Jump to content

Recommended Posts



Just last night, I noticed my computer slowing down. When I opened task manager, I noticed my computer had a large amount of processes, mainly consisting of dllhost.exe processes that used up to 90% of my memory. I don't know what has caused this problem, but I do know this has occured to several other people, including on this forums.


Since then I have ran a Malwarebytes threat scan, and the problem has became manageable, but not solved. I have already ran Farbar Recovery Scan Tool. I have also attached FRST.txt and Addition.txt


Thanks for any help that comes my way.



Link to post
Share on other sites

Hello assimilation, welcome to Malwarebytes' Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

General P2P/Piracy Notice: 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.


Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page.


Unfortunately, your computer is infected with a rootkit. As such, I must issue the following warning. Please let me know how you wish to proceed. 



One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data,using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.
Link to post
Share on other sites

Hello Anthony, 


You have a choice. We can either clean your machine now or you reformat/reinstall. 


If we clean - the identified infection(s) can be removed, but I cannot guarantee all malware will be. This is due to the nature of the infection. This option may be considered the more convenient of the two.


On the otherhand, you can reformat/reinstall. This will wipe all data from the computer, and is the recommended course of action. Going down this route will guarantee all malware removed, and ensure the integrity and trustworthiness of your machine restored. 




Ultimately, the decision is personal, and down to you. I am simply here to inform you of the facts. I believe fully explaining the situation to be imperative. 

Link to post
Share on other sites

Thanks for trying to help anyway, though.

The infection that is causing the issues described in your opening post can be removed. T

he reason for recommending an R/R is because backdoors allow a remote attacker to make any number of modifications to your system; some of which may not be possible to detect or identify. 


Though, I do have a question--what is causing it? Tons of people seem to be getting it... 

You're infected with Poweliks. A rootkit which opens a backdoor on the compromised machine. 

Poweliks is unique and sophisticated, in that it does not use any malicious files written to the HDD once the dropper is on the system. Instead, the infection is contained entirely within the registry, and utilizes legitimate System Files such as dllhost.exe and programmes such as Powershell. 


Anti-Virus software does not tend to monitor the registry, and as such, is ineffective in detecting this infection. Furthermore, once the dropper has finished, the file is deleted. This makes it difficult for Anti-Virus vendors to obtain, analyse and write signatures for Poweliks droppers. 

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.