HELP REQUEST: dllhost.exe COM Surrogate Trojan

Hi.


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.






Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.
 

Attachments

No option to select Administrator
Ran "Fix"
No Fixlog generated
Both attached logs are in the same location (desktop)
 
Both files, FRST (tool) and fixlist.txt have to be in the same location or the fix will not work!

Double click the FRTS and click Fix



edit

You have downloaded fixlist
 
Last edited:
FRST & Addition were the only files generated from Scan and they are in the same directory.
 
You have downloaded fixlist?
 

Attachments

  • 2014-11-06_175223.jpg
    2014-11-06_175223.jpg
    110.2 KB · Views: 77
Sorry, I am not seeing a fixlist download link, only a reference to it with FRST
 
Still in progress, sorry for my confusion, I thought fixlist would be generated by FRST. My bad...
 
fine for now. I could end the trojan COM Surogates process proliferation and it would lay low for awhile then come back. SO it may take a day for me to be comfortable with it actually being gone. FWIW, I did notice that when it first became visible on Task Manager, it initiated with 8460K memory & spread from there with increasing amounts of memory consumption. I could end the process on the first one and kill them all. Sort of like an upside down pyramid.
 
You are happy, poweliks is backdoor, was not long in system.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
Looks like I sent you 3 donations of $40 ea. PayPal indicated error 2X. Must be the gods telling me it was worth it!! Thank you!!
 

You may also like...