Computer Support Forum

Trojan.Powelik, I think. COM Surrogate in Task Manager

Question: Trojan.Powelik, I think. COM Surrogate in Task Manager

Hello,
I've seen you solve other people's problem with this difficult malware. I would be extremely grateful if you could work the same magic for me.
Thank you in advance.
Loronin

More replies
Relevance 100%
Preferred Solution: Trojan.Powelik, I think. COM Surrogate in Task Manager

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 93.07%

Anything you can do to help would be greatly appreciated. I reloaded this system in Aug and really don't want to do that again so soon. Both Norton Security Suite and MS Security Essentials have been updated and scans have been run but neither program detects the virus. Please Help - Thanks!
 

Answer:trojan.powelik and COM Surrogate

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 91.84%

Hey guys I have been running into some issues while doing virus cleans on a couple computers I am working on. These two computers share the same symptoms in that they are both constantly being barraged by Trojan Powelik/adclicker intrusion attempts from 'f0fff0.com' and other random IPs as called out by Norton IS. They are really giving me a hard time because I have run every scanning tool I can think of and the problem still persists. I have attached logs from both computers below (labeled 1 & 2 respectively). Any help would be appreciated.
 

Answer:Trojan.Powelik/adclicker COM surrogate(s)

Ok so it seems I have solved my own problem. Here are the resources I used to kill it >>> http://kb.eset.com/esetkb/index?page=content&id=SOLN3587. Apparently ESET makes a standalone Poweliks cleaner and guide for removal. So in case you need something to recommend people do in the future you can point them here.
 

1 more replies
Relevance 91.84%

I have windows 7 64 bit system hp pc. Ran dds tool and am attaching dds.txt and attach.txt.  CPU usage skyrockets and many process lines show COM surrogate running.  Also Norton blocks Trojan pwelik and notifies of high CPU usage.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Brian II at 12:12:51 on 2014-11-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4001.1692 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceN... Read more

Answer:dllhost .exe COM surrogate and Trojan Powelik

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

23 more replies
Relevance 91.84%

Would really like help removing this from my computer!
 

Answer:dllhost.exe*32 com surrogate powelik trojan

Hi,
Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

15 more replies
Relevance 91.84%

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Kristin (administrator) on CROSSMAN on 01-11-2014 20:29:47
Running from C:\Users\Kristin\Downloads
Loaded Profile: Kristin (Available profiles: Kent Crossman & Kristin & Tyler England)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Windows\System32\dmwu.exe
(Microsoft Corporati... Read more

Answer:need to remove trojan:powelik and com surrogate

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 91.84%

Hi, I've recently been affected by this. I've tried multiple ways to try to eliminate this by reading other posts/fixes but I can't shake it. As mentioned, multiple dllhost.exe processes keep popping up. I try to maintain them by ending them before my computer completely freezes. If I leave it for too long, the fan goes haywire and my laptop starts heating up. I've been turning off my internet access when doing offline tasks, but that's just a delayed fix.

I've ran MalwareBytes in SafeMode but nothing was found. I tried running FRST fix but after running it for 12+ hrs I gave up and canceled it. I've scanned with Norton 360 and nothing. Although today it finally found something and removed it but didn't fix the issue. There's constant instances of Norton blocked Trojan.Powelik and Web Attack Angler Exploit Kit Website 12 etc. Also, I occasionally I get PowerShell (or something along those words) has stopped working. Internet Explorer occassionally tends to crash or freeze.

As of now, I am unable to download any files. The only workaround I've found was to either download them to my phone and transfer them or to upload them to my Google Drive and then download.

Also, this is an issue that pre-dates the current one; I am unable to install any HP Updates when the computer prompts me. Some programs and their directories have been altered and cannot be opened by the shortcuts or cannot be found by their icon name (? - I doubt th... Read more

Answer:Need help with dllhost.exe *32 / COM Surrogate/ Trojan.Powelik

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 91.84%

Like many others on the forum, I am experiencing multiple COM Surrogate processes running in task manager with constant notifications from Norton that Poweliks and AdClicker are being blocked. The initial infection seems to have occurred on 24 Oct 2014. I have attached the files from my FRST results to this post. Any help you can provide is most appreciated.
 

Answer:Trojan.Powelik Activity and COM Surrogate

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 91.02%

I would greatly appreciate any help you can provide in cleaning up my pc. I am by no means an expert but I can follow directions and hope to learn something from this experience.
 

Answer:dllhost*32.exe / com surrogate problem/ Trojan.Powelik.E?

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

27 more replies
Relevance 90.61%

I tried to download the FRST scan like it says to but Norton 360 said it was a threat and removed it automatically. I do not know how to keep it from removing it. I am scared to disable Norton because the attacks won't be blocked anymore and I don't want it to make my computer worse and steal my information.

Norton Performance Alerts I have recently had include:

High CPU Usage by: Windows host process (Rundll32)
Blocked an attack by: Web Attack: Malicious File Download 24 (this was after I tried to download FRST so that may have been that but I am not sure)
High Memory usage by: Systray.exe stub
High CPU usage by: CTF Loader
High Memory usage by: Microsoft DirectPlay8 Server
High Memory usage by: IAStorDataSvc
Norton blocked an attack by: Web Attack: MSIE XMLDOM ActiveX CVE-2013-7331
Norton blocked an attack by: Web Attack: Magnitude Exploit Kit Website 2
Also the blocked attacks of trojan.powelik activity, trojan.adclicker, and there was another trojan one but I did not get the chance to write it down.

Twice today a pop up appeared saying Windows powershell stopped working.

Some of these have been popping up as I am writing this post. This is ridiculous. Please help me!

By the way, I have no idea what most of these terms mean.
 

Answer:Trojan.powelik, trojan.adclicker, web attacks, COM surrogate & more!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 89.79%

CPU usage 100%. It's getting worse constantly!! I do not know how to get rid of this virus. I do not want have to buy a new computer. I have been looking online all day for a solution and none have worked. I had to go in to safe mode to be able to down FRST, and FARBAR. Computer said my security settings wouldn't allow the download...even with Norton disabled?? Any help would be great. Thanks.
 

Answer:Trojan.powelik dllhost.exe high usage by COM Surrogate

I really need some help here. The trojan ad.clicker just came up and so did the ffeee thing. Please help!
 

7 more replies
Relevance 89.79%

I started having issues with Intrusion attacks, Ad-Clicker/tosearch.biz etc. It's robbing my memory and its slowing my computer down. I tried ad-aware, ccleaner, and malwarebytes. I just don't know how to find the issue. Could you please help me!
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by John C at 16:33:14 on 2014-11-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.1292 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\sy... Read more

Answer:System Infected: Trojan.Powelik and COM Surrogate using up memory

Hello and welcome to Bleeping Computer! My nickname is Pystryker , and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with youIf you are receiving help for this issue at another forum, please let me know so I can close this thread.Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may in... Read more

24 more replies
Relevance 88.56%

Hi
I hope you can help me on this, I'd really appreciate it.
I will patiently await your response.
Thank you.
 

Answer:Trojan.AdClicker, Trojan.Powelik, COM Surrogate, etc.

I forgot to mention one more thing, I noticed my Internet Explorer's Security Settings gets changed to Custom, and uncheck Enable Protected Mode.
 

9 more replies
Relevance 87.33%

Computer has turned into a turtle after being plagued with multiple COM Surrogate processes as well as Google Chrome processes which consume 99% of my CPU, and replenish themselves faster than I can end them.

Whenever I manage to close all the processes of COM Surrogate, Windows Powershell appears on the task manager, disappears, and then shortly after more COM Surrogate processes appear. Not sure if significant. FRST logs attached to thread. Please help me im desperate.
 

Answer:Mushrooming COM Surrogate (dllhost.exe) Trojan.Powelik warnings, frequent crash notifications for IE

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 82.82%

Thank you for any assistance that you may provide.
 

