DLLHost.exe (Com Surrogate) Bitcoin Miner Keeps Coming Back After Removal

Status
Not open for further replies.
S

ShadowSlim69

New Member
Thread author
Mar 6, 2021
2
Yesterday I noticed that Com Surrogate was using a lot of resources, so I scanned with Malwarebytes Rootkit Remover and that picked up in the folder Appdata/Roaming/DLL had 2 files that were related to bitcoin mining, after using the tool to remove them they came back after reboot, I did notice however just before they appeared in the folder, there was a 7 Zip folder called VS_Files.7s that I presume extracted and put the 2 files into the DLL folder.

I did have some software that might have caused this that has been since removed, I have also done the farbar recovery scan and attached the files below.

Thank You
 

Attachments

  • Capture.PNG
    Capture.PNG
    9.9 KB · Views: 37
  • Addition.txt
    29.4 KB · Views: 31
  • FRST.txt
    60 KB · Views: 39
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

Is the problem solved?
 

Attachments

  • fixlist.txt
    901 bytes · Views: 71
  • Thanks
Reactions: ShadowSlim69
S

ShadowSlim69

New Member
Thread author
Mar 6, 2021
2
nasdaq said:
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

Is the problem solved?
Click to expand...

As of right now the files haven't come back even after a few reboots so the issue seems to have resolved thank you
 

Attachments

  • Fixlog.txt
    4.2 KB · Views: 17
Status
Not open for further replies.

Similar threads

S
  • Locked
COM Surrogate eats 20% of CPU. And I don't know if its that a virus or not. Could anyone help me?
Replies
1
Views
1,203
Windows Malware Removal Help & Support
nasdaq
nasdaq
Shadowra
    • Like
    • +Reputation
    • Applause
App Review UltraAV Antivirus 2024
Replies
28
Views
2,563
Video Reviews - Security and Privacy
Shadowra
Shadowra
M
    • Like
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Replies
0
Views
409
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top