Dadair
Posts: 19 +0
This last march I clicked a link to watch a video, stupid of me I know, and of course it opened a page using scripts or something that told me I was infected. Not long after when I had chrome open, something was trying to send data out, thankfully malwarebytes premium trial protection caught it. I then proceeded to try and clean it with Avast, Malwarebytes, and then lastly spybot S&D. Everything seemed okay after that point on, did not see anything else try and go through malwarebytes protection. Then not a few weeks ago I started seeing strange things, first Windows updater, which I had told not to run, was using up 25% cpu usage on it's own, and then so was trustedinstaller after windows updater wasn't running. I changed a few things and turned windows updater service to manual instead of automatic, and it didn't show up. At this point I was watching my preformance monitor daily for anything out of the ordinary, and thus started the slight paranoia I had trying to make sure my computer wasn't somehow compromised. I started seeing Dllhost.exe showing up often enough and then closing almost as soon as it opened, not actually letting me look at it in properties, and the few times it did it just showed it in the system folder. Started reading up on it and things started to sound like I had a bad trojan that hides itself in dllhost.exe, even though it wasn't eating up massive amounts of cpu like some others had described. I basically tried to figure out what was going on and even took the measure of trying to use combofix. I completely agree that was a stupid decision to do without a professional, but I don't really know what happened to combofix, and reading the log didn't seem to really help my understanding of it.
So then, I thought to myself, "Hey, I'm still using Windows 7 professional, why don't I try just updating to windows 10 and format the C drive and then it should all go away..right?" So I proceeded to update to windows 10, and things seemed okay, but then I started seeing the rundll32 and dllhost.exe showing up and it seemed like it was doing even more. I realize these are also used in normal computer use, but it seemed to just go about using the dllhost.exe even when I wasn't doing anything with the computer at the time other than looking at resource monitor and process explorer. So, not determined to let it go, I proceeded to get a win 10 iso and go to the startup and do a full format instead of the upgrade from win 7 to 10. Needless to say, I am still seeing dllhost.exe show up, and now 2 copies of taskhostw.exe which disappear when I move my mouse. When I am doing nothing at all, I see 25% cpu usage from resource monitor, of which NT Kernel & System is using up the cpu.
Long story short, does anyone think I need to actually post in the virus/malware removal section and get things looked at, or can someone in some way confirm that dllhost.exe running and closing over and over when things aren't happening seems like business as usual for windows 10?
Edit: I forgot to mention, I took a look at the event viewer after the updated from win 7 to 10, and there were over 2000 security logs in the first like 20-30 minutes of windows 10 running. I've read that security logs are created for basically any changes made, but there were quite a few talking about new users and it just seemed suspicious
So then, I thought to myself, "Hey, I'm still using Windows 7 professional, why don't I try just updating to windows 10 and format the C drive and then it should all go away..right?" So I proceeded to update to windows 10, and things seemed okay, but then I started seeing the rundll32 and dllhost.exe showing up and it seemed like it was doing even more. I realize these are also used in normal computer use, but it seemed to just go about using the dllhost.exe even when I wasn't doing anything with the computer at the time other than looking at resource monitor and process explorer. So, not determined to let it go, I proceeded to get a win 10 iso and go to the startup and do a full format instead of the upgrade from win 7 to 10. Needless to say, I am still seeing dllhost.exe show up, and now 2 copies of taskhostw.exe which disappear when I move my mouse. When I am doing nothing at all, I see 25% cpu usage from resource monitor, of which NT Kernel & System is using up the cpu.
Long story short, does anyone think I need to actually post in the virus/malware removal section and get things looked at, or can someone in some way confirm that dllhost.exe running and closing over and over when things aren't happening seems like business as usual for windows 10?
Edit: I forgot to mention, I took a look at the event viewer after the updated from win 7 to 10, and there were over 2000 security logs in the first like 20-30 minutes of windows 10 running. I've read that security logs are created for basically any changes made, but there were quite a few talking about new users and it just seemed suspicious