Answer:trojan.powelik activity, trojan.addclicker activity, and Com surrogate crash

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 77.49%

Hi,
I think my pc is infected with a virus. My pc is really slow sometimes since yesterday.
In task manager there is 2 times COM SURROGATE...
Is this the virus?
Can anyone help me to delete the virus?
I'm running Windows 10.
Malwarebytes rootkit scanner doesnt detect anything.

Thankyou!
Lucas
 

Answer:Double COM SURROGATE in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

4 more replies
Relevance 77.49%

These multiple DLLhost.exe entries in Windows Task Manager keep multiplying and multiplying. Any games or programs I use in full screen mode get minimized. I never had an issue until I started noticing this when checking task manager. I checked another laptop and a desktop and they show no such surrogate entries. Even as I'm typing here, the cursor will stop blinking as if another program is loading in the background. Microsoft Security Essentials and Malawarebytes Premium have not been able to get rid of this.

I appreciate your help and expertise. Thank you.
 

Answer:Several DLLhost.exe COM Surrogate in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 77.49%

Hi,
I think my pc is infected with a virus. My pc is really slow sometimes since yesterday.
In task manager there is 2 times COM SURROGATE...
Is this the virus?
Can anyone help me to delete the virus?
I'm running Windows 10.
Malwarebytes rootkit scanner doesnt detect anything.

Thankyou!
Lucas
 

Answer:Double COM SURROGATE in task manager

For help make a post here. http://malwaretips.com/forums/malware-removal-assistance.10/
 

2 more replies
Relevance 77.49%

Hello, I've had several warnings by Norton Security Suite within the past week or two that a trojan has been blocked. However, after the latest trojan block, I soon after received a warning from Norton that COM SURROGATE was using a lot of memory. Upon checking task manager, I counted at least (10) dllhost.exe (com surrogate) in the list. I did a system restore to several days before. So far I haven't noticed any ill effects, but ask for help to determine if I am indeed trouble free. Thank you in advance!
 

Answer:Several dllhost.exe / com surrogate in task manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 76.67%

Today I noticed a Com Surrogate in task manager that shows up every so often.
Is this normal? How can I tell if this is a virus?

Would appreciate some help.
Thanks in advance.

Answer:Com Surrogate - shows up now and again in the task manager - virus?

Hi:

Same computer as the one here: Question about Com Surrogate ?

If so, the answer then would probably apply now, as well.

Cheers,

MM

3 more replies
Relevance 76.67%

the addition.txt will be on next reply
the addtion.txt

Answer:Hi How to fix the multiple com surrogate in task manager two of them disappear

Please help me how to fix this

0 more replies
Relevance 76.67%

the addition.txt will be on next reply
the addtion.txt

Answer:Hi How to fix the multiple com surrogate in task manager two of them disappear

Please help me how to fix this

4 more replies
Relevance 76.67%

I have had TwinHeadedEagle help this last week at this link: http://malwaretips.com/threads/fake...dont-even-have-google-chrome-installed.35660/

It worked to remove fake google chrome malware, but now I have in the task manager under processes tab, many "dllhost.exe.*32" with description "COM Surrogate" that is basically doing the same thing as the other one. I try and end their process, but they just keep coming back. I tried to download the zoek.exe, and even after I disabled my antivirus, it said my security settings wouldn't allow the download, so I can't run the scan!

Help! Attached is what it looks like in my task manager and also, what it looks like in volume mixer.
 

Answer:FAKE COM Surrogate in task manager (dllhost.exe*32)

Hello,

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

9 more replies
Relevance 76.67%

Hi there,
I'm fixing a computer for a local business and they said it has been running extremely slow recently. Scanned it over, removed the typical trojans/viruses but it was still running slow. Looked in task manager and found multiple instances of dllhost.exe *32 running. They each took a lot of CPU and memory up. Once I end one of the processes another one starts up. All antivirus is up to date and everything has been scanned but nothing is picking it up. What could it be?
 
I have been able to rightclick - end process all of them for a little bit. I monitored the processes and they were fine for about 10 minutes then all 20 instances of the dllhost.exe*32 popped up again and starting rising in memory and cpu it took up.
 
And yes I have tried multiple solutions to try and fix this so you will see weird programs in the log.
Thanks in advance
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267
Run by ROBERT at 23:31:16 on 2014-09-07
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.5943.1856 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.e... Read more

Answer:20+ instances of dllhost.exe*32: COM Surrogate in task manager

Hello,
 
Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool ... Read more

6 more replies
Relevance 75.85%

Kids have been using the home PC for homework & we believe we caught a bad webpage (opened multiple times with showing any text). Since that time, multiple dllhost.exe *32 Processes open upon using the PC, causing to be VERY slow & eventually not work at all. Have made various attempts to find the virus to no avail, including a full McAfee scan. Downloaded FRST64.EXE to a USB drive on another PC (wouldn't let me download on the home PC because it said I didn't have administrator rights!!!). Used the USB drive copy to run the scan on the home PC. Attached are needed files. Please help us correct this issue!!
 

Answer:DLLHOST.EXE *32 Com surrogate - multiple sessions in Task Manager

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 75.85%

Hello, I've seen a few topics relating to my problem but wasn't sure if the steps are exactly the same for each person or if they are customized from problem to problem.
 
I'm running windows 7 and as other users have stated, my computer was running slowly, freezing up periodically and minimizing programs I was using. I checked task manager and at that time I saw many dllhost with description COM surrogate running, and trying to end the processes they just kept appearing again. At that time I had AVG as my antivirus and malwarebytes. Only AVG detected the file but it could not delete it. I then uninstalled AVG and changed my antivirus to Bitdefender and that seemed to have stifled the symptoms although I don't believe it ever fixed the problem. My computer was running smoothly for about a week and now I have a filename uirrvmzweu.exe with description google chrome. My computer symptoms are about the same as they were when the dllhost process was running. They both act very similar as far as I can see.
 
Any help would be much appreciated, thank you.

Answer:COM Surrogate and google chrome processes in task manager

Welcome njsLets start with this ...Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.Next run Autoruns.Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.txt).Please attach the text file to your next reply.

15 more replies
Relevance 75.85%

Using window 8. I'm just an average user with average knowledge w/ computers. There were 2, now 3, COM Surrogate Processes running in my Task Manager, they disappear after around 3 secs. I tried to delete them at this time, but restarting Task Manager will spawn them again and then disappear. When I right click any of them, they lead to Windows System32 Folder, file is dllhost.
START>>>3 months ago, I may have accidentally clicked an ad. Then my wallpaper changed to black. I fixed my background. But after some weeks, my internet traffic seemed to slow down even though I don't have slow internet. Then when I open the laptop, it automatically connects to the net even though I uncheck the "connect automatically" setting in Wi-Fi.
And my windows sometimes deselects, you know, when you need to click the window to acquire control again.
 
Now, I got the VERY FIRST spam in one of my email accounts, and that account HAVEN'T GOTTEN ANY spam for years until THAT time.
 
And my other email account too started acting weird, Yahoo said they got weird activity and I should change my password.
The exact same thing happened with my Sony account too, they asked me to change my password for my safety cuz of some weird activity.
Youtube videos stop buffering midway, need to refresh...
ALL OF THESE THINGS doesn't occur before the 'infection'.
In the last 2.5 months, I've been researching 'bout this virus, and downloaded many types of antiviruses o... Read more

Answer:Multiple(3) COM Surrogate(dllhost?) in Task Manager Pocesses

uhm, anyone?

20 more replies
Relevance 75.03%

Hi, I am also having the same problem it seems as the others are. When I ran sophos, it detected and removed poweliks. All of the virus scans I did come up clean, as well as the rootkit scan I did. When I did combofix, it cleaned some temp files and the problem got a bit better. Not as high cpu usage, but I still get the dllhost coming up. Want to make sure that I am clean. Can you please take a look Thank you!

