Jump to content

Windows\SysWOW64\dlllhost.ex Malicious Website Blocked

TenshiAst

By TenshiAst
in Resolved Malware Removal Logs

 Share

Recommended Posts

TenshiAst

TenshiAst

Posted
Posted

Hellow Malwarebytes,

 

I keep getting a message from Malwarebytes that it's blocking outbound data for a couple of IP addresses from Windows\SysWOW64\dlllhost.ex

 

I have removed everything that I believed to be the cause of the problem and ran various other spyware and antivirus programs that I often use but had no luck solving my issue.

 

I can't post the logs from my Farbar Recovery San Tool to the forums directly so I've attached them. Also, does viewing this webpage on my infect computer count as "using it" and should I disable my wireless router?

 

Thank you for your time,

 

Ast

 

Link to post
Share on other sites
deeprybka

deeprybka

Posted
Posted

Hi & :welcome:
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

warning.gifP2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.


warning.gif Malware Warning:

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.



Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.


Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

Link to post
Share on other sites
TenshiAst

TenshiAst

Posted
  • Author
Posted

Hellow Jurgen,

 

Sorry for the duplicate post on the forums, I thought my internet connection gave out and lost my reply.

 

I've tried using the Combofix tool but it says that my Norton antivirus is still active even though I've temporary disable most of the functions I saw. Should I let Combofix continue or should I remove Norton completely?

Link to post
Share on other sites
deeprybka

deeprybka

Posted
Posted

Why did my post get sent here instead of the other one...?

 

Good question. :)

 

 

I've tried using the Combofix tool but it says that my Norton antivirus is still active even though I've temporary disable most of the functions I saw. Should I let Combofix continue or should I remove Norton completely?

 

 

NORTON 360

  • Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic-Protect.
  • You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
  • Choose 5 hours.

After this you can run Combofix.

Link to post
Share on other sites
deeprybka

deeprybka

Posted
Posted

Ok,

(open the logfile, press Ctrl+A, Ctrl+C. Go to your reply and press Ctrl+V - does it work for you?)

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites
TenshiAst

TenshiAst

Posted
  • Author
Posted

I've tried using the copy/paste shortcut already but unfortunately it didn't work. Maybe something is trying to prevent me from doing so. I know I currently have a problem where my computer keeps disabling my ability to download anything and I have to manually change it in the internet security settings.

 

Right now I'm waiting on AdwCleaner to finish. The scan says, "Pending. Please uncheck elements you don't want to remove," and all I see are two registry files. Do I click on "Clean" now or do I have to wait for something else to appear?

Link to post
Share on other sites
deeprybka

deeprybka

Posted
Posted

thumbup2.gif

Let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites
deeprybka

deeprybka

Posted
Posted

Hi,

 

 

Uninstall Combofix:
Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.
3w7i5uxa.png


That's it! abklatsch.gif
Your logs look clean to me at the moment. thumbup2.gif
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Java 7 Update 71
Adobe Reader X

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites
TenshiAst

TenshiAst

Posted
  • Author
Posted

I got a new message from Malwarebytes Anti-Malware today after I turned on my computer:

 

 

"Malwarebytes was unable to load the Anti-Rootkit DDA driver, this error may be caused by rootkit activity. Do you want to reboot the system and attempt to install the Driver?

 

(If you don't choose to reboot, Anti-Rootkit scanning will be disabled for this session)."

 

 

Should I be concerned about this? I haven't been using my computer for anything other than to access this website.

Link to post
Share on other sites
TenshiAst

TenshiAst

Posted
  • Author
Posted

I did the reboot like MBAM asked. A little error screen popped up for a second before the computer turned off. Once I logged back in, I was taken to a black screen with MBAM collecting updates and running another scan. I had to log off again to get back to this website.

 

Should I follow your previous instructions now?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.