Solved sysWOW64 virus?

[brickbuilder]

I have a problem on my computer, yesterday I noticed that at my house, COM surrogate was asking for my credentials. I remembered that at my college before then it (COM surrogate) was asking the same thing and I gave COM surrogate my password. It started happening last week and I'm actually confused.

I opened up task manager earlier and realized that there were two/three COM surrogates running and two/three dllhost.exe's were running too.

My computer is starting to become slower day by day and hour by hour.

I ran AdwCleaner and nothing showed up, Zemana and one small virus came up, Malwarebytes and nothing showed up, and avast scan and boot and several repairs happened, and CCleaner to help out a bit. Farbar Recovery Scan Tool is doing its thing right now, but I'm turning to you for help.

Could you please help me?

 

[TwinHeadedEagle]

Hello,


Check Disk

• Press the
  
  on your keyboard. Type cmd and right click >> Run as Administrator.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the
  
  + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

 

[brickbuilder]

Right now the disk check is stuck at 10%. Should I give it more time?

 

[TwinHeadedEagle]

That's not good. If it doesn't finish reboot your PC.

 

[brickbuilder]

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          11/14/2016 7:36:18 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-NE7SHCJ
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x2d181.
  546048 file records processed.                                                        

File verification completed.
  12568 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
  642526 index entries processed.                                                      

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 3412 unused index entries from index $SII of file 0x9.
Cleaning up 3412 unused index entries from index $SDH of file 0x9.
Cleaning up 3412 unused security descriptors.
Security descriptor verification completed.
  48240 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  546032 files processed.                                                              

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  167607579 free clusters processed.                                                      

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 961761279 KB total disk space.
 290483796 KB in 377987 files.
    198772 KB in 48241 indexes.
         0 KB in bad sectors.
    648391 KB in use by the system.
     65536 KB occupied by the log file.
 670430320 KB available on disk.

      4096 bytes in each allocation unit.
 240440319 total allocation units on disk.
 167607580 allocation units available on disk.

Internal Info:
00 55 08 00 74 80 06 00 f4 fb 0b 00 00 00 00 00  .U..t...........
ee 08 00 00 6d 00 00 00 00 00 00 00 00 00 00 00  ....m...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="[URL]http://schemas.microsoft.com/win/2004/08/events/event[/URL]">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-15T01:36:18.382378400Z" />
    <EventRecordID>12978</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-NE7SHCJ</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x2d181.
  546048 file records processed.                                                        

File verification completed.
  12568 large file records processed.                                  

  0 bad file records processed.                                    


Stage 2: Examining file name linkage ...
  642526 index entries processed.                                                      

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 3412 unused index entries from index $SII of file 0x9.
Cleaning up 3412 unused index entries from index $SDH of file 0x9.
Cleaning up 3412 unused security descriptors.
Security descriptor verification completed.
  48240 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  546032 files processed.                                                              

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  167607579 free clusters processed.                                                      

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 961761279 KB total disk space.
 290483796 KB in 377987 files.
    198772 KB in 48241 indexes.
         0 KB in bad sectors.
    648391 KB in use by the system.
     65536 KB occupied by the log file.
 670430320 KB available on disk.

      4096 bytes in each allocation unit.
 240440319 total allocation units on disk.
 167607580 allocation units available on disk.

Internal Info:
00 55 08 00 74 80 06 00 f4 fb 0b 00 00 00 00 00  .U..t...........
ee 08 00 00 6d 00 00 00 00 00 00 00 00 00 00 00  ....m...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[brickbuilder]

My computer is slow at start up, but after giving it a while, it seems to run smoothly. COM surrogate hasn't popped up.

 

[brickbuilder]

So is it okay?

 

[TwinHeadedEagle]

Yes, your computer isn't infected.

 

[brickbuilder]

Thank you very much for helping me out!

 

[TwinHeadedEagle]

Since there are no more problems, we can declare this PC clean

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:

• Simple and easy ways to keep your computer safe and secure on the Internet

Maintenance tips:

• Optimize Windows for better performance

Additional software that I personally use and install on all my clients devices:

• Zemana AntiMalware (paid version highly recommended) - to work as a supplement for your antivirus but with excellent remediation and protection
• Zemana AntiLogger - keep everything you type on keyboard out of sight of bad guys trying to steal your credantials
• Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
• McShield - to prevent infections spread by removable media.
• Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
• Adblock - to surf the web without annoying ads!
• Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[brickbuilder]

Thanks again!