[davecj]

Hello,

 

I am having a problem very similar to what Mantis_51 had.  Malwarebytes is alerting me about fff5ee.com being blocked, IP address 95.215.1.57 mainly, and it's also the same file location as him that's affected, SysWOW64/dllhost.exe.  Only difference is, how I came to this point.  My computer seemed to be running okay when I wasn't browsing.  My issues were mainly with the browser.  I would get mysterious messages about security settings blocking a download when I wasn't trying to download anything, and for awhile, I'd be getting COM surrogate errors.   Those seemed to die down.  Then two days ago, I got an alert from my ISP that I was 99% for the month for my data usage (250 GB).  That got me, as I usually don't even come within 50% of it.  I managed to get to 112 GB in a month during a Netflix binge, and in this case, I managed to do it in two weeks without having much time for movies.  I opened my resource monitor, and noticed a ton of dllhost.exe files running, and no idea what they were doing there.  I opened Malwarebytes, realized I hadn't updated it in awhile (got really busy over the last couple months and a lot of things got forgotten), and after that, the dllhost.exe processes went away and so did the errors, but then came the popup alerts.  Malwarebytes came up with a couple of trojans during an overdue scan i ran, both tagged to msiexec.exe, but like an idiot, without thinking, I deleted the quarantines without taking a close look at what they were, other than being a trojan.  Googled the problem and found out about Poweliks, found Mantis_51's thread, and here I am now.  Avast is my antivirus software, in case you're wondering. I suspect that I'm probably going to end up wiping the drive, but would like to open a dialogue with you about this, just in case it's not what I fear.  Would like you to walk me through this step by step, as I've never had a virus hit me before at all, so even though I could just copy what you've had others do and will most likely have me do, would prefer not to do anything without your instructions.  Thanks!

 

Dave

[Advertisements]

Hi if it is just Poweliks then it is fairly easy to remove

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi if it is just Poweliks then it is fairly easy to remove

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.