Update: 10/30/14 Still having the same problem. Multiple Dllhost, com surrogate popping up again. Sounds like something in my machine.
 

Answer:Dllhost. Com Surrogate, Powelik Please Help Thank You!

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

12 more replies
Relevance 75.03%

Windows7 - HP Pavilion dv6
I get multiple ddlhost.exe if I start with networking turned on.  In Safe mode without networking, everything seems fine.
Ran DDS and here are the results: Please Help....Thx..Kevin
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.67.2
Run by the Diehls at 19:14:33 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1905 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated*
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Topics inTopics */
google_ad_slot = "8738858284";
google_ad_width = 728;
google_ad_height = 90;
//99
SP: Norton Security Suite *Enabled/Updated*
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Topics inTopics */
google_ad_slot = "8738858284";
google_ad_width = 728;
google_ad_height = 90;
//88
SP: Windows Defender *Disabled/Updated*
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Topics inTopics */
google_ad_slot = "8738858284";
google_ad_width = 728;
google_ad_height = 90;
//77
FW: Norton Security Suite *Enabled*
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Topics inTopics */
google_ad_slot = "8738858284";
google_ad_width = 728;
google_ad_height = 90;
//66
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k Loca... Read more

Answer:Dllhost.exe com surrogate - Powelik

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

35 more replies
Relevance 75.03%

My computer got hit with another malware. dllhost.exe *32 COM Surrogate processes in task manager slowing computer down.
 

Answer:dllhost.exe *32 COM Surrogate processes in task manager slowing computer down

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

10 more replies
Relevance 74.21%

Not unlike many of the users on the forum, I find my laptop plagued with multiple COM Surrogate (32 bit) processes running in task manager. Norton continually notifies me of Poweliks and AdClicker intrusion activity since Friday.
 

Answer:Powelik/AdClicker/Com Surrogate Issue

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 73.39%

Virus got to my computer.  Running Windows 7,  64 bit.  I have not downloaded any tools nor started any scans.  Thanks for your help.

Answer:Same as everyone else tonight: Com surrogate/Powelik/dllhost issue

Hello kcm16 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

8 more replies
Relevance 73.39%

The issues with this computer appear to be similar to those that several other people have posted here. I'd appreciate any help you could provide. Thanks.
 

Answer:Powelik and AdClicker malware/COM Surrogate issue

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

13 more replies
Relevance 72.57%

having some major issues. Tried all sorts of antivirus software and none of them detect!

Attached frst and addition per your request.

Thanks for the help!
 

Answer:Powelik and AdClick messages from Norton w/ many dllhost and com surrogate

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 72.57%

As the title states, i'm getting messages involving these issues, seems to be initiating from c:\\windows\SysWOW64\dllhost.exe . I also see "malicious website blocked" that points to fff5ee.com and searchnet.blinkxcore.com.

The dllhost*32 COM Surrogate keeps replicating and bogging the system down. I've seen it in here countless times, but all the threads say the fixes are specific to individual machines, so here I am. Thanks for your help.

Here are the requested attached text files.

Jyoung927
 

Answer:dllhost*32 COM Surrogate, fff5ee.com, possibly powelik intrusion?

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
===========================================


Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If ma... Read more

20 more replies
Relevance 72.57%

Hello BleepingComputer forum. Sorry if this isn't in the correct format for a help post, but I'm pretty sure my laptop has a Powelik infection, though I can't tell at all how it got there. I've already taken the liberty to run ESET Powelick Remover, which confirmed and deleted most of the dll processes, but there are some still remaining. If the Powelick Remover file is needed, I will post it on here. Could someone please help me with this? I'm quite literally afraid of my laptop being damaged.
 
EDIT: I would also like to note that this issue seems to be tied to internet connectivity. If I allow my laptop to connect to WiFi, I receive a barrage of notifications from ESET about websites being blocked, and there is an increase in dllhost.exe processes running. When the WiFi is disconnected, the issue seems to decrease.
 
EDIT 2: Also, should I shut down the laptop while I am not using it or it is running scans/fixes? Or should I leave it on? I'm still not letting it connect to the internet again.
 
EDIT 3: I don't know if it is worth noting, but I was watching the task manager, and a c++/c program called 'toast' quickly ran and ended while my computer was having issues. Is this connected at all to the Powelik issue?

Answer:Powelik Infection. Multiple dllhost.exe COM Surrogate proccesses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555090 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

33 more replies
Relevance 72.57%

+++++First FRST64 run.........
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Anonymouse7 (administrator) on ANONYMOUSE7-PC on 15-11-2014 14:51:01
Running from C:\Users\Anonymouse7\Desktop
Loaded Profile: Anonymouse7 (Available profiles: Anonymouse7 & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Micros... Read more

Answer:Possible multiple infections dllhost.exe *32 Com Surrogate in sysWOW64 dir, Powelik etc

Bump - adding Eset and Combo results files.
 

12 more replies
Relevance 68.06%

Hello, this morning I was checking all the things on my computer just to clean up and I found two "COM Surrogate" processes running. I googled it and another name for it is, dllhost.exe 32 or something of the sort, I'm sure you may already know. I've scanned with Malwarebytes twice now, one regular scan, and now a scan with the rootkit search part enabled.

Please help, thanks!!
 

Answer:I have a "COM Surrogate" in task manager and malwarebytes can't find it

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 62.73%

My Dear,
My laptop was trojan effected and i removed it by trojan hunter....but my task manager was not working.when i pressed alt +ctrl+del then a message comes like your task manager was disabled by administrator.plz recomend me, How to enable it ????hope i ll get a better replay.....plz help me out..........................
 

Answer:task manager was disabled due to trojan

7 more replies
Relevance 62.73%

Hi, experts!
I had a trojan that Norton couldn't do anything with, and I think it's disabled Task Manager and regedit (disabled by admin apparently, but that's me, and I haven't touched it!).
Reading around the forum, I took a HijackThis scan, and here's the log (hope someone can help me!):

Logfile of HijackThis v1.99.1
Scan saved at 12:12:28, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Syste... Read more

Answer:Trojan can't be removed, Task Manager gone

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Since it has been a few days since you first posted, please download ComboScan and save it to your Desktop. Double-click on comboscan.exe and follow the prompts. Please note that some firewalls may warn that sigcheck.exe is trying to access the Internet -- please allow it. When it has finished, ComboScan will open Notepad with a log file -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) this logfile as your reply.

Additionally, a folder will open with two text files. Please attach the Supplementary.txt file with your reply. To attach a file to a new post, simply:Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
Copy and paste the following into the "Upload File from your Computer" box:C:\ComboScan\Supplementary.txt
Click Upload.

Thank you.

14 more replies
Relevance 62.73%

A Trojan has disabled my Task Manager, every time i re-enable it in the reg it is instantly disable before i can delete the offending file i really am in a mess with this and dunno what to do.

I have tried to remove the file using various trojan removers but as it is currently running it wont remove.

The file starts up with windows and i cannot remove it from the start up list.

I have a 120gb Hdd that is almost full so a format is out of the question, any help would be much appreciated.
 

Answer:Trojan has disabled Task Manager

9 more replies
Relevance 62.73%

Hello
 
I'm having a malware problem where the cpu is running constantly at 100%. Every time i go in to task manager i see the cpu power down to normal levels (2-10% usually). I've seen posts about this in older operating systems, where it was an easy fix by removing the file "igfxupdate.exe", but it doesn't exist on my computer. It was said to be a trojan malware.
 
Here's what i've already tried. I have run the following virus/trojan/etc. removal programs;
   - Malwarebytes
   - PandaAV
   - adwcleaner
   - Security Check
   - Rougekiller
   - Emsisoft
   - SuperAntiSpyware
   - AVG
   - CCleaner
   - IObit Malware Fighter
I also tried following the instructions in an older post, but that required using ComboFix which isn't supported in windows 10.
 
