Malware infection: COM surrogate, dllhost, Trojan Poweliks versions, Adclick(?) on multiple computer
- Thread starter CESbio
- Start date
- Apr 24, 2014
- 3,395
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
First off, thank you for your help, this has been an incredible pain! Hoping I've done this right. Please find attached the Fixlog.txt. Thank you and looking forward to your response.
No random attacks in the last few minutes. Malwarebytes hasn't brought anything up in the last 5-10 minutes. Watching under Windows Task Manager, normally see a dllhost32 popping up with COM Surrogate. While the 32 part is gone, COM Surrogate continues to pop up.
- Apr 24, 2014
- 3,395
Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe
When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.
The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.
After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.
http://download.eset.com/special/ESETPoweliksCleaner.exe
When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.
The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.
After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.
Hi Argus,
ESET Poweliks cleaner noted Poweliks was not found. Sounds like the system might be clear then?
ESET Poweliks cleaner noted Poweliks was not found. Sounds like the system might be clear then?
- Apr 24, 2014
- 3,395
System is clean.
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
1st computer looks like a wrap. Thank you so much! For the second computer that's actually a bit worse off, do I need to start a new thread?
I'm sorry I don't understand the last part. Do I need to start a new thread for the second computer?
Ok, sounds good. The information on the second computer is listed under 2nd computer above. Should I start with the same process (FRST and addition)? The second system has an OS: Win8. Also, I'm worried that the peripheral Toshiba external drive may be moving an infection from one computer to the next. Any way to stop that so that I don't keep reinfecting computers?
- Apr 24, 2014
- 3,395
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
] MyCity - Official download link
Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
- Apr 24, 2014
- 3,395
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Just wanted to give an update. Cluelessly generated the same txt files from prior run as a 'save and run' and attached them (1st computer). Went back, deleted those files, then started where I was supposed to by downloading the FRST file, running, saving to same location on the second computer. Now going through the FRST Admin Fix scan. Seems to be taking a while (I don't know what a normal run time is like). Is there a point at which long becomes too long and I should stop and restart?
I apologize for the confusion on my end!
I apologize for the confusion on my end!
Fix done, system restarted. Please find attached the Fixlog as requested. Note that Malwarebytes continues to flash a series of outgoing.
Similar threads
