Jump to content

Recommended Posts

Recently I've taken to translating manga from Chinese to English (unlicensed at least in English). I think one of the Raws must of been infected. Scanned with Mal bytes and Microsoft ?Safety? Scanner and Win Def. Any processes I run which are taking up alot of RAM slow down after an hour in. Bringing up task manager show multiple 2-4 Com Surrogates Running traceing to dllhost.exe in Sys 32. Problem is. I do not have IE browser installed any longer nor were there any apps I have initiated that run to establish a Dcom server

 

Event Viewer show:

 

Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"2"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

this error appeared no less than 34 times over a period of 3 sec. Everytime which I bring up taskmanager I see the program dllhost.exe turn it self off. Close task manager, slow down returns. ad infinitum.

 

Help appreciated.

 

 

PS - Should need be, I can send copies of suspect raws which may have infected my computer.

Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Problem still persists. Com Surrogates still here. dllhost.exe priority is auto set to norm despite being shifted to low. All major apps in current use priority down graded to low.

 

001 - scan canceled- battery dry

002 - curiosity to see if malware was detected again, FUBAR assessment

003 - complete scan, undisturbed. Turned up clean

 

 

Thanks for your time

FRST.txt

Addition.txt

MBAM_scan_of_sys32_001.txt

MBAM_scan_of_sys32_003.txt

MBAM_scan_of_sys32_002.txt

Link to post
Share on other sites

Hi,
I am sorry, I have been flying more than 30h lately and wasn't able to respond properly.



MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.
Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.

Wait patiently and don't do anything on your machine while MBAR goes through your system!

  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.

When finished (either with or without cleanup), please navigate to the MBAR directory.
Search there for these two files:
> mbar-log-date(time).txt
> system-log.txt
Please include the content of both files in your reply.

Link to post
Share on other sites

Strange cause I don't see that in the logfiles. Unless the infection changed its vector or returned.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hi and sorry for the delay.


There's definitely no Poweliks here. Instead I think there's some internal problem.



batfile.gif Run System Files Checker

SFC is internal Windows tool to verify the integration of critical system files.

  • Press the WindowsKey.png on your keyboard.
  • In the search box type in cmd and wait until it appears.
  • Right-click on the batfile.gifcmd.exe and select RunAsAdmin.jpg Run as Administrator to start command prompt.
  • Type in the following command: sfc /scannow and press enter. Note the space as marked: sfc_/scannow.

Let in run unhindered. This procedure may take some time.
Did it say that finished and no violations were found?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.