Malware Trojan

How To Remove Trojan.Poweliks Malware.

This guide will show you how to remove the Poweliks infection, from your computer.

Symptoms include:

Multiple Dllhost processes are running on your computer.
Internet Pages are being blocked.
You can not download with Internet Explorer, you get the message, “Your current security settings do not allow this file to be downloaded”

Step 1. Reset Internet Explorer Settings.

Hit the Windows key and type inetcpl.cpl in the start search box.


Click on the Security Tab, then reset all zones to default.


Hit Apply then hit OK.

Step2. Using the Eset Poweliks Cleaner.

Download the Poweliks Cleaner to your desktop.

Right Click the Poweliks Cleaner icon, then select Run As Administrator.



I would suggest that you re-run the tool, until the infection is not present on your machine. You will see this below, if that is the case.


Note: It is very important, that you now reboot your machine.

Step3:  Use Rogue Killer to remove malicious registry keys, and rogue drivers.

Temporarily disable your Anti-Virus program.If you are unsure how to do so, Follow this guide.

Download Roguekiller, you will need the version compatible with your system.

CLICK HERE ,to determine whether you’re running 32-bit or 64-bit for Windows. Once you have Downloaded RogueKiller save it to your desktop, and right click it: Run As Administrator.

Allow the initial scan to complete.



You may see entries like these below, if the infection is still present on your machine.

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows | AppInit_DLLs : gpcloud.dll -> Found
[Tr.Poweliks] (X64) HKEY_USERSS-1-5-21-4237216898-264680874-324243060-1000SoftwareclassesCLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}LocalServer32 -> Found
[Tr.Poweliks] HKEY_USERSS-1-5-21-823518204-842925246-839522115-1003SoftwareMicrosoftWindowsCurrentVersionRun | ?a : rundll32.exe javascript:”..mshtml,RunHTMLApplication “;document.write(“74script language=jscript.encode>”+(new%20ActiveXObject(“WScript.Shell”)).RegRead(“HKCU\software\microsoft\windows\currentversion\run\”)+”74/script>”) ->Found
[Tr.Poweliks] dllhost.exe — C:WINDOWSsystem32dllhost.exe[7] -> Found

Now click the Registry tab and the Processes locate these detections:

Place a check mark next to each of these items, leave the others unchecked, if you are unsure of anything.

Now press the Delete button. Allow Rogue Killer  to complete then, reboot your machine.

Step 4. Use Malwarebytes Anti Rootkit to clean any additional malware, that may be hiding on your computer.

Download Malwarebytes Anti Rootkit  and save it to your desktop.






  • It will ask you where to extract make sure it is on the desktop.
  • Open the Mbar Folder and Right Click and run as Administrator.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.

Step5. To ensure that nothing else remains on your machine, lets do a mop up operation with Eset Online Scanner.

Temporarily disable your AntiVirus program.If you are unsure how to do so, Follow this guide.

Download Eset Online Scanner save it to your desktop.

Right Click this image, on your desktop. wEfhnMD.png Select Run as Administrator.



Allow the scan to complete this may take some time, depending on your machines performance.


You should now reboot your machine again at this point. Your computer should now be free, of the Poweliks Malware infection. Norton also has a removal tool, for this infection Click Here for more information. This process may take an hour to complete, but the methods are proven to correct the infection.


Leave a Reply

Your email address will not be published. Required fields are marked *