1 month ago I noticed my computer getting sluggish. After checking Task Manager I noticed MANY instances of dllhost.exe*32. All except the one WITHOUT *32 could be stopped manually, but would then reappear. On Nov 7th, I began backing up all my files to an external drive in preparation for a disk reformat. I also dabbled with the windows disk defragment tool but only got as far as the scan. Soon after starting to move files, I started noticing I could not open alot of files. I then saw the links to the Cryptowall Ransomeware site and realized I had been hacked. Upon searching for a solution, I cam uppon this website and a thread where TwinHeadedEagle had helped a person with the exact same computer specs and problems as me. So I follow the instructions. It helped ALOT. The dllhost.exe did not come back right away. I noticed that cryptowall ONLY encrypted files in the My Documents folder. Everything in Pictures and Videos was NOT touched.
dllhost.exe came back when I went into the MY Documents folder and opened an Excel file to see if had been encrypted. It indeed had been, and also dllhost.exe came back. I've run all the tools from this thread:
http://malwaretips.com/threads/2-issues-cryptowall-ransomware-and-multiple-dllhost-exe-32.36292/
But it has not cleaned my system. I ordered Windows 8.1 (because I couldn't find my Windows 7 CD) with plans to reformat. But I would still like to find out how and why this happened to prevent it in the future. I have been running Windows Security Essentials. It did find alot of malware and cleaned alot of the system once I ran a full scan. These are what it found:
Ransom:Win32/Crowti
Trojan:Win32/Malinject.gen!plock
VirTool:Win32/CeeInject
PWS:Win32/Zbot
TrojanDownloader:Java/OpenStream.BY
Exploit:Java/CVE-2013-0422
Trojan:Win32/Autoac!plock
Trojan:Win32/Dynamer!ac
Behavior:Win32/VawtrakA
VirTool:Win32/CeeInject.gen!KK
All that was BEFORE I followed the post by TwinHeadedEagle. Now, the scans DO NOT find anything.
dllhost.exe came back when I went into the MY Documents folder and opened an Excel file to see if had been encrypted. It indeed had been, and also dllhost.exe came back. I've run all the tools from this thread:
http://malwaretips.com/threads/2-issues-cryptowall-ransomware-and-multiple-dllhost-exe-32.36292/
But it has not cleaned my system. I ordered Windows 8.1 (because I couldn't find my Windows 7 CD) with plans to reformat. But I would still like to find out how and why this happened to prevent it in the future. I have been running Windows Security Essentials. It did find alot of malware and cleaned alot of the system once I ran a full scan. These are what it found:
Ransom:Win32/Crowti
Trojan:Win32/Malinject.gen!plock
VirTool:Win32/CeeInject
PWS:Win32/Zbot
TrojanDownloader:Java/OpenStream.BY
Exploit:Java/CVE-2013-0422
Trojan:Win32/Autoac!plock
Trojan:Win32/Dynamer!ac
Behavior:Win32/VawtrakA
VirTool:Win32/CeeInject.gen!KK
All that was BEFORE I followed the post by TwinHeadedEagle. Now, the scans DO NOT find anything.