Jump to content

Am I Infected? - Dllhost.exe


Coringa

Recommended Posts

Howdy Coringa. Welcome to MalwareBytes forums.

BTW, Dllhost.exe is a genuine Windows component. What symptoms lead you to think you may be infected?

Symptoms ? details, please.

First thing, you have an obsolete version of HijackThis. Un-install it.

Start button > in Start menu -- Control Panel > Uninstall a Program (listed under Programs).

{In Classic view, double click Program and features}.

If you find HijackThis, then remove it.

Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Step 4

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.

Step 5

Please include the following logs in your next reply:

HijackThis log

DDS.txt

Attach.txt

GMER log

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks Maurice,

actualy, I think my PC does not have any symptoms . I thought every program Rkill stoped was a Malware.

So When I ran it, it appeared the Dllhost.exe. Then I thought it was a Malware.

Do you think it

Edited by Maurice Naggar
Removed quote section
Link to post
Share on other sites

When starting a reply, only use the AddReply t_reply.gif button when starting. Otherwise, you make the forum include the prior post in quotes. That makes for very long read.

You may be a bit "neurotic" as you said.

Make sure your antivirus is fully current and up-to-date, then have it fully scan your system. What result do you get?

Do similar for MBAM and do a Quick scan. What result do you get?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.