COM Surrogate Virus

S

sailor52

New Member
Thread author
Nov 13, 2014
8
0
3
40
Thank you for the support

New Update: After restarting my computer The COM Surrogates came back full force there were about 10 instances in my processes. I was unable to click on anything. I quickly unplugged my ethernet cable and it went back to the two that were there before and I regained control. I am using my laptop for this post because i am afraid to use my desktop. I am very close to just doing a system restore and hoping for the best. If I plug the ethernet cord back into my desktop it may take over my ability to do a system restore and Ill be really screwed.
 

Attachments

Last edited:
Helllo,

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



===================================





Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"






FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
Hello and thank you.

I am getting an error message saying my current internet setting will not allow me to download. I tried adding the site to my trusted websites and lowering the security level but still cannot download.

Edit: I was able to download through Firefox. will submit report momentarily
 
Re-enable downloads in Internet Explorer
  1. Close all Internet Explorer windows.
  2. Press the Windows key
    windows_key_icon.jpg
    + R.
  3. Type inetcpl.cpl into the Open field and click OK. This will open Internet Properties (otherwise known as Internet Options).
    SOLN3587Fig1-1.png


    Figure 1-1

  4. Click the Security tab
    icon-rarr_10x9.png
    Reset all zones to default level.
    SOLN3587Fig1-2.png


    Figure 1-2

  5. When you are finished, click OK to save your changes.
 
Here you go, 1 more thing I forgot to mention.... Before I saw your first post I ran RogueKiller. It caught the Dll.exe files and was able to delete them from the processes. The ones that I could not do manually. But a few have popped up randomly since then. After I saw your post I have not done anything other than what you have asked and I will continue to follow your lead.

Current Status of Computer: Running perfectly, still seeing COM Surrogate popping up in the processes but only 1 instance and it disappears within 5 seconds of being there.

Update: Prevhost.exe Preview Handler Surrogate Host just showed up in processes, its new and 2 COMM surrogates came with it then disappeared
 

Attachments

Last edited:
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

CPU 0-2% Still seeing COMM but much less frequently and its only producing 2,000K
will re run Farbar now.
 
While running Farbar 2 instances of COMMS showed up briefly and it seems when I open and close IE they pop up and disappear shortly after. Anytime I open a program a COMM process shows up for a few seconds then disappears.
 

Attachments

Last edited:
Do you have any other advice for me? would Delfix be a good option? Im worried this COM is just hibernating and will eventually come back full force.
 

You may also like...