Just for clearance, it isn't just a problem with my computer being old and slow. It's a Lenovo 550s workstation with an intel core i7, 12GB ram and I've only had it for a week! I have no idea where the virus came from, since I've only installed programs that i had on my old computer (only using the official program sites for downloads). I haven't been to any suspicious sites or as i said downloaded something i didn't already use. It seamed like the virus began as soon as i upgraded from windows 8.1 to 10, to days after i got the computer (but that could just be a coincidence). 
 
Anyways, here's my log fr... Read more

Answer:Trojan using 100% cpu when not in task manager | Windows 10

Hello and welcome to the Malware Removal Logs area My name is Alexstrasza and I will assist you with your problem. You can call me Alex Before we begin, there are a few things I want to make sure you know:I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.Make sure to read my instructions fully before attempting a step.If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.Important information in my posts will often be in bold, make sure to take note of these.I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.Shall we begin then?===Please post the Addition.txt that FRST produces on its first run alongside FRST.txt. Thank you.Regards,Alex

8 more replies
Relevance 62.73%

I'm helping a friend with their Compaq which is running Win XP Home. I tried Spybot: Search and Destroy and Stinger, with no success. I can reach Safe Mode, and I used Hijack This! to make a log file. What do I need to remove from here? ( I know, I already used spybot to remove 840 pieces of spyware!)

Every instance of C: had its colon removed because of the way I copied and pasted. Mass surgery, but it's still readable.

Logfile of HijackThis v1.98.2
Scan saved at 1:01:07 PM, on 8/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C WINDOWS\System32\smss.exe
C WINDOWS\system32\winlogon.exe
C WINDOWS\system32\services.exe
C WINDOWS\system32\lsass.exe
C WINDOWS\system32\svchost.exe
C WINDOWS\System32\svchost.exe
C WINDOWS\Explorer.EXE
C WINDOWS\system32\spoolsv.exe
C WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C WINDOWS\System32\UUSZSJDAWZ.EXE
C Program Files\syslaunch.exe
C WINDOWS\System32\kmqdzjqc.exe
C WINDOWS\System32\qpdjrl.exe
C Program Files\Common Files\WinTools\WToolsA.exe
C WINDOWS\System32\PackethSvc.exe
C WINDOWS\system32\pctspk.exe
C PROGRA~1\COMMON~1\tsa\tsm.exe
C Program Files\Internet Explorer\iexplore.exe
C Program Files\Common Files\WinTools\WSup.exe
c progra~1\intern~1\iexplore.exe
C Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C Program Files\Internet Explorer\iexplore.exe
C Program Files\Internet Explorer\iexplore.exe
C PROGRA~1\COMMON~1\tsa\ts.exe
C Program Files\... Read more

Answer:Trojan closing Task Manager- which is it?

Hi and welcome to TSG,

Download the LPS Fix:

http://cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of inetadpt.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode and delete:

The C:\windows\system32\inetadpt.dll - file

Please download and run the following programs:

CWSHREDDER

http://www.majorgeeks.com/download4086.html

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

Then restart your computer.

IMPORTANT! To help prevent this from happening again, you should install all the Microsoft security patches and critical updates.

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search &a... Read more

1 more replies
Relevance 62.32%

Attached is my FRST files
 

Answer:Trojan.Powelik, Trojan.Adclicker, and Bogged down computer

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

2 more replies
Relevance 61.91%

Hi !

I am stuck with a virus no software i know can help me get rid of.
it blocks my regedit and task manager
and blocks access to many anti-spyware programs as well.
I don't know if that's related but my windows partition's free space keeps
getting smaller even after i cleared around 2 gigs.
I looked it up on the net but nothing i read helped me...
Thanks in advance for any help about it guys.
Have a nice day.

Answer:task manager disabling virus or trojan

Boot into safemode with networking.

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,
Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.
Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-... Read more

9 more replies
Relevance 61.91%

Dear Friends,

I am regular reader of techsupportforum but this is the very first time I post...and for the worst reasons...

I believe my computer has been infected with a trojan/virus. My Task Manager doesn't work (has been disabled) and the same happens for regedit and anti-vir. Spyware terminator detects a backdoor.backdoor.gen but the file can't be deleted. I tried to kill it on "safe mode" but it is not working too. Once in while a message pops up saying that the NT Authority will shutdown the computer in 60 seconds and to save your work.

As I run out of ideas (and skills) to remove this "little *******" I decided that was a time to ask for expert help.

Any kind of help will be highly welcome. It will be much appreciated.


Virus/Trojan/Spyware Removal Help


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sergio Fonseca at 18:37:01,50 on 06-07-2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.351.2070.18.1022.478 [GMT 8:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-... Read more

Answer:Trojan/Virus on Task Manager, Regedit & others

I don't know if it is useful but I attached my Combofix scan result...

Thank you,

2 more replies
Relevance 61.91%

Hi. For some reason I can't get certain programs to run from my desktop. One of these is Windows Task Manager as it acts like it will work, but won't run. Another file this happens to is combofix. I have AVG and Bitdefender installed and Bitdefender's scan always produces a "Trojan.Peed" which it can't delete, quarantine, or move. Could that possibly be the problem?? In addition, here is my hijackthis scan. Any help you could give me would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:05:18 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidD... Read more

Answer:Trojan.Peed and No Windows Task Manager

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

1 more replies
Relevance 61.91%

The last few times I've started up my computer, I've noticed a strange .dll file running - and my CPU usage spikes to 100% I'm thinking this is a virus, ad-ware, or a Trojan Horse. I have run all my ad-ware, it is up to date - it's removed everything. I have all my Windows 2000 Pro. Security Updates from Microsoft. I have no new programs running that would explain where this came from. The .dll file changes names each time I start-up the computer...usually a combination of letters and numbers.dll.

The last one was: DFEBFE1.dll. Each time the whatever.dll comes up, I type it into Google to search it - and nothing comes up anywere. This is what makes me think this is a Virus/Trojan Horse.

I have run all my spyware/ad-ware removers and they are up-to-date. My Virus Scanner (Norton) is up-to-date and detects no viruses.

I've even run an online scan at housecall.trendmicro.com - NOTHING.
PLEASE HELP!!! Any ideas???

Lesley
 

Answer:Odd .dll in Windows Task Manager - Virus? Trojan?

go to http://www.thespykiller.co.uk/files/HijackThis.exe and download 'Hijack This!'.
make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

3 more replies
Relevance 61.91%

DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Owner at 21:53:32 on 2012-11-19
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.639.176 [GMT -5:00]
.
.
============== Running Processes ================
.
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\system32\netdde.exe
C:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Program Files\Analog Devices\SoundMAX�... Read more

Answer:task manager disabling virus or trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

12 more replies
Relevance 61.91%

I have been tricked to install active x instead i installed blackbird trojan it has blocked my task manager and i keep getting pop ups that i got spy ware where do i start to remove it.
 

Answer:BlackBird Trojan? Task Manager Locked

Since you are already getting help at the below forum, this thread is closed. In the future please do not cross post to multiple forums as it wastes the time of multiple malware removals and there are not that many of us.

http://www.geekstogo.com/forum/BlackBird-Trojan-Trick-t196239.html&pid=1224320
 

1 more replies
Relevance 61.91%

I'm usually ok getting rid of trojans, viruses etc. and yesterday I got a laptop running for someone I know, with help from ERD 5.0, that wouldn't boot, and had 0k free space. Once the laptop was booting up, I downloaded ccleaner, using my own laptop, onto a usb drive, plugged it into the other laptop, and ran the setup. The idea was to free up some space on the C: drive. Ccleaner setup ran for about 5 seconds then closed down before it was installed.

I tried to download it after making some space on the now-working laptop, but I got a message saying "Use internet explorer you dope".

I put the usb \ pen drive into my (normally) bullet proof laptop, where Bitdefender always 'sees' the drive and says"Usb drive detected. Do you want to scan for viruses" or something similar. The message didn't appear, and the Bitdefender icon went grey.

