Trojan.Poweliks is a computer infection that installs itself in the registry. It then acts as a Trojan downloader that the creators use to download and execute other types of malware in the computer. In addition to providing an entry point for other malware, the Poweliks infection also collects other information that it transmits to someone for malicious use.
The information collected includes network configurations, the version of operating system in use and system settings. Such information, when analyzed, can reveal critical vulnerabilities that a hacker can use to access a system and compromise the information in it.
The Poweliks information also connects to the remote host over the internet to update itself, transmit whatever data it has collected and download and execute commands from the host. One reason that makes this malware difficult to detect and remove using anti-virus software is that it hides in the registry.
The method of transmission is usually a spam email. The reader is compelled to download a seemingly genuine attachment that is in reality a Trojan.Poweliks installer. Once you download and run the program attachment, the installer installs the malware and then deletes itself automatically. The malware stores itself in the registry and operates silently in the background. This makes it almost impossible for anti-virus software to detect it.
Some of the signs that should notify you of a Poweliks infection are an unusually slow system and certain web pages becoming unreachable. Also, the inability to download files using Internet Explorer and system alerts with Powershell errors indicates Poweliks are at play.
Manually Removing Trojan.Poweliks
The first step in removing a Poweliks infection is updating your anti-virus software and then running a full scan. Most anti-virus software vendors have updated their programs to better detect and identify this type of malware.
Depending on that software you are using, you will see different names of the infection. Common variants include Win32:Poweliks-A [Trj], Trojan.Poweliks.A, Trojan:Win32/Powessere.A and TROJ_POWELIKS.A.
If your anti-virus software is unable to resolve the issue, try using the manual method of removal:
- Back up all your important files onto an external hard drive. Also, create a restore point for your system. This ensures that you do not lose any data in the event that anything goes wrong.
- Make sure that you log in to the computer as the system administrator.
- Go to the task manager and identify all instances of dllhost.exe under the Processes tab. You can access the task manager by pressing Ctrl+Alt+Delete and then selecting Task Manager. Click on processes and look for dllhost.exe. Make sure to check the option for "Show processes from all users."
- Right click on the dllhost.exe process and select "File location." If the System32 folder does not contain the file, it is most probably a malicious copycat of the genuine dllhost.exe process. Return to the task manager, right click on that process and select "End process."
- Open the system registry by clicking start, searching "Regedit" and selecting it. Locate this key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
- You will see a section containing a default value. Double-click on it to select all values and press delete.
- Close the registry editor (regedit) and restart your computer. You can run a scan using anti-virus software to ensure the eradication of the malware.
Like its namesake, the Trojan.Poweliks comes in stealthily under disguise and spreads its destruction if not removed quickly. It is wise not to wait for your computer to demonstrate any of the aforementioned symptoms. Take a proactive approach and ensure your anti-virus software functions properly and regularly. Doing so may save your computer from damage.