Hello there I’m in urgent need for help as I’m using my father’s bosses’ old pc, I am a total dumbass I don’t know much about computers.
About a month ago I downloaded Internet Download Manager patch from crackingcity.com (I’m posting the website name so that other reading this post should be aware that this websites distributes viruses, I have no intentions of promoting) and after that I have been noticing COMSurrogate process taking up about 90% of CPU usage in task manager. It even made my pc fans run loudly. At first I was ignorant but when I checked task manager I found the culprit.
Even since I’m struggling to get rid of this malware, firstly I uninstalled IDM. Then i tried every websites on malware removal guide based on this particular virus. Mostly all suggested using anti-virus, which didn’t help much, so i tried the manual removal and managed to stop it from running in task manager. That included deleting a lot of registry files which were parts of the malware.
But even after trying everything I noticed, two remnants of the malware one registry item called MSDLLHelper under HKUS-1-5-21-2376670492-3024356693-3209832367-1001SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|MSDllHelper and a program call DLLHost.exe under C:/User/admin/Appdata/Roaming/DLL/Dllhost.exe. I downloaded AutoRuns and tied deleting both entries but every time I boot up my PC this 2 malware will show up again and I had to delete them again.
I get want to get rid f the Folder named DLL from roaming one and for all. So is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks.
One more thing when I boot my pc I found the DLL folder in roaming shows as empty, after say about 2 minutes a file named WinRing0x64.sys show up, a minuite later a rar named VS_files.rar shows up it auto converts to dllhost.exe. Once’s the file named dllhost.exe show up, a regidit entrée named MSDllHelper gets created.
This is the log file of hitmanpro
C:UsersadminAppDataRoamingDlldlIhost.exe -> Deleted
Size . . . . . . . : 4,701,696 bytes
Age . . . . . . . : 37.4 days (2021-01-29 14:43:38)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 43A3A0A88FB16141277CFA3E4E81B38E10A98C4ACBDF6B9D468286875746156E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : COM Surrogate
Version . . . . . : 10.0.18362.1
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.Application.Miner.24
> SurfRight . . . . : Generic PUA BC (PUA)
Fuzzy . . . . . . : 105.0
Edited by IndiaBulls, Yesterday, 11:12 AM.