Jump to content

Poweliks infection


Recommended Posts

Every time I open process hacker, a DLLHOST is just closing

C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

If I search this ID, it's commonly associated with the powerlinks trojan.

Bleeping computers recommend FRST, but using FRST, how can you determine there's something malicious?

MB 3.71 / MBAR / Windows Defender / KVRT / NPE

Don't detect any viruses

Link to post
Share on other sites

So am I just being paranoid? It's quite an old trojan[2014] is it still active?

I am on WIndows 10 1903, and if I go to the reg there's only 2 keys

Thumbnail Cache Class Factory for Out of Proc Server

{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

So it seems it's just the thumbnail cache acting normally.

Link to post
Share on other sites

Greetings,

Both Malwarebytes (with rootkit scanning enabled under Settings>Protection in the Scan Options section) as well as Malwarebytes Anti-Rootkit are quite proficient at detecting Poweliks and it is quite an old threat so I expect it would have been detected if your system was actually infected with it.  You can learn more about the threat in this Malwarebytes Labs article.

With that said, if you suspect that your system might be infected with any sort of malware then please follow the instructions in this topic and create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any threats as soon as one is available.

I hope this helps set your mind at ease and if there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.