Hi - my laptop has been infected with something called Powerlik or DLLhost.exe

theparker5

Estimable
Oct 23, 2014
1
0
4,510
Hello- I am running Windows 7 and as of yesterday it started running very slow, I noticed that the processes were running 30 + DLlhost.exe at same time. Then had an alert saying the power shell had been deactivated. It runs fine in Safe mode - no problems. I have ran Malware Bytes a few times and my Anti Virus software but no help. Can someone please advise what I need to do.... thank you
 
Solution
The process that worked for me is documented here: http://www.adlice.com/poweliks-removal-with-roguekiller/(link is external)

1- Do a scan with RogueKiller. Do not close the window.
2- Kill all dllhost.exe processes (for example with Process Explorer, kill tree
3- Do the removal with RogueKiller
4- Reboot immediately

I downloaded the 64 bit RogueKiller (I'm running 64 bit Win7) from the Adlice web site (to ensure the latest version).
when you open RogueKiller it will do an initialization scan and when it finishes you can you will press the scan button in the upper right hand corner. After the scan completes, press the registry tab and you should see Trojan.poweliks in red. There might also be some other software that is considered...

Jim_Bo

Estimable
Oct 31, 2014
1
0
4,520
The process that worked for me is documented here: http://www.adlice.com/poweliks-removal-with-roguekiller/(link is external)

1- Do a scan with RogueKiller. Do not close the window.
2- Kill all dllhost.exe processes (for example with Process Explorer, kill tree
3- Do the removal with RogueKiller
4- Reboot immediately

I downloaded the 64 bit RogueKiller (I'm running 64 bit Win7) from the Adlice web site (to ensure the latest version).
when you open RogueKiller it will do an initialization scan and when it finishes you can you will press the scan button in the upper right hand corner. After the scan completes, press the registry tab and you should see Trojan.poweliks in red. There might also be some other software that is considered suspicious. I just selected all the boxes. Then go to step 2.

For step 2 you also need the Process Explorer which can be found here: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx. The process explorer is just like task manager but with admin privileges. After you extract the files for process explorer, you will find the application procexp. During step two I had to right click the procexp application and run as administrator. After it opens, scroll down looking in the left pane and find dllhost.exe right click and select end task tree and confirm. After all the dllhost.exe are all killed, hit the delete button on RogueKiller. After the delete RogueKiller directs you to their website but for now just close and reboot right away. After the reboot, it should be gone. Run RogueKiller again and it should find nothing and be clean. I did some extra things like a scan with Malewarebytes and Norton, and I also ran CCleaner just to clean up any left over junk, temp files and broken links. Good luck, I know this thing gave me a headache for several hours.

 
Solution

orlbuckeye

Distinguished
Check out this link

Manual Removal powerlink.exe Virus

Step 1: Reboot your infected computer, when it reboots but before Windows launches, tap¡°F8¡å key constantly. Then select¡°Safe Mode with Networking¡± and press Enter key.

Step 2: Tap ¡°CTRL + Shift + ESC¡± keys together to end all powerlink.exe virus running processes in Windows Task Manager.

random.exe
Step 3: Find and remove all corrupt files related to powerlink.exe virus:

C:\program files
%AllUsersProfile%\Application Data\
%AllUsersProfile%\
Step 4: Navigate to registry editor to clear all powerlink.exe virus registry entries as followings:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"


http://www.highpcspeed.com/errors-exe/powerlink.exe.html
 

spanz

Distinguished
Apr 30, 2011
3
0
18,510


yes this is the only thing that worked for me, roguekiller. run process explorer as administrator and do kill the whole hostdll.exe tree by right clicking it and choosing. then be quick about killing the virus with roguekiller and rebooting before it can re-infect you. it took me 2 tries to get it right.
 

drew smitt

Estimable
Nov 3, 2014
1
0
4,510
I had to go through the process a handful of times. With Roguekiller I deleted all the results. I had the Process Explorer as a shortcut on my desktop. It finally worked! Thank you, thank you, thank you for this link.
 

wrenchman9

Estimable
Dec 26, 2014
1
0
4,510


This worked perfectly or me! Thanks!!!