Conhost And Presentationhost Virus

Shuroku · Mar 30, 2016

I've tried the antivirus I have, microsoft security essentials, and while it seemingly is catching trojans i dont think its catching the main culprit. Randomly usually at night for me (PST) my computer's cpu/memory gets used up by PresentationHost and Conhost and an additional assortment of programs I can't end process on or even open file location or check properties, attached is a JRT.

Kestrel13! · Mar 31, 2016

Hi there and welcome.

If you wish for me to check for malware then you'll need to follow the below instructions. Upload all of the requested logs once done.

READ & RUN ME FIRST - Malware Removal Guide

Shuroku · Mar 31, 2016

Hi and thank you. Sorry I got to the Download CCleaner Slim step and it brings me to a dead link, nothing downloads.

Kestrel13! · Mar 31, 2016

Continue on then... skip that step.

Shuroku · Mar 31, 2016

Logs are attached!

Kestrel13! · Mar 31, 2016

Are you deliberately set up to use a proxy?

Shuroku · Mar 31, 2016

Deliberately? I don't believe so, no.

Shuroku · Mar 31, 2016

What proxy?

Kestrel13! · Apr 1, 2016

Don't worry, we will be rid of it. Run this as well please and then I can deliver a complete fix to you.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Shuroku · Apr 1, 2016

Here they are!

Kestrel13! · Apr 1, 2016

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found

[PUP] (X64) HKEY_USERS\RK_Ohaimikey_ON_F_AE2A\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x] -> Found

[PUP] (X86) HKEY_USERS\RK_Ohaimikey_ON_F_AE2A\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x] -> Found

[PUM.Proxy] (X64) HKEY_USERS\RK_Ohaimikey_ON_F_AE2A\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.144.159.130:8080 -> Found

[PUM.Proxy] (X86) HKEY_USERS\RK_Ohaimikey_ON_F_AE2A\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.144.159.130:8080 -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Now re run RogueKiller again (just a scan) and upload fresh log pelase.
Explain how things are running.

Shuroku · Apr 1, 2016

I don't see this one or the X86 version

[PUP] (X64) HKEY_USERS\RK_Ohaimikey_ON_F_AE2A\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x] -> Found

For me they all are ON_F_EC3E

I added the new log.

Kestrel13! · Apr 1, 2016

Are you seeing the proxy entries?? And the other entries I listed?

Shuroku · Apr 1, 2016

I'm seeing the proxy entries and the other one listed, but the Optprolauncher files arent the same, but i'll remove them since its the same program named.

No RKreport was created though but here is the JRT

Shuroku · Apr 1, 2016

Here is the fresh rogue killer log after I rebooted as well

Kestrel13! · Apr 1, 2016

OK, looks good. Explain how things are running.

Shuroku · Apr 1, 2016

Things are running fine I believe. The issue I had wasn't constant though just randomly something would star hogging memory and like 5 programs would pop up in Task Manager so i'll know for sure if everything is fine tomorrow but I feel like we took care of it.

Thanks for everything Kestrel, youre amazing!

Kestrel13! · Apr 1, 2016

You are so welcome. Yes have a surf around, post back in a day or so and give me an update.

Log in or Sign up

Conhost And Presentationhost Virus

Shuroku Private E-2

Attached Files:

JRT.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Attached Files:

MalwarebytesLog.txt

Roguekiller.txt

TDSSKiller.3.1.0.9_31.03.2016_12.47.24_log.txt

HitmanPro_20160331_1253.log

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Shuroku Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Attached Files:

FRST.txt

Addition.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Attached Files:

RogueKillernewLog.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Attached Files:

JRT.txt

Shuroku Private E-2

Attached Files:

roguekillerFreshlog.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Shuroku Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member