Jump to content

dllhost.exe *32 COM Surrogate Removal


farago77

Recommended Posts

Hello farago77, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================

 

Please consider the following warning, and let me know how you wish to proceed.
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 

Link to post
Share on other sites

OK Chuck, this first post details steps I recommend you take before you reformat. 

 

STEP 1
ypeNg1J.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key on your keyboard and insert your USB drive.
  • Follow these instructions on how to format your USB drive (this will remove all files on the device).
  • Return to Panda USB Vaccine. When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
nSymGHK.png Folder Options

  • Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Click Apply followed by OK.
     

STEP 3
LRQ3fDK.png Backup Data

The safest practice is not to backup any executable files (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. You should also avoid backing up compressed files (.zip, .cab, .rar) that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions (hence why STEP 2 is important) and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up such documents that you or other users created (as opposed to downloaded).
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
  • Once you have decided which files you wish to backup, copy the files over to the USB drive. 
     

STEP 4
CXrghb6.png Download Installation Files
I recommend downloading your Network Adapter drivers before reformatting. This is a precaution in case you experience issues with Internet connectivity after reformatting.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate Network Adapters and click the corresponding drop-down arrow.
  • Make a note of your Network Adapters.
  • Using this Dell page, enter your relevant product details and locate the Network Adapters you noted down. Save the files to your USB drive. 
     

Download the Anti-Virus installation file of your choice. You need only download the installation file; do not click or open the file. Once downloaded, save the file to your USB drive. You must only install one Anti-Virus after reformatting.

Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards. 
 
For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine. 
 
Once you have downloaded the drivers and the Anti-Virus installation file of your choice, right-click the USB drive in the system-tray, and follow the prompts to safely remove the device. Now remove your USB drive from the computer 
 
 
STEP 5
6YRrgUC.png Paid-for/Premium/Licensed Software
Do you have any paid-for software that was activated using a code or key? If so, ensure you have all relevant information noted down before reformatting. 
 
If you have a Malwarebytes Anti-Malware Premium license, but do not possess your details, follow the instructions below.
 

You cannot look up your Activation ID and Key from the Registry unless you have a previously licensed 1.x version installed.  Fresh installs now encrypt that data so make very sure you have your ID and Key before you proceed.  Previous 1.x PRO versions did store the ID and Key in the following locations of the Registry but a clean fresh install of version 2.0 will not store it in the Registry.
 

Location for Windows x86 32-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
 
Location for Windows x64 64-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

 
 
If you cannot locate your license activation information in the Registry and no longer have access to your order number you can contact cleverbridge to obtain information about your order including license registration and activation information. Please note that cleverbridge does not offer technical support for any products. They will only provide you with your order information: Contact cleverbridge customer service If you purchased Malwarebytes Anti-Malware from another vendor or reseller and still require the license activation information you will need to contact that vendor or reseller to obtain the information before you proceed otherwise you will not be able to re-activate the product.

 

Link to post
Share on other sites

The following steps explain how you can reformat/restore, setup your machine once done, and safely move your backed up data across. 
 
STEP 6
jUWtJiD.png Reformatting/Restoring
There are several options available.

  • Restore to factory default using your Dell Recovery partition.
  • Reformat using Windows built-in tools.
  • Reformat using Darik's Boot and Nuke (DBAN).

The advantage of using your Recovery partition is that you do not need to reinstall Windows afterwards. The Recovery partition will restore the computer to the state it was before the very first time you switched it on. This is the option I recommend you take. 
 
Before proceeding, double-check you have backed up all the files you need. Now follow these instructions on using your Dell Recovery partition to restore to factory default. Take heed of the warnings provided to you, and take your time as you progress through the various stages. Do not click or agree to anything without first ensuring you've fully read what you're agreeing to. 
 
 
STEP 7
dPS9R8h.png Computer Setup
Before restoring your backed up data, it's important you do the following in the order specified.
 
Confirm Windows Firewall is enabled

  • Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.
  • Confirm Windows Firewall is enabled.
  • If not, enable the Firewall.

Install an Anti-Virus

  • Hold the shift key and insert your USB drive. Move the AV installation file to your Desktop. Remove your USB drive.
  • Open the installation file, and follow the prompts to install the Anti-Virus.
  • Once installed, connect to Internet and immediately download the latest updates for the Anti-Virus.
  • Run a scan if you wish to.
  • Note: Avast! requires an active Internet connection during the installation. You must connect to the Internet before starting the installation if you chose avast!.

Install Windows Updates

  • Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
  • Click Check for updates.
  • Install all recommended updates (you may wish to uncheck any optional updates).
  • Do not use the computer whilst updates are installing.

Confirm there are no Issues with...

  • Audio/Sound
  • Battery
  • Display
  • CD/DVD drive
  • Keyboard
  • Mouse
  • Wireless Network

If you find issues with any of the above, do the following.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate the relevant category, and click the corresponding drop-down arrow.
  • Right-click the relevant driver, and click Uninstall.
  • Follow any prompts.
  • Reboot your computer.
  • Windows should notify you that it has found and installed the driver after the reboot.
  • Confirm if the issue is resolved. 
     

STEP 8
ypeNg1J.png Panda USB Vaccine

  • Install Panda USB Vaccine as instructed in STEP 1. Skip the instructions that proceed Computer vaccinated.
  • I recommend keeping the programme installed for future use. 
     

STEP 9
LRQ3fDK.png Restoring Backed Up Data

  • Hold the shift key and insert your USB drive.
  • Open your Anti-Virus. Run a scan, ensuring you select the option to scan removal media or the drive letter associated with your USB drive.
  • Confirm no threats found.
  • Open Windows Explorer, and navigate to your USB drive. Copy the backed up files to your Desktop, or the location of your choice.
  • Remove your USB drive.
     

STEP 10
CXrghb6.png Install Previously Installed Software
Here are links to some of your previously installed software. I do not recommend installing Java for the reasons below.

Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

Link to post
Share on other sites

Below I have compiled a list of recommend software and resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.
 
STEP 11
CXrghb6.png Recommended Software
The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Setup on my Windows 8 machine:

  • ESET Smart Security
  • Malwarebytes Anti-Malware Premium
  • Emsisoft Antimalware
  • Sandboxie
  • SpywareBlaster
  • Secunia PSI
  • CCleaner
  • WOT, Adblock & NoScript
     

STEP 12
CALdreV.png Recommended Reading on Preventative Measures and How to Avoid Infection

Please read through the above, and let me know if you have any questions.

Link to post
Share on other sites

Hey Adam,  I noticed that the CPU usage is down from 90-100%, but it is still about 50% with no applications running.  Looks like "IAStorDataMgrSvc.exe *32" is the SYSTEM process responsible.  Looks like this is due to the Intel Rapid Storage Technology program.  Is this normal?  If not, do you know a way to reduce the CPU usage due to this program.  The program list says it's version 0.0.0.0000.  Do I need a newer version or something?  Is this program even needed?  

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.