Jump to content

clrhost.dll infected

Go to solution Solved by AdvancedSetup,

Recommended Posts

Hello @TatianaBio21 and welcome back:

1.) While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, please carefully follow the instructions within the following:

View Reports and History in Malwarebytes for Windows

2.) Although some expert helpers are multilingual, only some may read/understand Brazilian Portuguese. If English is not the Windows 10 Pro system language, please right click on FRST64.exe and rename to FRST64English.exe. Then, run FRST64English.exe and attach its files with the above detection report.

Remember, please be certain to attach (not Copy and Paste) the above produced three (3) files in your next reply to this topic.

Thank you.

Edited by 1PW
Link to post
Share on other sites

  • Root Admin

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.¬†
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes¬†
  • When prompted for scan type, Click on Full scan¬†
  • Look at & tick¬† ( select )¬†¬† the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"¬†¬† and click on the Start scan button.
  • Have patience.¬† The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.¬†¬† ( e.g. their standard program).¬†¬† You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.¬† If so, click the button marked ‚ÄúView detected results‚ÄĚ.
  • Click The blue ‚ÄúSave scan log‚ÄĚ to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ‚ÄĚRestore cleaned files‚Ä̬† ( in blue, at the bottom).
  • Press Continue when all done.¬† You should click to off the offer for ‚Äúperiodic scanning‚ÄĚ.


Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3






Deixe-me executar um scanner diferente para verificar novamente. Eu n√£o espero que ele encontre nada, mas n√£o h√° mal nenhum em verificar.

Sugiro uma verificação gratuita com o ESET Online Scanner

Acesse https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

    Ele iniciará um download de "esetonlinescanner.exe"
    Salve o arquivo em seu sistema, como na pasta Downloads, ou então na área de trabalho.
    Vá para o arquivo salvo e clique duas vezes nele para iniciá-lo.
¬†¬†¬† Quando apresentado as op√ß√Ķes iniciais da ESET, clique em "Computer Scan".
    Em seguida, quando solicitado pelo Windows, permita que ele inicie clicando em Sim
    Quando solicitado para o tipo de verificação, clique em Verificação completa
    Olhe e marque (selecione) a seleção de rádio "Ativar a ESET para detectar e colocar em quarentena aplicativos potencialmente indesejados" e clique no botão Iniciar verificação.
    Tenha paciência. Todo o processo pode levar uma hora ou mais. Há um download de atualização inicial.
    Há uma exibição da janela de progresso.
    Você deve ignorar todos os prompts para obter o programa de software antivírus ESET. (por exemplo, seu programa padrão). Você não precisa comprar ou obter ou instalar mais nada.
¬†¬†¬† Quando a verifica√ß√£o for conclu√≠da, se algo for encontrado, ser√° exibida uma tela com o n√ļmero de itens detectados. Em caso afirmativo, clique no bot√£o marcado ‚ÄúExibir resultados detectados‚ÄĚ.
¬†¬†¬† Clique no azul ‚ÄúSalvar registro de verifica√ß√£o‚ÄĚ para salvar o registro.
¬†¬†¬† Se algo foi removido e voc√™ sabe que √© uma descoberta falsa, voc√™ pode clicar no azul ‚ÄĚRestaurar arquivos limpos‚ÄĚ (em azul, na parte inferior).
¬†¬†¬† Pressione Continuar quando tudo estiver pronto. Voc√™ deve clicar para desativar a oferta de ‚Äúvarredura peri√≥dica‚ÄĚ.

Nota: Se voc√™ precisar fazer uma restaura√ß√£o de arquivo da ESET, siga as instru√ß√Ķes abaixo

[KB2915] Restaurar arquivos em quarentena pelo ESET Online Scanner vers√£o 3



Link to post
Share on other sites

  • Root Admin

You should be able to use either Google Translator or Microsoft Translator

Você deve ser capaz de usar o Google Tradutor ou o Microsoft Translator




O arquivo: clrhost.dll

Foi um Falso Positivo. Atualize o Malwarebytes e ele n√£o deve mais ser detectado.


The file:  clrhost.dll

Was a False Positive. Update Malwarebytes and it should no longer be detected.



CHR Notifications: Default -> hxxps://darkside.blog.br; hxxps://meet.google.com; hxxps://noticiasconcursos.com.br; hxxps://web.mobills.com.br; hxxps://www.darksidebooks.com.br; hxxps://www.instagram.com


Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

Tem certeza de que deseja isso ativado ou permitido? As notifica√ß√Ķes push no seu navegador parecem estar ativadas.


Turn notifications on or off - Google Chrome

Web Push notifications in Firefox



Link to post
Share on other sites

  • Root Admin
  • Solution

You're quite welcome



Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)


  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin


Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes


Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.