Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected by trojan.powelik activity; COM Surrogate;dllhost,exe [Solved


  • This topic is locked This topic is locked
6 replies to this topic

#1 minhyuk98

minhyuk98

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 16 November 2014 - 12:38 PM

I have apparently mistakenly downloaded an "Astromenda" search process which I believe eventually infected my computer.  I have Norton 360 and I am constantly getting messages about Trojan attacks of "pwelik activity,  CPU usage and memory usage warnings.  I have uninstalled "Astromenda" from programs and also from Internet options as it would automatically open up when I opened my IE home page.    Many of the attacks are coming from either a dllhost.exe file and a dllhost3g.exe which are in my Windows/SYSWOW64 folder. 

 

I have also attempted without luck to download the files as requested in the steps from this site but get a error messgae "your current security settings won't allow this file to be downloaded".  I don't know if this is from my Norton software although usually I get a window requesting that a system wants to make a change to my computer. 


Edited by minhyuk98, 16 November 2014 - 12:54 PM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 November 2014 - 09:52 PM

Hi minhyuk98,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================



I have also attempted without luck to download the files as requested in the steps from this site but get a error messgae "your current security settings won't allow this file to be downloaded". I don't know if this is from my Norton software although usually I get a window requesting that a system wants to make a change to my computer.

Since you cannot download the tools needed to diagnose your problem you will have to use a different computer and download the tools to a flash drive, then transfer them to the infected computer. Run the scans then post the corresponding logs that are generated.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 November 2014 - 10:33 AM

Hi minhyuk98,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#4 minhyuk98

minhyuk98

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 21 November 2014 - 03:22 PM

I am unable to download the Securitycheck.exe from Screen317.  i have tried it from two different computers.  I was able to download the other requested product but am stuck with the Screen317 product.  Any suggestions, could it be a problem with the product?  



#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 November 2014 - 03:27 PM

Hi minhyuk98,

Just skip that tool and run the other scans. :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 minhyuk98

minhyuk98

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 22 November 2014 - 08:29 AM

I have resolved my problem.  I appreciate this forum and all the efforts to assist me.  Thank You



#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 November 2014 - 09:24 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users