Jump to content

Please Help fff5ee.com dllhost.exe


Recommended Posts

Hi everyone my name is Palmer and I picked up this damn thing yesterday while on monster.com looking at jobs.

 

I have Malwarebytes Premium and Microsoft security essentials with their latest updates.

 

I ran scans with both of programs yesterday and today with nothing turning up on any scans.

 

It constantly triggers Malwarebytes Malicious website blocked about every two seconds stating:

 

Domain: Either blank or fff5eee.com

IP: Constantly changing

Port: Constantly changing

Type: Outbound

Process: C:\Windows\SysWOW64\dllhost.exe

 

I currently have been unplugging the internet when the computer is idle. Please let me know if I need to be connected to the internet while running any particular scan in the futre.

 

I read the info here and ran a scan with FRST and I have attached the results.

 

Thank you very much for any help and assistance.

 

Palmer

FRST_28-10-2014_11-32-46.txt

Addition_28-10-2014_11-31-34.txt

Link to post
Share on other sites

Hello Palmer25, welcome to Malwarebytes' Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page.

======================================================
 
Due to the nature of one of the infections present on your machine, I must ensure you are aware of the following. Please read the warning below, let me know what you think and how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker remote control over the machine. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, this decision is personal, and down to you and what you're most comfortable with. Please let me know how you wish to proceed, and if you have any questions.
Link to post
Share on other sites

Hi Adam thank you for helping me and feel free to call me Palmer. I did everything you suggested in your post above. Luckily I backed up my personal files onto an external harddrive about 1.5 months ago. That hard drive has not been connected to any computer including this one since then so I don't have to risk saving any possibly infected files.

 

For the security of myself and my family I want to do the reformat/reinstall. I've found all my disks that came with my computer. I am running Windows 7 Home Premium 64 Bit. I have never done a reformat/reinstall. Do you have any advice or is there any particular guide that would be helpful to me under these circumstances? Thank you again for you help and time Adam I appreciate it very much.

Link to post
Share on other sites

Hi Palmer, 

 

You may have a recovery partition, which can be used to restore the computer back to the factory image. 

The Addition.txt file you attached is not complete, so I can't see if this is the case. 

 

Please open Addition.txt and scroll to the bottom. Copy everything below and including the following line. 

==================== Drives ================================
Link to post
Share on other sites

Hi Adam thank you for replying so quickly. I re ran FRST and got a complete addition file for you.

 

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:620.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 9F06E8C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

I recommend reading the following article: http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html

This explains the process.

 

I would suggest creating an account at Seven Forums if you have any specific questions, as the techs there are better equipped to answer. 

 

You are more than welcome to ask questions on computer security, programmes, how to reduce the risk of reinfection, etc here. 

Link to post
Share on other sites

No problem at all. :)
 
Once your computer is back up and running, you may wish to look into the following:
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.