Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

multiple dllhost.com running (computer very slow) [Closed]


  • This topic is locked This topic is locked
42 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 25 December 2013 - 12:28 PM

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.  :)
----------
 
Please run a new scan with ComboFix and attach the newly made log.


Posted Image
 
 

    Advertisements

Register to Remove


#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 07:14 AM

Still here?


Posted Image
 
 

#18 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 December 2013 - 11:24 AM

how do i know my MBR is infected?



#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 11:33 AM

Hi,
 
Your MBR is more than likely not infected....TDSSKiller would have caught that but let's run another tool to get a second opinion.  :)
 
1QYkxTZ.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

----------


Posted Image
 
 

#20 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 December 2013 - 08:36 AM

okay so i wanna try to remove ZeroAccess rootkit may you help me?

AswMBR log is attached in this post

Attached Files



#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:49 AM

Your MBR looks good....  :)
 
Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------


Posted Image
 
 

#22 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 December 2013 - 08:43 AM

Attached File  ComboFix.txt   26.63KB   96 downloads



#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 29 December 2013 - 12:14 PM

Not looking bad.....how is your system running now?  :)


Posted Image
 
 

#24 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 29 December 2013 - 03:26 PM

i didnt remove anything yet i just scanned



#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 29 December 2013 - 08:33 PM

Actually ComboFix removed a serious infection that looks to be gone.  How is your system running?  :)


Posted Image
 
 

    Advertisements

Register to Remove


#26 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 December 2013 - 10:23 AM

i still have a lot of dllhost running and the computer is slow too


Edited by sweetescape, 30 December 2013 - 10:24 AM.


#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 11:16 AM

N4qAiMQ.jpgFRST

Download the 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------


Posted Image
 
 

#28 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 December 2013 - 01:57 PM

I have a question. Is this solution going to format my pc?


Edited by sweetescape, 30 December 2013 - 01:59 PM.


#29 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 02:55 PM

No not at all.  :)  It is going to get a view of your system without Windows actually being running (basically a scan outside of Windows looking in).


Posted Image
 
 

#30 sweetescape

sweetescape

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 January 2014 - 12:03 PM

it says missing operating system


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users