Jump to content

Malicious Website Blocked dllhost.exe


Recommended Posts

Hello, the constant pop up of the Malicious Website Blocked is annoying me, it goes away then comes back after awhile the only process causing it is dllhost.exe but now it stopped there is the same process but it doesn't have "dllhost.exe*32 Com Surrogate" without it that process is harmless.

 

It attempts outbound connections to the following:

fff5ee.com      (Most Common)

IP: 31.184.192.90

port: 51197, 51324, 51327.

 

Unknown Domain     (Very Uncommon but happens)

IP: 95.215.1.57

Port:511224, 51235, 51240.

 

 

 

 

Sorry I took so long I was trying to gather all I could about these two.

Link to post
Share on other sites

  • Staff

Hello DedSecGhost, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)
Link to post
Share on other sites

  • Staff

Please boot into Safe Mode, and run FRST there. Instructions below.

 

MgeHyNE.png Boot into Safe Mode (Vista/7)

  • Restart your PC.
  • As soon as the BIOS is loaded, begin repeatedly tapping the F8 key until the Advanced Options menu appears.  
  • Using the arrow keys, select Safe Mode
  • Press the Enter key.
     

MgeHyNE.png Boot into Safe Mode (Windows 8)

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • Click the Boot tab.
  • Place a checkmark next to Safe boot. Leave the checkmark next to Minimal.
  • Click OK, followed by Restart.
  • Your PC will boot into Safe Mode automatically.
Link to post
Share on other sites

  • Staff

Close FRST. Try running RKill, followed by FRST. 
 
If you still can't get FRST to Scan then running in Safe Mode would be the best option. 
 
2NquDoJ.png RKill

  • Please download RKill and save the file to your Desktop.
  • Right-Click RKill.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • Important: Please do NOT reboot your computer until you have carried out the steps below.
  • A log (C:\rkill.log) will open once the scan has completed. Copy the contents of the log and paste in your next reply.

Note: If the programme fails to run, or encounters an error, please delete RKill.exe and download the following file. Repeat the steps using the newly downloaded iExplore.exe.

Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

Rkill can be found at this link http://www.bleepingcomputer/forums/topic308364.html

Program started at: 10/18/2014 02:7:47 AM in x64 mode

Windows Version: Windows 7 Home Premium Service pack 1

Checking for windows services to stop:

 

* No Malware services found to stop.

 

Checking for processes to terminate:

 

* No malware processes found to kill

 

Checking Registry for malware related settings:

 

* No issues found in Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry

 

Performing miscellaneous checks:

 

* no Issues found.

 

Searching for Missing Digital Signatures:

* no issues found.

 

Checking HOSTS File

 

*no issues found.

 

Program finished at: 10/18/2014 02:15:55 AM

 

Execution time:0 hour (s) , 8 minute (s), and 8 second (s)

Link to post
Share on other sites

I found out that Mozilla and Chrome were causing it to stall so I went into safe mode and and ran FRST.exe and it worked I also uninstalled Chrome and Mozilla, I also found out that the internet stopped working because it would shut off incorrectly so that's good, but the downside is that my computer got hit hard it takes like 2 or 3 minutes to start up pretty sure that will change when this is fixed.

Addition.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.