Jump to content
adh

Malicious Website Blocked - dllhost.exe

Recommended Posts

Since this looks like it is going to take awhile to fix I was thinking of copying some of my files to an external drive and was wondering if that is safe or am I just increasing the problem? I've even started getting popups when IE is closed. Thanks.

Share this post


Link to post
Share on other sites

Hi.

 

There is no response from the experts yet. Please post me a fresh FRST & Addition reports.

Share this post


Link to post
Share on other sites

Here is the new logs you requested.  I'm hoping something that was hiding has shown up. It doesn't look like it's letting me copy and paste.

Sorry.  I know it makes it harder for you.

 

Thanks.

 

 

 

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Any luck oor do I just need to scrap it and start over? Got work I need to do but afraid to use computer as is.

Share this post


Link to post
Share on other sites

Hello,

I'm very sorry for the delay. I am also surprised that nobody jumped in, as I reported my absence in the private room. Since some time has passed, please post back if you still require assistance. I am back online nad will do my best to help you.

Share this post


Link to post
Share on other sites

Hello :)

I've contacted an Expert once more to try to investigate this issue. So far I know nothing more or less... Just the info about the strange hooks on IE.

Run SFC please. Maybe some patched file is on the move.

batfile.gif Run System Files Checker

SFC is internal Windows tool to verify the integration of critical system files.

  • Press the WindowsKey.png on your keyboard.
  • In the search box type in cmd and wait until it appears.
  • Right-click on the batfile.gifcmd.exe and select RunAsAdmin.jpg Run as Administrator to start command prompt.
  • Type in the following command: sfc /scannow and press enter. Note the space as marked: sfc_/scannow.
Let in run unhindered. This procedure may take some time.

Did it say that finished and no violations were found?

Share this post


Link to post
Share on other sites

I ran the scan and it said it found corrupt files and successfully repaired them.  I was unable to open any log for it tough.

Share this post


Link to post
Share on other sites

This one will help us acchieve the logfile:

batch-win7.png SFC /scannow details scan

Please download the batch script file attached to this post.

Extract it.

  • Right-click on the batch-win7.png icon and select RunAsAdmin.jpg Run as Administrator to start the script.
  • This procedure may take some time. Please be patient and let it run uninterrupted!
  • It should delete self and leave the sfcdetails.txt report on your desktop upon completion.
Please include it in your next reply.

Share this post


Link to post
Share on other sites

This was the log I didn't expect to see. However... I have an idea.

TweakingComRepairInternetExplorer.png Repair Internet Explorer with Tweaking.com

Please download Tweaking.com - Repair Internet Explorer and save the file to your desktop.

  • Double-click the Tweaking.com-RepairInternetExplorerArch. icon to unzip the tool - it should run automatically after that.
  • Accept any prompts you will be presented (like UAC) to allow the tool to run.
  • Close all other apps to make sure they won't interfere with the repairs.
  • When the main console will appear, please press the big Start button.
  • This repair can take some time. Be patient and let it run unhindered.
  • When finished (a note about it should appear in the box on the left), you may close the app.
  • Navigate to the Tweaking.com - Repair Internet Explorer directory on your desktop and access the Logs folder.
Search for the current date logfile in that folder. Please include it in your reply.

Share this post


Link to post
Share on other sites

Hi,

Please re run RogueKiller as told earlier (scan option only). I would like to see what changed after altering some IE internals.

Share this post


Link to post
Share on other sites

Hi :)

RogueKiller.png Fix with RogueKiller

Please re-run RogueKiller.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, the Delete button will become available. Do not click it yet.
  • Browse the tabs in the lower part of the console and leave checked only these items:

    [Suspicious.Path] \\IHSelfDeleteTASK -- CMD (/C DEL C:\Users\Heathman\AppData\Local\Temp\IHUFC87.tmp.exe) -> Found[Suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\Heathman\AppData\Local\Temp\IHUC64A.tmp.exe) -> Found
  • Click Delete.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.

What is the brand/model of that computer?

Share this post


Link to post
Share on other sites

Go to the Safe Mode with Networking and check if these pages would appear when surfing there.

Share this post


Link to post
Share on other sites

Can you extract and post the addresses it it trying to connect?

Post them in the

[code]
tags please so anyone browsing won;t be able to click on them directly.

Share this post


Link to post
Share on other sites

a couple showed up as possible malware.  Seemed like it was getting better then Malware Bytes scheduled scan quarantined a file and it seems like it started again.  I'm getting malicious website blocks with c:\windows\explorer.exe (every couple of minutes)

Share this post


Link to post
Share on other sites

I'm not sure if it was the same one as the threat scan deleted this morning so I have attached both MalwareBytes logs from today. I rebooted the machine but I'm not sure if that took care of it.

MBAM log3.txt

Threat Scan.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.