dllhost.exe Trojan Horse

[mushies1337]

Okay, I know I have the dllhost.exe trojan. Whenever I connect to my network, my CPU goes on 100% and dllhost.exe is active.

 

I need to get rid of this. I don't need to know what it is, I know it's there.

[,,,,,,,,,,,,,,,,,,,,,,,,,,]

Possible bitcoin miner?

Run malwarebyes & eset online scanner.

Check start up services/programs.

[flibberdipper]

Reboot into Safe Mode and run a full scan with MalwareBytes.

[mushies1337]

Possible bitcoin miner?

Run malwarebyes & eset online scanner.

Check start up services/programs.

 

Reboot into Safe Mode and run a full scan with MalwareBytes.

On it boss.

[mushies1337]

The scans aren't done yet but I'm changing my suspect to rundll32.exe.

I force killed it with command prompt and my CPU usage went back to ~0%.

[mushies1337]

Reboot into Safe Mode and run a full scan with MalwareBytes.

Nothing came up.

[Jack.EXE]

http://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/
 

Since there’s no way to directly launch a DLL file, the rundll32.exe application is simply used to launch functionality stored in shared .dll files. This executable is a valid part of Windows, and normally shouldn’t be a threat.

the valid process is normally located at \Windows\System32\rundll32.exe, but sometimes spyware uses the same filename and runs from a different directory in order to disguise itself.

in task manager, right click on the process and open it's file location, if it's not \Windows\System32\rundll32.exe, you sir have a virus.

[flibberdipper]

Nothing came up.

As I remember, you have to mash F8 booting up. Or Google how to reboot into Safe Mode.

[ekv]

Okay, I know I have the dllhost.exe trojan. Whenever I connect to my network, my CPU goes on 100% and dllhost.exe is active.

 

I need to get rid of this. I don't need to know what it is, I know it's there.

Just install any trial version of ESET or Kaspersky and let it handle ur problem.

[elkenrod]

mushies... reinstall your OS

 

This comes from a place of love, but if you have something like this on your system, you need to start over.  There's no telling what else is on your system.

It's 2015.  Everyone should be prepared and willing to reinstall their OS and all of their drivers/programs in ~20 in order to have "peace of mind" and a functional system free of crap.

 

If for some reason you can't/aren't willing to do this, you need to work to set up your system so that you can do this going forward.

[vembutech]

Have a look at this resource Trojan horse dllhost.exe check whether this guides you with any idea.

[xAcid9]

Download Process Explorer, hover on the suspicious .exe and check the command line for suspicious unknown executables/services.

 

https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

[mushies1337]

Download Process Explorer, hover on the suspicious .exe and check the command line for suspicious unknown executables/services.

 

https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

thanks guys c:

trying out all of this right now

 

also I'm a bit suspicious of a rogue rundll32.exe coming from SysWOW64