Results 1 to 4 of 4

Thread: " dllhost.exe" Poweliks Malware - Your worst Nightmare without easy solution

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Posts
    14

    Angry " dllhost.exe" Poweliks Malware - Your worst Nightmare without easy solution

    I run a computer support business and of all the malware that I have had to deal with, the worst in my experience is the one that deals with "dllhost.exe", None of the well known companies that make security software (Anti-virus, Anti-Malware) other than Symantec have even given it a name, and none of them either detect or remove it successfully. Apparently it is a Fileless, Memory injecting DLL. If that does not mean anything to you, you are not alone, but it may explain why it is so difficult to detect and remove.

    It is not new, and you can find descriptions of it at least as far back as 2013 or possibly earlier.

    Good description of problem, unfortunately removal recommendations have not worked for me.
    https://malwaretips.com/blogs/dllhos...ogate-removal/

    Symantec calls it "Poweliks" and even provides a specific removal program, as well as instructions for manual removal, neither of which works at this time (or within the last 2 years that I have had a chance to test it).

    Does not work, but you may want to read the information anyway
    https://www.symantec.com/security_re...614-99&tabid=3



    Other programs that also fail to detect and remove this problem are:
    AVG, Avast, Malwarebytes, Spybot, Symantec, Eset, McAfee, Kaspersky, MS Security Essentials, Trend Micro, BitDefender, Rogue Killer etc.



    Symptom is presence of multiple instances of dllhost.exe (viewed in Task Manager Processes Tab) that usually cannot be removed by endtasking, and very high (close to 100%) CPU usage, which as you would expect slows the computer to a crawl, often making it totally unusable.

    At first it does not appear as obtrusive as it becomes later on, so it may take a week or more for it to become more obvious. If you disconnect from the internet and abstain from running any programs, after just booting up, other than your memory resident security programs, CPU usage may remain below 10%, but when you connect to the internet, activity will jump much higher (this is after all of your security updates have already finished). On a healthy computer CPU usage ought to be no higher than 0-3%, with or without internet connection.

    The solution, that most support takes (Malwarebytes, is to have a malware removal expert work with you on-line your unique case. This involves running a handful of special programs such as Farbar, Combofix, etc. and requires posting results of scans and systems logs on-line. It may take several days and the instructions are relevant only to the specific computer. While this is extremely helpful to a given individual, when successful, it is not very efficient compared to the successful removal of less tough malware that many Security Programs accomplish routinely.

    All you have to do is do a search for "dllhost.exe malware removal" to find tons of links which suggests that this is a fairly common problem.

    We need to have all of the Security Programs able to deal with this problem.


    The only surefire solution to fully deal with this problem in my experience is to restore a prior clean image backup. This is the only thing that has worked for me in the past.
    This require that you make full image backups systematically prior to having any problems.

    Please add helpful comments
    Last edited by drdancm; 2017-02-23 at 03:13. Reason: grammar, clarity, added link

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello drdancm,

    I saw that you also posted a heads up at the malwarebytes forums.

    FYI for those surfing in, we too have a Malware Removal Forum for one on one assistance.
    http://forums.spybot.info/showthread.php?t=288

    Our volunteer analysts responded to users with Powerliks, 2014 saw the most occurrences.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    1

    Default Other programs that also fail to detect and remove this problem are: AVG, Avast, etc

    RE: DLLHOST.EXE
    Has anyone tried Avast Bootscan? Last year I ran into this bugger and while I seem to recall DLLhost.exe was identified by the TSR "Bootscan" but recovery was only temporary. I believe that particular notebook PC yielded to ransomware and was returned on Wallyworld optional warranty or such. I am wondering if Avast has an appropriate solution now.
    Last edited by tashi; 2017-10-28 at 04:04. Reason: Moved from Spybot support forum

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello wreckslow,

    Quote Originally Posted by wreckslow View Post
    I am wondering if Avast has an appropriate solution now.
    You will need to ask that question at the Avast forums.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •