogate dllhost Malaware issue on Window 8

[leroux]

Toshiba Satellite
Windows 8 64-bit
AMD6 quad-core 2.ghz
6gb memory installed


Hi I got the Com Surrogate dllhost.exe issue as well. I did a lot of what you said in another thread. Here is exactly what ive done:
Runned AwdCleaner ( log file attached )
Then runned Combo Fix ( for some reason the scan completed succefuly, but did not save any logs )
Then runned TDSSKiller ( log file attached )
then opened the RUN windows an typed :
"Leroux\desktop\combofix.exe" /killall
Then created a txt file named CFSscript.txt typing this:
Folder::
c:\users\Leroux\AppData\Roaming\Fowacye
c:\users\Leroux\Apps\NT
c:\users\Leroux\AppData\Local\Omics
c:\users\Leroux\AppData\Roaming\HpUpdate
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Msmdmwbs"=-
"Omics"=-
"GameServer518"=-
"Zyivfuubd"=-
ClearJavaCache::

Then dragged the notepad file onto the combo fix icon then it ran again succesfuly ( but yet didn't save any logs)

Now I am at the part toget the tool to remove the removal toll but my issue is still isn't fixed so is there anything I did wrong pls , pls pls help me !!!!

 

[TwinHeadedEagle]

So, you really won't do destroy your system? Good luck with this!

I clearly noticed that running fix from other topic could damage your system. I am not responsible for anything that could happen to your system from now.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[leroux]

Hi again. I do not hold you for responsible for any Harm that those step could had done. In fact it did nothing at all so we are safe on this matter. I did the scan you requested and here are the logs file.

 

[TwinHeadedEagle]

PC looks clean, how is the situation now?

 

[leroux]

Im still having this COM Surrogate processes opening 3 to 10 time taking all my disk and cpu resources

 

[TwinHeadedEagle]

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

[leroux]

Alright will run it again. sorry I didn't mentioned that every time I runned Combofix. it was by right clicking on it to run it as an admistrator, as every online game must be runned. Although I have to go to work and will be back at you tomorrow morning (Eastern time Zone)

 

[leroux]

Hi I got Home Hurlier than expected so here the file log you asked

 

[TwinHeadedEagle]

Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

• Press the
  
  + R on your keyboard at the same time.
• A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
• In the shown window paste in the following script:
  

  Driver::
  Update innoApp
  Util innoApp
  
  Folder::
  c:\program files (x86)\innoApp
  
  ClearJavaCache::

• Go to File menu and select Save as.
• Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
• Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Now drag your CFScript file and drop it onto the
  
  icon.
• This will start ComboFix. Let it run uninterrupted!
• A reboot may be needed during this run. Allow it.
• When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Do not forget to turn on your previously switched-off protection software!

 

[leroux]

Hi im sorry for the delay, I do work a lot in the week-end, alrigth, so far I tried 3 time to do it and the only thing it does is stalling , now im doing it on safe mode ( with networking of course) ill be back to you tomorrow morning. Thank you for your help I really appreciate it.

 

[leroux]

Good news . It completed succesfuly here is the logs you asked. And once more I must thank you very much for your help and patience , although it didn't fixed my issue , I still have 3 to 10 com surrogate processes running at the same time

 

[TwinHeadedEagle]

Okay, then let's scan your PC one more time:

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
• Accept the Terms of use.
• When the Scan button becomes available, please click it. RogueKiller will start a full scan.
• Let this process run uninterrupted!.
• When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[leroux]

Hi again , here is both report you asked. Thank you again

 

[TwinHeadedEagle]

How about FRST reports?

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

[leroux]

Hi, I do not know why it didn't uploaded here is the FRST log and the TDSSkiller as well. By the way no suspisious or malicious item was found

 

[TwinHeadedEagle]

PC seems clean, how is the situation now?

 

[leroux]

Well now when I look in my task manager its open two or three time at once then just disappear.

 

[TwinHeadedEagle]

If your PC runs ok, then you do not need to worry.

 

[leroux]

isn't there a way to just uninstall this thing?

 

[TwinHeadedEagle]

What thing, can you explain?