HELP REQUEST: dllhost.exe COM Surrogate Trojan

[A26B]

Assistance requested. Topic says it all. Thanks in advance.

 

[argus]

Hi.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.






Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.

 

[A26B]

No option to select Administrator
Ran "Fix"
No Fixlog generated
Both attached logs are in the same location (desktop)

 

[argus]

Both files, FRST (tool) and fixlist.txt have to be in the same location or the fix will not work!

Double click the FRTS and click Fix



edit

You have downloaded fixlist

 

[A26B]

FRST & Addition were the only files generated from Scan and they are in the same directory.

 

[argus]

You have downloaded fixlist?

 

[A26B]

Sorry, I am not seeing a fixlist download link, only a reference to it with FRST

 

[argus]

 

[A26B]

Found it and Fix is in progress.

 

[A26B]

Still in progress, sorry for my confusion, I thought fixlist would be generated by FRST. My bad...

 

[A26B]

Fix completed. "Fixlog.txt saved. Should I restart now as advised?

 

[argus]

Yes, restart PC.

 

[A26B]

Back

 

[argus]

Run Eset Poweliks Cleaner.

 

[A26B]

"Threat not found, You don't have Win32/Powliks in your system"

 

[argus]

Ok, how's your computer behaving now?

 

[A26B]

fine for now. I could end the trojan COM Surogates process proliferation and it would lay low for awhile then come back. SO it may take a day for me to be comfortable with it actually being gone. FWIW, I did notice that when it first became visible on Task Manager, it initiated with 8460K memory & spread from there with increasing amounts of memory consumption. I could end the process on the first one and kill them all. Sort of like an upside down pyramid.

 

[argus]

You are happy, poweliks is backdoor, was not long in system.



Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[A26B]

Looks like I sent you 3 donations of $40 ea. PayPal indicated error 2X. Must be the gods telling me it was worth it!! Thank you!!