- Oct 30, 2014
- 3
Hey guys,
Seems like this issue is pretty popular recently.
My issue may be slightly tricky to troubleshoot because the user is remote. I can connect to him over VPN which I have been doing, but will need to be logged in as the user who does NOT have admin rights. I can run programs as admin, but cannot log in as one).
Anyways:
OS: Windows 7 Enterprise x64 on our domain.
AV: Microsoft Endpoint Protection
Found multiple instances of dllhost32.exe running from within syswow64. Malware bites is detecting this and blocking hundreds of connections across multiple ports in the 50000 and 60000 range, all leading back to Russian IP's or ie90ff.com (also Russian).
FRST and Addition logs attached. Any help would be appreciated.
Thank you.
Seems like this issue is pretty popular recently.
My issue may be slightly tricky to troubleshoot because the user is remote. I can connect to him over VPN which I have been doing, but will need to be logged in as the user who does NOT have admin rights. I can run programs as admin, but cannot log in as one).
Anyways:
OS: Windows 7 Enterprise x64 on our domain.
AV: Microsoft Endpoint Protection
Found multiple instances of dllhost32.exe running from within syswow64. Malware bites is detecting this and blocking hundreds of connections across multiple ports in the 50000 and 60000 range, all leading back to Russian IP's or ie90ff.com (also Russian).
FRST and Addition logs attached. Any help would be appreciated.
Thank you.