|
Post by silentes on Oct 28, 2014 13:11:32 GMT -8
Quads,
I just got home from work and looked at my task manager and saw 0 dllhost.exe files running. As soon as I open IE one pops up for about 3 seconds then disappears. This seems to be good progress but it also makes me think its waiting for something else to trigger to go full blast again?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 28, 2014 13:28:20 GMT -8
OK
hmmm If you get any popup alert for IE Java or Flash Player think it as fake for now.
Quads
|
|
|
Post by silentes on Oct 28, 2014 14:19:48 GMT -8
I did get a uac alert telling me ie wanted to download something
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 28, 2014 14:26:30 GMT -8
I am looking at these items
2014-10-25 19:28 - 2014-10-25 19:28 - 00000028 _____ () C:\Windows\SysWOW64\u 2014-10-21 13:08 - 2014-10-21 13:08 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp 2014-10-21 12:55 - 2014-10-21 13:18 - 00000000 ___HD () C:\e075091 <======== appears random named from one system to the next 2014-10-21 12:53 - 2014-10-24 20:28 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
Quads
|
|
|
Post by silentes on Oct 28, 2014 17:17:55 GMT -8
Quads,
just FYI tomorrow I'll not be around my PC until Friday evening
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 29, 2014 13:08:30 GMT -8
OK
Quads
|
|
|
Post by silentes on Oct 31, 2014 15:52:15 GMT -8
Quads,
I am back. Is there anything I can do? My PC has been shutdown the last couple days. When I booted it there was no sign of Com Surrogate until I opened IE. It popped up briefly then went away.
Jeremy
|
|
|
Post by silentes on Oct 31, 2014 17:11:08 GMT -8
I might be reaching here but I've been paying really close attention to my processes running in task manager. When there isn't a dllhost.exe file running there is a taskhost.exe. When I killed the taskhost.exe then the dllhost.exe starts one process. It might just be a coincidence? When I try to kill the dllhost.exe it just comes back now.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 1, 2014 12:43:23 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|