U need Spybot and Malwarebytes at the very least; If Malwarebytes fails to run/install because of such virus infection; download Chameleon from the Downloads > Products section of Malwarebytes.org

Once installed, update them both. Then reboot into Safe Mode and run both and do full scans (may require multiple reboots to fully clean up). If those apps find and remove your infection, reboot back into Safe Mode again and re-run one more full scan with each to help ensure it's fully cleaned up. Virus' like those usually have registry entires and temp files in various locations so when certain easier to find files are found and deleted, the registry + temp files and simply redownload and reinject your DLLs all over again in an endless loop of horror.

Format and reinstall is your best bet.

You might have the Troj/Bckdr-QQX or similar trojan virus, this will attempt to connect out to multiple malicious websites, until it's made a connection it keeps trying in a loop which is why you get high CPU usage (the sites itself might be shutdown or your firewall blocking, etc)...

Boot into safemode.

Press Ctrl+Alt+Del keys together and stop any "dllhst3g.exe" processes in the Windows Task Manager.

Start > Run > Type "msconfig.exe" without the quotes and select from the list. Look under the startup tab for anything related to the virus and untick from the list.

Start up your web-browser(s) and restore "default" settings under the tool options. Check and ensure there's also no malicious add-ons / extensions under it.

Use an application such as Spybot:
http://www.safer-networking.org/mirrors/

Run a full scan and rootkit scan. It will detect a lot, some is just minor privacy concerns... however you can clean the lot, including the infection.

Once clean, run the "Immunization" option from Spybot as well on your web-browser to give it an additional layer of protection.

Make sure you have a good quality virus scanner + firewall. I would suggest something like Kaspersky Internet Security, if you don't already, as it's also got application control, script control, firewall, and overall extremely good protection.

You can find out what is the best protection to performance ratio anti-virus scanners here:
http://www.av-test.org/en/compare-manufacturer-results/

Don't rely on Microsoft, as they a score 0.5/5 protection rating and fail the certificate regularly each year. Many viruses and trojans merely bypass it or stay hidden.

It's clean-able; but if it gets cleaned and problems continue; I'd do clean format of C drive and clean install your OS. Also be careful of using any USB storage devices when u have such an infection as this.

First of all, thanks to you guys that posted (even Michael because if I listened to him I wouldn't have wasted 7 bucks on Nidhogg).

So I've been up literally all night attempting to fix this (8 hours). I ran both Spybot and Malwarebyte multiple times in safe mode and it turns out my computer was litered with Adware and 3 Malware.

I opened up the registry editor and remove all files associated with the virus and agreed to let Spybot run on start up of my user profile and well as letting it clean up my browsers. I booted it up, waited for the Spybot to run it's course, and everything was cool.

I started up the task manager at 6:54 AM (after rebooting my computer from safe mode) and there it was, dllhost.exe and dllgst3g.exe. I ended the process, and now at 7:09 AM that I wrote this line, it still hasn't popped back up into that task manager (an entire 15 minutes, WOW).

Now this could mean two things. I don't got to worry about this anymore, and I can go to sleep, or the more likely of the two which is later this is gonna stick me in the butt in the middle of a game and crash my computer.

I'm wondering if I should run more scans while dllhost.exe isn't running to put the final nail in the coffin, or just stop worrying about it and go to bed.

I understand that likely no one will respond at this time, (lol) but if you got a couple seconds to read this and gimme a tip or even call me a name, (because who knows, on your side of the world it could be not OD early) that would be appreciated.

Thanks a ton. (As of 7:17, still no problem :D)

EDIT: IT POPPED UP AGAIN AFTER 20 MINUTES OF NO PROBLEMS. ANY IDEAS OR IS IT A LOST CAUSE? Should I repeat the proccess? I'm a little salty here.

It seems to also be popping up with cftmon.exe aswell now. I'm going back to safe mode and running the Anti virus softwares a couple more times

Understand that virus was faking real Microsoft background service names...

But Microsoft also uses those names and some might be completely valid now.

For example:

"cftmon.exe" is a Microsoft Office process for language bar and alternative user input. It's also used by software for tasks, such as voice recognition, electronic recognition and braille keyboards. If you use others language packs, leave it, it's fine.