After some googling, running Bitdefender Online Scan, Superantispyware and MalwareBytes Antimalware, it turned out I'd picked up 'killer.exe' plus 'funny ust scandal virus.avi.exe' plus 'win32.sality.og' plus 'worm.io.35163' plus 'trojan.autorun.nd' plus 'executes c:\smss.exe'

Bitdefender managed to upload them to their lab but not heard back yet.

The 2 antimalware progs found them but rebooted before I had a chance to check what Startup Monitor was telling me. I'm guessing that they needed permission to delete what they'd found on b... Read more

Answer:Trojan killed regedit, task manager and more

Is there anyone who knows how to fix these please ? ? ?

I also get Firefox redirections like the post below, and the bsod if I start in Safe mode. I ran superantispyware and mbam but they get shut down just before they remove the malware

I also tried to view hidden files and folders but whatevers on my pc won't let me 'apply' so it reverts to hidden.

Plus my C: drive has an unsual icon now : A windows symbol on top of a blue \ grey hard drive.

I know this site is busy with previous requests, so while I'm waiting I tried to goto trendmicro's online scanner and pctools for the same reason, but both seem to be blocked by something as Firefox doesn't load the pages.

2 more replies
Relevance 61.91%

Hi All,

Just yesterday I encountered a problem that all of a sudden I would get SAV security alert that I have downloader (Trojan). Unable to quarantine/Access denied. I Disabled the systems restore and logged back on in the safe mode. Ran SAV, It found it and quarantined it. But then when I go to the Internet it comes back. I am unable to get ride of DownLoader Trojan. Then I found out that I am unable to do Ctrl+Alt+Del to get into Task manager. It says Task Manager has been disabled by your administrator. I checked all the registry keys and Group Policy (Administrative Templates>>System>>Ctrl+Alt+Del) but it is already set to Not Configure.
Now I cant even down load anything off the internet. It says that my Internet securuty setting is preventing from downloading anything. Here is my LoG File from the HiJackThis.
************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:40:10 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program File... Read more

Answer:Solved: Help - Possible Trojan - Task Manager not openning up

16 more replies
Relevance 61.91%

My task manager is blocked, "Task Manager has been disabled by your administrator", additionally there are frequent warnings about various trojans. Attached is a HJT Log, any help will be greatly appreciated!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:50 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\ivopeheb\kzmjchgt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\... Read more

More replies
Relevance 61.91%

As topic states, my computer had been infected earlier today with trojans after my cousins inserted their flash drives to it. I was confident SuperAntiSpyware could take care of it when something pops up.

But after a few hours, all this things happened:

* I cannot access Task Manager anymore.
* I cannot access Regedit also.
* Done a full scan with SuperAntiSpyware, and it found the following:
- Trojan.Agent/Gen-Virut
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\HUFJV.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\KFAYMR.EXE
- Trojan.Agent/Gen-WinX
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\DEAA.EXE
- Trojan.Maildrop/Gen
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\WINHAJE.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\WINVBWOED.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVGRCAMT.DEFAULT\WINHAJE.EXE

Reccently, I also noticed that accessing antivirus websites are also blocked. One of my application (Dragonica) also failed to run properly.

I hope giving this information, you can help me fix my problem. Thank you very much.

Here's my DDS

DDS (Ver_09-10-13.01) - NTFSx86
Run by javee at 0:40:28.28 on Sat 10/24/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1584 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166... Read more

Answer:Trojan Help - Task Manager and Regedit Disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please keep this computer offline except when downloading tools and posting in the forum until we get an antivirus installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting... Read more

2 more replies
Relevance 61.5%

I can not open the teak manager, MS Config or use System restore. They all open for an instant and automatically close.

I had the Caseyvideo virus or whatever it is. I saw it running in the task manager. I tried to go into safe mode and then stop the process in the set up of MS config... didn't work.

Also, won't let me open system restore. Can access it through safe mode but it keeps failing.

PLEASE HELP!!!
 

Answer:Virus?/ Trojan? blocks task manager and MSConfig

8 more replies
Relevance 61.5%

I can not open the teak manager, MS Config or use System restore. They all open for an instant and automatically close.

I had the Caseyvideo virus or whatever it is. I saw it running in the task manager. I tried to go into safe mode and then stop the process in the set up of MS config... didn't work.

Also, won't let me open system restore. Can access it through safe mode but it keeps failing.

PLEASE HELP!!!
 

Answer:Virus?/ Trojan? blocks task manager and MSConfig

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/443484-virus-trojan-blocks-task-manager-msconfig.html
 

1 more replies
Relevance 61.5%

All of my processes in the task manager are larger than they were a week ago. For example, i use a small program called Launchy, which is a equivalent of quicksilver (for accessing files). It used to be around 1000K, now it is 13980K in the task manager. Other files follow suit.

Pandascan will not run. It gets around 13% and closes down. I have done it in firefox and IE, and in safe mode.

Itunes started skipping at the beginning of each song, like it is waiting for memory or processor power to get the song going.

I have run AVG antispyware, spybot, and the DSS. AVG found:

C:\sysbdbi.exe Trojan Horse Downloader.Agent.NWC
C:\Windows\bywtrq.dll Trojan Horse Generic5.xgy

Deleted both of them.

It is still doing the same things after deleting the files.

Deckard's System Scanner v20071014.68
Run by Atha on 2008-05-28 14:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-05-28 18:10:08 UTC - RP320 - Deckard's System Scanner Restore Point
18: 2008-05-28 05:08:48 UTC - RP319 - Installed AVG Free 8.0
17: 2008-05-28 01:40:19 UTC - RP318 - System Checkpoint
16: 2008-05-27 01:38:10 UTC - RP317 - System Checkpoint
15: 2008-05-26 00:38:35 UTC - RP316 - Installed Drive Speed Checker


-- First Restore Poi... Read more

Answer:Task Manager processes larger, slow, trojan

Also, the Launchy program is now up to 14376K

Programs like Applemobiledevice are also growing as well. I have not used these programs since my first post.

Itunes also skips when tracks are pulled from an external hard drive, so i do not think it is the hard drive that is causing the stuttering/skipping at the beginning of each song.

1 more replies
Relevance 61.5%

My basic problem is that my task manager is disabled, and that's pretty damn annoying. I searched Google for lots of fixes, and none of them have worked so far. I've tried HijackThis and found a single entry that's disabling my Regedit, but even if I delete it, it reappears a few seconds later. Even turning off system restore doesn't help.

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:36 PM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Pr... Read more

More replies
Relevance 61.5%

Hello All,Let me say first that I'm so impressed that there are people like yourselves out there helping out the not so computer savvy like myself...I really appreciate it!So I've got a variety of issues, I don't know if they're all related or not so I'll do my best to describe them.Main Symptoms- Ctr + Alt + Del brings up "task manager has been disabled by your administrator"- Flashing desktop background "Warning Dangerous spyware. Many viruses were found on your computer...etc"- Box that pops up saying "server busy. this action cannot be complete because the other program is busy. choose 'switch to' to activate the busy program and correct the problem" I can't cancel or get rid of it.- Pop ups galoreWhat I've tried- I tried to run the DDS scan but I got a blue screen shut down.- I tried to run Malwarebytes' scan. Scan was completed but system was shut down before it could save the log or delete the many issues it found (65+ infected )I've looked back into Malwarebytes and it seems to have quarantined Trojan.Vundo.H This is bad...I know! Can anyone give me advice where to go from here? Thanks a lot!!!

Answer:Trojan Vundo, "third hands", task manager disabled

Ok, well I ran Malwarebytes again and was able to get the log and do the removal process. However, I get the feeling that I'm not out of the woods by a long shot...
On restart I got these messages:

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\vdscmn.dll is not a valid windows image. Please check against installation diskette

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\yuwehosu.dll is not a valid windows image. Please check against installation diskette

userinit.exe - bad image
the application or DLL C: WINDOWS\system32\system32\ziluyuda.dll is not a valid windows image. Please check against installation diskette

3x each.

