Dllhost.exe Com Surrogate

[Blite]

Hello all,
I see Im having what appears to be a common issue over the last 24 hours atleast. dllhost.exe Com Surrogate has infiltrated one of my 2 pc's and has reproduced faster than cockroaches. I have taken many steps to fix it as I have put in the boxes above this post. (hope I'm doing this correctly if not please notify me) Some of which I had already attempted before finding this forum and seeing that they were a bad idea. Malwarebytes removal tool worked decently for 15 of the infections however 10 still remain. I have the FRST txt documents and will post them here. Any help fixing this proble will be greatly appreciated as youtube and all other efforts continue to fail me. Thanks all who take the time to aid my failed attempts of purging myself of this blight.(haha word pun on my name) Also the trogan poweliks is the Norton prompt and sysWOW64 is the file location.
Also I didn't specify my system is a 64 bit system

 

[argus]

Helllo,

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

==================================





Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Blite]

I had already taken this step aside from posting the results it had found 15 objects. The second time I ran it nothing was found and dllhost.exe Com Surrogate still had 10 processes running on my system. I am about to run it a third time and post the results you requsted as soon as it finishes, I appreciate you help with this tremendously.

 

[Blite]

After restarting the infected pc I came to a black system screen because I was disconnected in the middle of trying to shut it down earlier today. now I get an error message for one of the Trojans I saw removed earlier. This is the exact message, (upper left of box) RunDLL In the message box: There was a problem starting C:\Users\Sassy\AppData\Local\ucilluo.dll bottom of box : The specific module could not be found.
After seeing this error message Dllhost.exe doesn't exist (at this time I'm sure its hiding) nor do the other multiples. After running MBAR it found 3 more infections after the update and I will post the results now.

The new Farbar you have requested will not finish it keeps stopping at ~DF53F0CD2E1502ACF1.TMP Im going to leave it running to see if it will complete

 

[argus]

Please re-run Farbar Recovery Scan Tool

 

[Blite]

here's my new Farbar Recovery Scan, had to disable my anti-virus this time to use the scan for some reason. Let me know what else you need me to do. Sorry took so long, had a LONG work week so far

 

[Blite]

wow it didn't post, I will re post them first thing after work I got to be there in less than 6 hrs. I'm sorry for wasting your time, please don't mark this as solved I saw something about 72 hours.

 

[Blite]

Sorry it took me so long to reply, school, work, kids and this pc got ripped out of the wall by dog and son running around it playing so I kind of put it off until I had a day off. This should be all the files you need. I noticed after running Malwarebytes a previous time (the attached file is from today) it partially removed a few Trojans and then Dllhost.exe com surrogate disappeared. I haven't seen it back yet however I do get an error message when I first turn on my pc listing one of the files a Trojan was in saying cannot run.dl or something like that I will reboot and post the exact msg. Once again sorry for taking so long to reply and thanks for looking into it for me.

 

[Blite]

Also when I ran these scans I ran Malwarebytes anti-malware scan (free version) a full Norton scan and an anti root kit scan via Norton (cant remember the exact name something eraser). Both found and fixed threats I also ran that Mbar scan as well. so you know the full series of event as of today.

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Blite]

Ok I will run that now and post the results as soon as possible. The error window I was talking about is named RunDLL and the red X window says there was a problem starting C:\Users\Sassy\AppData\Local\ucilluo.dll Then below that it says The specific module could not be found.

 

[argus]

Malware
http://www.herdprotect.com/ucilluo.dll-88a2185d077089f3836750f10252fe09c4580494.aspx

 

[Blite]

Actually the fix corrected this error. I posted the fixlog as well. I cant help but feel its gone, yet now that I have been infiltrated Im paranoid that there's more there than just those haha. Let me know your findings

 

[argus]

Good job


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Blite]

Awesome!!! I have to say you went above and beyond what I expected. What you guys do here is great and I appreciate it more than you know. Definitely donating man keep up the good work and Happy Thanksgiving!

 

[argus]

Thanks