If you don't need other languages:

To remove from Microsoft Office (you need to disable - Alternative User Input):
1.Quit all Office programs.
2.Click Start, point to Settings, and then click Control Panel.
3.In Control Panel, double-click Add/Remove Programs.
4.On the Install/Uninstall tab, click to select Microsoft Office XP product, where Office XP product is the name of the specific Office product being used. If you are using a standalone version of one of the Office programs, click to select the appropriate product in the list. Click Add/Remove.
5.In the Maintenance Mode Options dialog box, select Add or Remove Features, and then click Next. This displays the Choose installation options for all Office applications and tools dialog box.
6.Click the plus sign (+) next to Office Shared Features to expand it.
7.Click the icon next to Alternative User Input, and then select Not Available.
8.Click Update.

To remove from Microsoft Windows:
1.Click Start, point to Settings, and then click Control Panel.
2.In the Control Panel, double-click Text Services.NOTE: In Windows XP, click Date, Time, Language, and Regional Options, and then click Regional and Language Options. On the Languages tab, click Details.
3.Under Installed Services, select each input item that is listed, and then click Remove to remove the item. All items must be removed, one by one, except the following input service: Your English (United States) keyboard or whatever language you want to use.

---

"dllhost.exe" is a valid Microsoft OS process as well. It's what other services to run their DLLs - those DLLs could be anything from Microsoft tasks, valid apps, or even malicious tasks use it to inject their own DLLs. However, understand "dllhost.exe" isn't the real concern, it's just the launcher of them, but is required for the system to function.

"dllhost.exe" should not be disabled, required for essential applications to work properly.

Thanks again. I booted up my user profile and checked the processes and it isn't running anymore. That's a good sign because every other boot up shortly after the profile loaded it was waiting for me just chillen. I'm going to look into that Kaspersky software so this doesn't happen again (thanks for the suggestion).

Been 40 minutes and still no problem btw :D.

I think the moral of the story is, don't buy Nidhogg. Not even if it's on sale for 7.50. It'll give you OD malware.</3

Try running HijackThis[sourceforge.net]. I've used this program in the past to get rid of Malware that other programs couldn't detect and/or destroy. Even if you think the Malware is gone, it still wouldn't hurt to run it anyway.

HOLY CRAP! I went to the start menu and searched dllhost.... Apparently its on my computer! It hasnt done anything though so what should i do? Just dont mess with it? Uninstall it? HELP ME PLEASE im scared

just saying something for the medal's xD

foondude668288 の投稿を引用：

HOLY CRAP! I went to the start menu and searched dllhost.... Apparently its on my computer! It hasnt done anything though so what should i do? Just dont mess with it? Uninstall it? HELP ME PLEASE im scared

DDLHost is on every Windows Operating System.

As I mentioned before:

"dllhost.exe" is a valid Microsoft OS process as well. It's what other services to run their DLLs - those DLLs could be anything from Microsoft tasks, valid apps, or even malicious tasks use it to inject their own DLLs. However, understand "dllhost.exe" isn't the real concern, it's just the launcher of them, but is required for the system to function.

"dllhost.exe" should not be disabled, required for essential applications to work properly."

The offical Microsoft copy of it is not malicious, it's just a tool to run other things.

Azza ☠ の投稿を引用：

foondude668288 の投稿を引用：

HOLY CRAP! I went to the start menu and searched dllhost.... Apparently its on my computer! It hasnt done anything though so what should i do? Just dont mess with it? Uninstall it? HELP ME PLEASE im scared

DDLHost is on every Windows Operating System.

As I mentioned before:

"dllhost.exe" is a valid Microsoft OS process as well. It's what other services to run their DLLs - those DLLs could be anything from Microsoft tasks, valid apps, or even malicious tasks use it to inject their own DLLs. However, understand "dllhost.exe" isn't the real concern, it's just the launcher of them, but is required for the system to function.

"dllhost.exe" should not be disabled, required for essential applications to work properly."

The offical Microsoft copy of it is not malicious, it's just a tool to run other things.

Thank you for this information, kind sir!