After start up, the evil background is gone, but the file is still there in desktop properties.

Ctr+Alt+Del brings the task manager up.

I've got the following locked in Malwarebyte's quarantine:
Trojan.Agent
Trojan.Downloader
Trojan.Vundo.H
Trojan.Vundo
Trojan.FakeAlert
Trojan.BHO
Trojan.Dropper
Trojan.TDSS
Malware.Trace
Rootkit.Trace
Adware.SpeedMonitor

All of them are there several times.
I've been able to run the DDS scan now, do I post those results here? Or is that another section?

THanks!

2 more replies
Relevance 61.5%

Had a trojan fraudpack virus(I think). Corrupted the rundll32.exe file. Backed up files and reinstalled windows. Now I can't get into task manager. Says it has been disabled by the administrator. Some programs won't run. Pop-ups are constant. Would not let me run dds program. I am posting the hijack log and the rootrepeal log. I was wondering if I need to reinstall windows again but this time do I delete the partition on the drive. It only has one partition. Also was wondering if formatting the drive would do any good. I have deleted 2 files from C:/documents and settings/allusers.windows/applicationdata folder. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:13:58 PM, on 9/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Embarq Online Security 8\Common\FSM32.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\AOL\1253270060\ee\AOLSoftware.e... Read more

Answer:Task manager disabled/multiple pop-ups/Trojan fraudpack

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

14 more replies
Relevance 61.5%

Hi,

I recently installed My Norton Internet Security 2006, updated it and scanned my system as my task manager and regedit is not working.

it detected a virus known as backdoor.trojan and was removed successfully but still these things dont work. I suspect of getting a virus from another flash drive which was used in my computer yesterday as before that everthing was working perfectly fine.

If any one can hlp me on this i would be grateful.

Regards,
Munawar Khan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:46, on 22-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7... Read more

More replies
Relevance 61.5%

Whenever my laptop gets slow I check task manager, and there are always processes with no description, like winlogon.exe, svchost.exe and csrss.exe (I checked online and apparently these three processes are part of Windows). Moreover, when I connect internet after a long time of being offline, I see an update.exe process (or even two) with no description, which usually disappears in seconds or a few minutes (it also disappears if I disconnect). Is it an automatic update of some program or a trojan? (it can't be Windows updates because my Windows update setting is set on "check for updates but let me choose whether to download and install them"). My Avast free and Avira free (both real time) are up to date and full scans find no malwares whatsoever.
 

Answer:A process with no description in task manager, legit or a trojan?

Those are well known windows processes as far as I know. I have all 3 of them as well.
 

17 more replies
Relevance 61.09%

Last week I noticed that my cooling fan was running very loudly.  I was concerned that my system would overheat and the computer would stop working permanently.
 
I opened up Task Manager and noticed there were many instances of dllhost.exe *32 running, which was taking up all the CPU power.  I did some further research on the subject and found out that my computer may be infected with two Trojans associated with this:  Trojan.Powelik and Trojan.Adclicker.  I found nothing out of the ordinary after running Norton Power Eraser and a full scan using Norton 360, but while running Malwarebytes I found someone - or something - attempting to gain access through 2 IP addresses:
 
95.215.1.57 and 31.184.192.90.
 
I have blocked both addresses.  Yesterday, Norton found, quarantined and deleted two tmp files associated with Trojan.Powelik:
 
00014365.tmp
00010890.tmp
 
Again, I ran a full scan, Power Eraser and Malwarebytes and thought everything to be normal, but the dllhost.exe *32 issue popped up again last night, making me think that the Trojans are still in the system somewhere.
 
I'd like to get rid of this issue for good, as this computer is one of my main means of communication.
 
Thanks for reading.

Answer:Trojan.Powelik and Trojan.Adclicker infection

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

23 more replies
Relevance 61.09%

I get notifications from Norton that it has detected Trojan.AdClicker and Trojan.Powerlik activity on my desktop.  This will happen even when an internet explorer browser is not running.  The computer will go back to the desktop icons when a program is running fullscreen.  The fan will usually start running loudly as well.  I've noticed lots of dllhost.exe processes starting themselves in the Task Manager as well.  I can end process on them but they just start themselves up again.  Any help would be much appreciated.  Thank you
 
Here is my DDS.txt log -
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Getter at 8:58:16 on 2014-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.5469 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemN... Read more

Answer:Infected with Trojan.AdClicker and Trojan.Powelik

I had a similar issue on my laptop not that long ago, and the helpful and wonderful forum tech was able to help me clean that up.  At the time, my desktop was not behaving strangely but I thought it might only be a matter of time.
 
I ran DDS again while it was launching dllhost and other dlls, here is that DDS log - and Attach.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Getter at 11:05:56 on 2014-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.2414 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServ... Read more

18 more replies
Relevance 61.09%

I am experiencing an issue where dllhost*32 has multiple processes, monopolizing my processor (100% usage) and finally causing a crash with blue screen.

Norton 360 failed to find, block, or warn of this malicious threat and I've tried a few of the COTS remedies without success. Any assistance from someone with a greater understanding of how to resolve this would be appreciated.

Thanks in advance for any/ all advice or assistance.
 

Answer:Trojan.Powelik & Trojan.AdClicker infection

Please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide
 

4 more replies
Relevance 61.09%

How do I remove these Viruses? Trojan.Powelik and Trojan.Adclicker
 

Answer:Need Help to remove Trojan.Powelik and Trojan.Adclicker

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

========================================



Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If... Read more

1 more replies
Relevance 61.09%

Symantic has told me that I have Trojan.Poweliks  and Trojan.Adclickers on my computer but no virus scans will come up with any issue. It is really slowing down my computer and I would appreciate any help.

Answer:Trojan.Powelik Trojan.Adclicker dllh.exe

Hi. I'm Rootk and I will be helping you with your problem. Please do the following: Download Farbar Recovery Scan Tool and save it to your desktop. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

9 more replies
Relevance 61.09%
Question: Powelik! Trojan

Hi. I can not get this off my computer. I have Windows 7 64-bit Home Premium edition. I have Norton Antivirus and Malwarebytes Premium. Last night I ran a full system scan with Norton and it detected 1 virus. It then said working files, 6 of them for over 4 hours and I finally just shut my computer down. Can anyone help with this? Thank you!!

Answer:Powelik! Trojan

Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.The tool will produce a log in the same directory the tool was run from.Please copy and paste the log in your next reply.

22 more replies
Relevance 60.68%

i have this trojan virus in my system. Isass.exe. the folder options under tools menu, task amnager and the Run menu are missing.. Please help me...Its very very very urgent. I have to submit an assignment in 2 hours and this virus is screwing up everything...!!! Someone plz help me soon...!!!Please...

here is my HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 12:22:08 AM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\... Read more

Answer:TROJAN Isass.exe-Folder options & task manager MISSING!!!

15 more replies
Relevance 60.68%

Can't access my task manager after spysweeper found a trojan horse
after i got rid of all threats,quarantined and deleted..,I found a flashing red circle w/ a red line through it flashing from question mark and back to the red circle on the bottom right toolbar
so i tryed from there to open my task manager,ctrl-alt-del, NO LUCK!!, it will not even open by right clicking the tool bar
does this sound familiar to anyone??....
now my pc is acting slow and i cannot view what process are invading my cpu..
this is going to drive me nuts pretty soon,,,
can anyone help please?
 

Answer:Can't access my task manager after spysweeper found a trojan horse

7 more replies
Relevance 60.68%

Hey guys... I'm a newcomer here and I've never had a problem with my laptop (I make sure to run consistent malware/spyware/virus checks on it) until now. Recently everytime I try to access the task manager or use regedit (or edit a registry in any form) Windows tells me that it has been disabled by the administrator. Funny thing is, I AM the administrator and the only user of this laptop. I'm pretty positive it's some sort of virus/malware/trojan based on what I've scoured over the net but none of the typical solutions have worked. Since HijackThis is supposedly a powerful tool I'd be very appreciative if anyone could help point me to a way in solving this very annoying and very costly problem. I'm also a first time user of this program, so if I've done anything wrong, please say so. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:20 AM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\... Read more

Answer:Task Manager/Registry Editing Disabled (Malware? Trojan?)

