My mom's computer is [probably] being used in a DDoS Attack

[Blake1]

Last week these weird pop-ups kept appearing telling us to update Adobe Shockwave/Flash. My dad updated them Friday and then that night at midnight the computer was going crazy. I wake up to find AVG showing 5 faulty executables under AppData with a filename similar to Adobe_(something)_FakeInstall_english[number here]. Yesterday we uncovered .exes constantly sending outbound connections to domains such as "fff5ee.com", "honeymods.com", and a couple different IPs. The .exes were getting spawned so frequently that we had to turn off the wireless adapter on the laptop to get them to stop spawning. The .exes were named "dllhost.exe" and were getting spawned by a PowerShell file. MalwareBytes discovered about 500+ objects under AppData and ProgramData. Most of them were related to the dllhost.exe and the powershell file.

Apparently faulty Adobe shockwave stuff has been going around, as a neighbor posted about it on our neighborhood's email list.

Any idea what we should do? We aren't planning on sending the computer to a computer store or Dell unless we absolutely have to. After the lightning strike, and my recent trip to the ER, we're p short on money.

[Ad Bot]

[Nal]

Combofix

[Electrk.]

CCleaner

[Oasis]

Fix it yourself? lol

[plad101]

use CCleaner to remove it.

[#Ravencroft]

Buy a new computer

[Blake1]

Fix it yourself? lol

We're attempting that. We can't seem to find what's spawning the dllhost.exes though.

Also I forgot to mention; the little stuff disabled Windows Defender and the Security Center and won't let us enable it.

Most likely if we can't get rid of it we'll just nuke the PC.

[Nal]

Buy a new computer

that's probably the stupidest thing I've ever heard
You can just remove it with an antivirus

We're attempting that. We can't seem to find what's spawning the dllhost.exes though.

Also I forgot to mention; the little stuff disabled Windows Defender and the Security Center and won't let us enable it.

Most likely if we can't get rid of it we'll just nuke the PC.

worst comes worst reinstall windows

[Yosher]

that's probably the stupidest thing I've ever heard
You can just remove it with an antivirus

110% sure he was kidding

[K1ng_0f_N0thing]

nuke the PC.

[Xphifre]

orbital nuke the computer

[Zack]

just nuke the PC.

Pretty much this.

I think I've gotten the same thing you have, with fake Adobe popups and such, however I never noticed suspicious task manager behavior. This is perhaps just bad looking skills on my part.

Either way, if it isn't blocking you from porting your important files to a thumb drive or similar device, then you can nuke it with probable reckless abandon.

[Momentum]

mabye you should have bought a mac ???

[KillerCop311]

In all seriousness, you have options here.

1. Attempt to clean on PC itself
Get the following if you can:
Malwarebytes
Malwarebytes Anti-Rootkit
Malwarebytes Anti-Exploit
ComboFix
RKill
TDSSKiller
Junkware Removal Tool
AdwCleaner
RogueKiller
HijackThis

2. Use Rescue CDs
Here are a couple rescue CDs you should use:
Emsisoft Emergency Kit
Bitdefender Rescue CD
Kaspersky Rescue Disk 10

3. Clear the Computer
Boot up from your recovery partition, usually there's a tool on your PC. If there isn't, try and find out how to activate your recovery partition.

If you're all out of options, get something like Darik's Nuke and Boot. Note using that may take a while depending on what's on there. It removes EVERYTHING, so use it as a last stand.

[KillerCop311]

bumping to see if he still needs help