Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

dllhost.exe Virus has infected my computer... please help [Solved]


  • This topic is locked This topic is locked

#31
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11.

Please, do the following and tell me if there's any change.

Step #1
Norton Removal Tool

Download Norton Removal Tool to your Desktop. Double-click it it and follow the on-screen instructions. After the uninstalling is done, restart your computer.

 
Step #2
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   543bytes   50 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

  • 0

Advertisements


#32
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi Nevan.  I posted the report below.  It's still there.  I did run Malwarebytes rootkit removal but it didn't work either.  In it to win it! 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Carol at 2014-11-19 15:59:47 Run:5
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {D8B187B2-3820-4024-B102-9348A6F5CDE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {594E6A8E-894C-43E5-A660-6BA6A4FB2C83} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8B187B2-3820-4024-B102-9348A6F5CDE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8B187B2-3820-4024-B102-9348A6F5CDE8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{594E6A8E-894C-43E5-A660-6BA6A4FB2C83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594E6A8E-894C-43E5-A660-6BA6A4FB2C83}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.

==== End of Fixlog ====


  • 0

#33
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11.

I'm sorry that it takes so long but I'm trying to figure out what causes the problem.

Please, do the following:

GMER
  • Please download GMER to your Desktop. It will be saved as a randomly named file. This is completely normal.
  • Temporarily disable your antivirus protection (click here if you don't know how to do this).
  • Right-click previously download random .exe file and click Run as Administrator.
    Note: It is important that you don't use your computer while using GMER.
  • GMER will perform an automatic quick scan once launched.
    Note: If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
Once the quick scan is done, please, do the following:
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
Remember to enable your Antivirus program once you're done!
  • 0

#34
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

No problem Nevan, no rush.  I appreciate all your help.  Won't be able to respond again myself until this evening.  God Bless! 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-21 01:43:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 298.09GB
Running: k6kqt8pi.exe; Driver: C:\Users\Carol\AppData\Local\Temp\pgtiqpog.sys

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076521465 2 bytes [52, 76]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000765214bb 2 bytes [52, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076521465 2 bytes [52, 76]
.text  C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000765214bb 2 bytes [52, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076521465 2 bytes [52, 76]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000765214bb 2 bytes [52, 76]
.text  ...                                                                                                                                                    * 2

---- Files - GMER 2.1 ----

File   C:\Users\Carol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX37JLEC\rkill[1].exe                                              (size mismatch) 33375/18775 bytes executable

---- EOF - GMER 2.1 ----


  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Nevan is unavailable for a few days so I am jumping in :)

Lets see if we can find the culprit for this, GMER was OK

So I am now going to use a different tool, this may take a while to run but it will be a very thorough search and report

Could you download and run Kaspersky pure trial from here http://www.kaspersky...ree-trials/pure
This is similar to AVP but is win 8.1 compatible
It will offer to remove Avira skip that and set Avira to disabled for one hour

Once Kaspersky has installed you will see this screen

kas1.JPG

Select scan and allow it to update

report.JPG

Once the scan has completed and it has removed any threats select report on the top right

Click detailed report and attach that here.

I will need the report to determine what it is so that I can then remove it manually

detail.JPG
  • 0

#36
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay, I'm not sure what's happening but my computer is very sluggish and nothing seems to be loading completely.  My email doesn't fully load so emails don't open, etc.  Likewise, I can't get the download to even really start.  It sits there telling me "0% of ... downloaded"  Also, I had to try a different link because the one you put is for UK.  The UK one would not work. I'll keep trying, but please don't shut this down.  I'll check back in as well if I don't hear back from you with any suggestions.  Thanks for filling in!


  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is a US link http://usa.kaspersky...ome-trials/pure
  • 0

#38
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay friend, I was able to load and run the Kaspersky Pure program and there were no issues to report.  So I have no report.  I did notice while downloading the software the svchost.exe file did start and swell up the memory but then it went down to normal.  I just let it run it's course while Kaspersky downloaded.  Since then, I am not seeing it do this.  Was this just downloads that were trying to update???  My computer is still sluggish, but I don't know if it's infected with anything.  I'm uninstalling Kaspersky and I'm going to see how my computer runs since it also uses a nice chunk of memory.  Thank you for filling in for Nevan. 


  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It may well have been as svchost is the workhorse of the computer

Once pure is uninstalled let me know how it is running
  • 0

#40
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I think it's running okay again.  I stopped watching task manager so closely and surfed normally and the timing for web pages seems normal.  Unless you have anything else you want to try, I will continue to do my thing and see if anything messes up.  Also, I noticed when I restarted it the last time it did close down all the way and restart.  Before, it would shut down to a certain point before getting stuck with only my wallpaper showing.  If you want, I can check back in again tomorrow evening unless something happens before then that is clearly a problem.  Let me know.     


  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope, test it out and let me know of any anomalies that you are seeing :)
  • 0

#42
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Well Essexboy, I think we're back to normal.  My pages are loading okay and not getting stuck.  I appreciate all the help from you guys!  I feel like I graduated to a new level of virus control/elimination.  Thanks to you all for that!


  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Glad to be of assistance

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#44
LarryDelos11

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay, will watch for another 24 hours.  Appreciate the recommendations.


  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP