Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by DCX9

  1. Hi Kevin, Seems all good for now, malwarebyte scan shows no threat even after multiple reboot. I will keep monitoring it for a few more days. However, I was checking the path C:\Users\danny\AppData\Roaming\Dll (where the dllhost.exe were at) and found that there is a file named WinRing0x64.sys now. Should I be concern about this? as I am pretty sure it wasn't there before. Anyway, thanks for the help. Really appreciate it. I will update here if the problem reoccur. Thanks.
  2. Thanks for your reply. The logs are attached below. Addition.txtFRST.txtAdwCleaner[C01].txtmwb_log.txt One thing to note is that before I posted here, I did a scan with FRST and both DLLHost.exe and MSDLLHelper and the paths were in the [whitelisted] section in the FRST text file but after doing all the steps above and the new overwritten FRST.txt no longer have the 2 malware paths in it.
  3. About 2 weeks ago I downloaded Internet Download Manager patch from a suspicious site and after that I have been noticing COMSurrogate process taking up about 20% of CPU usage in task manager. I ran Malwarebyte and it detected 2 malware, one registry item called MSDLLHelper under HKU\S-1-5-21-2376670492-3024356693-3209832367-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSDllHelper and a program call DLLHost.exe under C:/User/danny/Appdata/Roaming/DLL/Dllhost.exe. I have since uninstalled Internet download manager and quarantined the malwares but every time I boot up my PC this 2 malware will show up again and I had to quarantine and delete them again. Is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks. Screenshot is attached below.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.