0 Members and 1 Guest are viewing this topic.
Questions:1 What is "Scan Offline Registry".
Does it mean I can remove the HD with the infected by dllhost.exe and use another computer to scan the registry of the OS on the infected HD?If not, is it possible to make your software do that?
2 In the instructions for making the portable version say:The file will be used then to gain access to premium features while doing your malware removal on your customer’s PC. To use that file, you need to use the command line parameter -portable-license path_to_the_file. You can also name it rk_config.ini and place it in the same directory as RogueKiller exe file.What does you can also name "it" refer to? The portable file ? Or a file saved with the command line parameter shown above?Would you please explain it more clearly.
All of the advice I have found on the internet is rather old, therefore outdated, and none of the programs recommended (Eset Poweliks Remover, Symantec etc.) including Roguekiller is able to remove the current variant of dllhost.exe (Powelik) malware. In task manager you can see it pop up, you can endtask the tree, but it comes right back.I am totally amazed and disappointed that none of the AVs or anti Malware programs detect it. I understand that it resides in the Registry. So what, most of the anti malware programs scan the Registry.
Roguekiller is my last resort, but it too has failed to remove it. Yes it found a bunch of malware and removed that, but that was probably just some other crap that Powelik let in.Any help would be greatly appreciated.
I hope that you are not in the area of the terrible floods.
My experience with the dllhost.exe, is that it starts off rather quiet and then gradually gets worse and worse at slowing down the system. This machine has not slowed down and I was wondering if dllhost.exe showing up was perhaps the normal version doing it's job. However, it is extremely rare that I see it at all on all of the many normally functioning machines that work on, both in my office and those of my clients.
Microsoft Security Essentialsavast! AntivirusComodo Defense+WinPatrolSpybot - Search & DestroyMalwarebytes Anti-ExploitMalwarebytes Anti-MalwareMalwarebytes Anti-Ransomware
Therefore I was thinking that dllhost.exe was infected, but it had not fully "matured" yet. And, as you may have noticed from the Roguekiller reports, Roguekiller detected and removed a bunch of other malicious software from this machine.
It would be terrific if in fact dllhost is not infected by Poweliks.I've attached the reports you advised me to upload, as well as a task manager screen capture. On occasions I've seen 3 instances of dllhost.exe, but usually it is just one. If I end task the tree, it comes back either immediately or a bit later.
I see that there are pieces of Logmein that have not been properly uninstalled. I am currently using a licensed version of Teamviewer to support my clients.
Thank you for your generous help.