malicious website blocked outbound process windows\syswow64\dllhost
- Thread starter Lulu
- Start date
- Apr 24, 2014
- 3,395
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:
Start
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {c09c1372-6165-11e0-b39f-d48564bb91b1} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {d709d7ba-fa53-11df-adbf-d48564bb91b1} - K:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...\MountPoints2: {d709d7c1-fa53-11df-adbf-d48564bb91b1} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2625895798-646920419-2108830663-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
HKLM-x32\...\Run: [] => [X]
EmptyTemp:NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
my computer keeps blocking downloads but I fixed that however the fixlist txt is just a text file - nothing to click for "run" sorry I am being a pian. you put a link above from my computer do I need to follow that to find a run?
Run FRST/FRST64 and press the Fix button just once and wait. this is where I am confused - there is nothing to run was I suppose to have this on my computer already?
so what do I need to do? and when you say it blocked malware - what does that mean - Oh I can't even imaging doing what you do
ok I did that it is just words again - changed it to fixlist.txt and it is next to the FST on my desktop but I did not get the picture you posted for me
Similar threads