Bump?

3 more replies
Relevance 60.68%

Hello:

When I start my computer McAfee opens with this message "The file c:\windows\system32\drivers\spools.exe is infected by the New Malware.j trojan and cannot be cleaned". I deleted the trojan, quarantined than deleted it, but nothing works. I've been getting this message along with an abundance of pop-ups since Sunday. Some days the desktop icons do not show up and now I am denied access to Task manager by the system administrator. I also keep getting pop-ups to clean "Malware" along with porn & everything website I would never want to visit. Can you please help me.

Thanks in advance.
 

Answer:Need help -- Malware.j trojan + mass pop-ups + denied access to task manager

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 60.68%

Hi All,Need help with infection on Win XP machine with SP3.This problem was identified when I saw that Task Manager and Registry Editor are disabled. So I ran MBAM and SuperAntiSpyware.The latest copies of MBAM & SuperAntiSpyware are showing Trojan/Gen-Virut in the Doc&Settings\username\Local Settings\Temp\ folderEach time I run the above, many exe files with new names show up ( I looked up on the net to find that this is a polymorphic virus, so it can change names)Now the runs of MBAM and/or SuperAntiSpyware show this virus/malware each time, they "Claim" to clean or quarantine the infected files and ask for a reboot. But after reeboot, the I still find the task manager & regeditor disabled. I execute a vbscript file which has the following code, Set WshShell = WScript.CreateObject("WScript.Shell")With WScript.CreateObject("WScript.Shell")On Error Resume Next.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools".RegDelete "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD".RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr".RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr"End WithMybox = MsgBox(jobfunc & enab &a... Read more

Answer:Gen-Virut Trojan - Disabled Task Manager & Registry Editor

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

6 more replies
Relevance 60.68%

DescriptionAll of a sudden getting pop ups reporting PC Defender; can't open Task Manager; and I can't install Symantek Endpoint Protection.SUPERAntiSpywareAbout 500 items. Including 3 Rogue PC Defender and 23 Trojans, 458 cookiesDDS ReportDDS (Ver_09-09-24.01) - NTFSx86 Run by Administrator at 17:29:51.93 on Sat 09/26/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.360 [GMT -4:00]AV: Windows PC Defender *On-access scanning enabled* (Updated) {773702A3-DD44-4C84-A228-0500D3B832B6}FW: Windows PC Defender *enabled* {CA2C067C-8475-42C7-8B52-B74CA6C472A9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exesvchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\mshta.exeC:\WINDOWS\System32\mshta.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers�... Read more

Answer:Rogue Windows PC Defender / Trojan / Task Manager won't load

I just finished a Spyware Scan and it removed those 500 files... and I tried to install Symantec and it still errored. Task Manager still will not come up.New DDS ReportDDS (Ver_09-09-24.01) - NTFSx86 Run by Administrator at 22:02:36.57 on Sat 09/26/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.495 [GMT -4:00]AV: Windows PC Defender *On-access scanning enabled* (Updated) {773702A3-DD44-4C84-A228-0500D3B832B6}FW: Windows PC Defender *enabled* {CA2C067C-8475-42C7-8B52-B74CA6C472A9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exesvchost.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\igfxpers.exeC:\Program File... Read more

7 more replies
Relevance 60.68%

As I have just contracted this nasty piece of uber-malware, I thought I would post a compilation of what I have learnt through personal experience and on this and other forums. I have noticed that about 4 people have complained about this beast in the last couple of days in different places, so I thought I would post what I have learnt.

It's a bit rough, but it's a start.

My system, which runs Microsoft Windows XP Pro with SP2, has become infected with a particularly nasty little Trojan.

For the record, my security tools are:

1) Ad-Adware Professional, with Adwatch running constantly. I do a full scan each start-up
2) Norton Anti-Virus, with definitions updated as of Thursday, Dec 30, 2004, system is scanned weekly
3) Fully updated XP patches through Microsoft Automatic Update
4) SP2 firewall, plus hardware firewall on my Cisco router

I have no idea how I got infected ? I became aware of it when I noticed the Adwatch icon flashing in the start-up menu and found that 4 attempts or so per minute were being made to modify the registry files. I then noticed that NAV was inactive (no icon present) and that the Microsoft security icon was flashing for my attention. However, each time I attempted to open it, the window shut immediately.

Safe mode changed nothing ? NAV was still unable to open. Here?s what I have learnt from research:

Properties of the Trojan:

1) Disables antivirus software
2) Disables all firewall software (including... Read more

Answer:Help for anyone with supervirus/trojan that disables task manager, regedit, antivirus

Are you still having a problem? If so, complete the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and if still having a problem after that, follow the guidelines below and post your HJT log. Sounds similar to problems we have fixed a bunch of times.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

1 more replies
Relevance 60.27%

This is the FRST scan I took the liberty of pre-running.  I assume the fixit list file is next, but I believe I have to wait for someone to look at the results and tell me how to procede.
 
Thank you so much in advance!
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by boylem1 at 2014-11-04 11:27:30
Running from C:\Users\boylem1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\A... Read more

Answer:Powelik Trojan on 3rd User now - Please help!

Hi,
 
You forgot to post the other log - FRST.txt.
 
 
Regards,
Georgi

38 more replies
Relevance 60.27%

Hi,
 
I have not seen any sliders from Norton nor have I seen more than one dllhost process running in a while so I hope I've already resolved this by duplicating instructions I saw from Georgi in another thread here.  But I would like to ask if 1) there are additional steps I should take 2) if I should paste some of these files here for you to examine or 3) things are so fouled up now you won't touch this?
 
Trying to be efficient today  I created files and programs in a folder called "antispyware" on my desktop but also in a usb drive e: as follows:
 
FRST64.exe
Fixlist.txt
FRST.txt
FRST_07-11-2014_16-52-21.txt
Fixlog.txt
 
I also put  antimalware programs or shortcuts in the same folder and on the e: drive like malwarebytes, superantispyware, spybot s&d, ccleaner, adwcleaner but I noticed that when I hit the fix button in frst64 that it has been running now for over an hour. I attached fixlist. txt
 
Heynow1010
 
 
 
 

Answer:Trojan.Powelik & .Adclicker

FYI I have windows 7 and powlik was killing me a couple days ago and I ran adwcleaner and malwarebytes and I seemed to clear up but then Norton slid in to say it blocked Trojan.powlik again
 
Heynow1010

5 more replies
Relevance 60.27%

My Norton won't let me download the FRST program, I'll have to work on that.
 

Answer:Infected with Trojan.Powelik like the others

Disable Norton
http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html
 

7 more replies
Relevance 60.27%

Computer is a member of a small business network. Log in as Administrator and computer works fine. Log in as specific user and the computer bogs down. Norton Internet Security has popped up with a "Blocked: Trojan.Powelik" notification. Ran Norton Full system scan in both normal and safe modes with no success. Ran Malwarebytes scan with no results.
 

Answer:Trojan.Powelik Issue

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 60.27%

Heya, seems I too have been hit by this hard to rid Trojan. Any help would be greatly appreciated.

I have attached my FRST and addition txt files.
 

Answer:Trojan.Powelik and Adclicker

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:

Start
HKU\S-1-5-21-3091320405-2721136062-1817667341-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
EmpyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If t... Read more

7 more replies
Relevance 60.27%

I have a Trojan.powelik infection , Type: Process, Path: HKULS ,I'm told by my virus protection. Can some tell me how I can remove. I have a dell laptop with windows 10. Thanks for the help.
 

