Jump to content

Shell.exe, svchost.exe dwm.exe re-create themselves after deleting files, browser hijack


Recommended Posts


First of all I want to say thank you for the amazing service you guys provide in this forum.

I have a problem, concerning Shell.exe, DWM.exe and svchost.exe which are identified as trojans. I am running the latest Malwarebytes and it detects those three executables and lets me quarantine and delete them, but they reappear instantly with new creation dates.

Here are the files I could not permanently delete as they recreate themselves:





There is also a really strange entry in my HJT log stating something about a proxy : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

I dont use proxies.

And for last, there is also a malicious entry that keeps coming back even after delete : F3 - REG:win.ini: load=C:\Users\Jason\AppData\Local\Temp\dwm.exe

If you need any logs, let me know and I'll post immediately.

Any help will be greatly appreciated. Thank you so much!

Link to post
Share on other sites

Agent J:

Let's get to work!

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.


Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.