URL:Mal and multiple instances of COM Surrogate

For the last few weeks my computer has been running slower. I finally opened up task manager and saw that, at times, there were multiple instances of COM Surrogate, DVDUpgrd, FixMapi, and other programs open, and even when I kill them they keep coming back. They frequently use large amounts of memory and keep growing and growing. I’ve also had the occasional URL:Mal error-- I’m not sure if those are part of the same bug or something else entirely.

Logs attached; screenshots will be in next post. Thanks for your help.

Screenshots attached.

Hi blake7,

Windows help utilities whenever there are crashes when something ominous came in via Outlook.
Wait for a qualified remover to shine his light on the matter and to tell you what you should do.

polonus

You should notice an immediate improvement after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-3016908115-2290223298-377964866-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File CHR HKU\S-1-5-21-3016908115-2290223298-377964866-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CustomCLSID: HKU\S-1-5-21-3016908115-2290223298-377964866-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Logs attached. So far things are running smooth and no issues! Thanks, as always, Essexboy.

What kind of virus/malware was it? Was it potentially taking data from me? Do I need to reset passwords? And any thoughts on how I might have got it? Thanks!

It was Poweliks https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html I have yet to see a dropper for this one as it self deletes once it has added to the registry

Nothing would have been passed out as avast was blocking it :slight_smile:

How is the computer now … Any further problems ?

Which is slightly annoying. Guess we should try and find the infection source(s) (VirusSign maybe)?