More replies
Relevance 60.27%

Hi. Thank you so much. Let me know if I need to provide something else. I have been infected by Trojan powelik and adclicker
 

Answer:Trojan Powelik and adclicker

I found out I am running 64-bit
 

1 more replies
Relevance 60.27%

Hey Bleepingcomputer, I picked up this trojan powelik virus last week. First, I used the Notron powelik removel tool they have out now and it didn't work, although it seemed to help at first. But Norton keeps finding the Trojan virus and takes care of it and I have to reboot. But I keeps happening. I found your web site and quickly read everything and downloaded ESET and ran it. ESET found powelik*32 and removed it. But I'm still getting CPU activity from dllhost.exe, descrition:COM surrogate. My system is 64 bit, don't know is that matters to the trojan. I tried two other removal tools before coming here, but I stopped them when I got to a paid for my service now, and then after reading your website I quickly removed the tools from my PC. So, I still have this thing and I'm afraid to use my PC for anything because I know someone my be watching.
Here is my Log-
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 11.25.2
Run by Dere at 19:58:39 on 2014-12-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8183.5380 [GMT -8:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ============... Read more

Answer:Trojan Powelik is still on my pc after using ESET, need help

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the All clear. Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

15 more replies
Relevance 60.27%

Hello all, I just signed up for this site today after using some of the software for several months. I'm interested in learning virus removal because my area of expertise ends when an antivirus is unable to clear it out effectively. I have two work computers that are currently infected; one with a Powelik Trojan and the other with a Root Kit. Both of these viruses are detected and deleted by RogueKiller, however, they are reinfected by a hidden file upon reboot. I definitely could use any tips or tricks on how to manually find these viruses. Lastly, I'm looking to sign up for the Malware Removal course so I'm trying to get my posts in before I'm allowed in.

Answer:Trojan.Powelik/newbie

Hi, and welcome to BC. Anything can be removed if you're proficient using the CLI (command line interface), removing services and editing the registry.
 
poweliks removal tool.
 
http://kb.eset.com/esetkb/index?page=content&id=SOLN3587
 
BC's security downloads section. TDSkiller is a good rootkit remover.
 
http://www.bleepingcomputer.com/download/windows/security/
 
List of common registry locations.
 
http://www.symantec.com/connect/articles/most-common-registry-key-check-while-dealing-virus-issue
 
List of offline virus scanners.
 
https://www.raymond.cc/blog/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk/

3 more replies
Relevance 60.27%

Heres my story, I'll try to keep it short and detailed as possible as to what is wrong with my computer.


Ok, I was surfing the web when all of the sudden a page wouldnt load, i ctrl+alt+delete to see what was going on. I instantly noticed several processes occuring that ive never seen before. I ended them all. Then my computer's background was changed to a blue screen saying, Warning your computer has been infected with spyware, please install an antispyware or have your computer scanned now!.... I restarted my computer, and thats when problems started occuring. I would load my account (administrator), the computer would be running very slow, (the background was still the same, with the warning you have spyware), i tried to ctrl+alt+delete, and then a warning sign came up ( and still comes up everytime I try this) , The administrator has locked you out of this function. So things just got worse, i instantly disconnected my internet connection to prevent the virus from downloading more.... Now i will just list symptoms of my computer, and things that i have done.

- Task Manager is denying me access
- The background is permently changed ( i can not change it)
- The screen saver was changed to bugs... yeah weird, but I was able to find and remove this screen savers file... it was called blackster
- I am only able to successfuly start my computer in safe mode. ( when i try to normally run my computer it will start up, but then after loading the main screen it will ... Read more

Answer:Denied access to task manager. Found virus: Trojan.downloader.VB.G,

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

19 more replies
Relevance 60.27%

Noticed computer running very slow and overusing the fan as compared to normal. Checked the task manager to find any irregularities and saw a process called internetport3.exe . Don't know much about software, but do know to be wary of .exe files I am not familiar with. Looked it up on google and could figure that it's some kind of virus/trojan. No idea how to thoroughly remove. Any help is much appreciated. 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by TonyG (administrator) on BEASTPC on 27-01-2015 09:33:29
Running from C:\Users\TonyG\Downloads
Loaded Profiles: TonyG (Available profiles: TonyG & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\... Read more

Answer:suspected infection by trojan/virus "internetport3.exe". found in task manager

Download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

 fixlist.txt   6.28KB
  6 downloads
 
 
Let me know how the machine is running after this fix.

8 more replies
Relevance 59.45%

WORK AROUND:

Ok, this worked for me. Before trying this fix I recommend you turn off your internet access\wifi to slow it down.

This Trojan runs a line of javascript from the registry key. If you remove this key it will only recreate it. I have a work around, since I cannot locate the program that is recreating this. I located the key by running the latest version of Rogue Killer. It then showed me the path of the registry. I did not delete this through RogueKiller since it will only recreate itself...

The path of the offending virus registry on my computer was:

HKEY_USERS\S-1-5-21-3307227288-2313220994-4118584292-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32

With this you need to move quickly on this part:

1) Delete\edit the two registries. (a) and (default-which will stay but show no value).

2) Then quickly move to this folder (parent of local32):

{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

Right Click file to change\edit permissions.

Uncheck inherit permissions box. (May be under advanced button), then remove all users except yourself, give yourself ONLY read and DELETE permissions (you can always add yourself back later). This MUST be done BEFORE the virus recreates the registry. SO be ready for this. Maybe even practice. Reboot. Log in. Go to Task Man and monitor CPUS. if goes up to 100, repeat this because you did not move fast enough in deleting and changing permissions.

-Megan
 

Answer:How to remove Trojan Powelik Manually

Thanks for the info.

You're right that if deleted with RogueKiller it just recreates itself. I have been using a combination of tools for users here, as not all of them are entirely comfortable manually editing the Windows Registry themselves.
 

1 more replies
Relevance 59.45%

Hi. I'm new to malwaretips.com. I googled the issues I was having with my laptop and eventually realized this was the infamous Trojan so many folks have gotten lately. Managed to follow instructions to another user on your website to allow downloads (despite the virus changing settings to block them) and acquired FRST software as recommended in the thread, then did a scan last night (attached). Your help in eradicating this plague to my laptop and related sanity would be most welcome and much appreciated...

Keith
 

Answer:Would like help removing PC infection (trojan powelik among possible others)

I have to add another symptom: error message that my powershell failed.
 

16 more replies
Relevance 59.45%

When I log on I get the notification of Trojan.Powelik and Trojan.Adscnner have been blocked then the COM Surrogate just runs and runs. Please help!!
 

Answer:Trojan.Powelik COM Suggrogate Malware

Sorry
Here are the files
 

4 more replies
Relevance 59.45%

Hello
 
I have foolowed these instructions and attached the dds.txt file.
 
I have 2 trojan viruses one being AdClicker and the other Powelik. I have tried following Symantecs manual instructions without success
 
Would someone be able to help me remove these. I would greatly appreciate any help
 
Thanks
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
 at 14:56:58 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4819 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\Sys... Read more

Answer:Trojan virus adclicker and powelik help please

Hello and welcome to Bleeping Computer! My nickname is Pystryker , and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with youIf you are receiving help for this issue at another forum, please let me know so I can close this thread.Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may in... Read more

14 more replies
Relevance 59.45%

Computer is running slow and won't load Task Manager (noticed that CPU usage suddenly goes to 100% if I try to open Task Manager, however, it never loads). Likewise for Chrome, and many other antivirus/malware software. They all work once I get into Safe Mode, however, they find nothing. The anti-rootkit programs all complain about a driver not loading- possible rootkit infection (or cause I'm in Safe Mode)?
 
Here are my logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Joseph (administrator) on JOSEPH-DESKTOP (26-10-2016 20:23:36)
Running from F:\
Loaded Profiles: Joseph & Guest Wifi (Available Profiles: Joseph & Guest Wifi & Guest)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mic... Read more

More replies