Jump to content

Need assistance - dllhost.exe COM Surrogate, Trojan.MalPack, Trojan.FakeMS.ED found


Recommended Posts

I had to step away for a meeting and left zoek running.  I just received a text to my mobile from my Internet service provider stating they have detected a bot on my home network.  Is this the trojan at work or is Zoek acting like a bot.  When I return if the Zoek is still running (several hours) should I stop it or reboot or still leave it alone?

Link to post
Share on other sites

  • Replies 92
  • Created
  • Last Reply

Top Posters In This Topic

Zoek does not act like any form of BOT, it will not run for several hours either, unless of course is frozen. Unfortunately some security programs do identify Zoek as a threat due to its actions, that is why all security must be turned off before a scan is initiated..

 

Lets wait for your return, see if Zoek has produced a log, also if your ISP has any information can we also see that....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Ok, rebooted.  Zoek was gone from the desktop.  Had to safe boot with networking re-download to desktop, then reboot normal mode.  Turned off all antivirus and all other programs.  Made sure all users checked and hit scan.  That was 2 hours ago.  I have left it running.  It says Creating Environment Variables...

 

Norton is turned off for 5 hours...hoping this finishes before then...

Link to post
Share on other sites

Obviously there is interferance with Zoek with something on your system.... Try to close out with taskmanager, if not reboot again to stop the scan.

 

Next,

 

dr_web_cureit_zpse80d87bf.jpg

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 


The file will be randomly named
Reboot to safe mode
Run Dr Web
Tick the I agree box and select continue
Click select objects for scanning
 
drwebselect.JPG
 
Tick all boxes as shown
Click the wrench and select automatically apply actions to threats
 
drwebfolders.JPG
 
Press start scan
The scan will now commence
 
drwebscan.JPG
 
Once the scan has finished click open report
 
drwebscancomplete.JPG
 
A notepad will open
Select File > Save as..
Save it to your desktop

 

This log will be excessive,  Attach it to your next reply…

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Ok, the first time I ran this in safe mode with networking, it found the Trojan.Mayachok.5 and as the scan progressed, I stepped away for only a few minutes and the computer rebooted to normal mode.  No log nothing.  I was concerned about running the program again so I deleted it and then used msconfig to set the computer to reboot to safe mode with networking - previously I had booted it from off hitting F8.  It rebooted to safe mode and I re-downloaded the program.  I shut off internet explorer and ran the program again.  This time it ran all the way through and said it did not find anything.  Attached is the log.  Has the virus, Trojan, or bot tricked cureit?

cureit.log

Link to post
Share on other sites

If DrWeb settings were as listed it will have remove any found infection.. What you see in Taskmanager is normal.... The trojan you mention is the dropper for a ransomware infection...

 

Can you boot to normal mode and run a threat scan as follows:

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Post that log please, also let me know if there are any remaining issues or concerns.....

 

Kevin....

Link to post
Share on other sites

Attached are the files.  I have actually run the scan twice now and it has not found anything.  However, the infection appears to have messed up internet explorer because when I click a link such as the Dr Web Cureit above it opens a tab that is completely white blank. Even when you type the url into the new tab it stays blank and the title of the tab lists New tab.  Do I need to repair or delete and reinstall internet explorer?  Or is this a sign of a continuing infection?

 

 

141030 MBAM Scan Log.txt

141030 MBAM Protection Log.txt

Link to post
Share on other sites

I am trying to reinstall my driver for my video card AMD Radeon R9 270 and it will not boot normal mood...just get blue screen.  Can boot to safe mode with networking no problem.

 

My Microsoft office says it cannot verify my license...and closes immediately....

 

Is my computer virus free?  Does it just need reinstallation of software for the programs damaged by the infection?

Link to post
Share on other sites

What you describe seems to suggest system damage, this is definitely not unusual when a system has been infected deeply. The two logs from Malwarebytes are encouraging, the scan log is clean and the protection log does not indicate any unusual activity.

 

Have you made any progress with the video card driver, probably the best way forward with that is to open Device Manager > select start, type device manager into the search box, tap enter. Scroll to and expand display adapters, right click on the card and select "Uninstall"

Re-boot to normal mode, during "POST" the card will be recognized and windows will attribute a driver. Any improvement?

 

If you cannot boot to normal mode try a start up repair, full instructions at following link:

 

http://www.sevenforums.com/tutorials/681-startup-repair.html

 

Does that make any difference or help in any way?

 

Kevin..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.