DCX9
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DCX9
-
-
Hi Kevin,
Seems all good for now, malwarebyte scan shows no threat even after multiple reboot. I will keep monitoring it for a few more days.
However, I was checking the path C:\Users\danny\AppData\Roaming\Dll (where the dllhost.exe were at) and found that there is a file named WinRing0x64.sys now. Should I be concern about this? as I am pretty sure it wasn't there before.
Anyway, thanks for the help. Really appreciate it. I will update here if the problem reoccur.
Thanks.
-
-
Thanks for your reply. The logs are attached below.
Addition.txtFRST.txtAdwCleaner[C01].txtmwb_log.txt
One thing to note is that before I posted here, I did a scan with FRST and both DLLHost.exe and MSDLLHelper and the paths were in the [whitelisted] section in the FRST text file but after doing all the steps above and the new overwritten FRST.txt no longer have the 2 malware paths in it.
-
About 2 weeks ago I downloaded Internet Download Manager patch from a suspicious site and after that I have been noticing COMSurrogate process taking up about 20% of CPU usage in task manager. I ran Malwarebyte and it detected 2 malware, one registry item called MSDLLHelper under HKU\S-1-5-21-2376670492-3024356693-3209832367-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSDllHelper and a program call DLLHost.exe under C:/User/danny/Appdata/Roaming/DLL/Dllhost.exe. I have since uninstalled Internet download manager and quarantined the malwares but every time I boot up my PC this 2 malware will show up again and I had to quarantine and delete them again.
Is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks.
Screenshot is attached below.
Bitcoin.Trojan.Miner.DDS keeps coming back as DLLHost.exe and MSDLLHelper
in Resolved Malware Removal Logs
Posted
Thanks for the help and suggestion, no engine detected the file.