Possible spyware

well proud owner of comodo products
well somehow i got infected with the ishost.exe ismini.exe virus
would not able to remove from my computer but somehow i was able to suspend both of them and rename them. the question is that in there (%system32%) two dll show up one is wineak32.dll (know is adware Adware Look2ME) but the other dll is drvfug.dll i can’t find anywhere on the net. I wish you can enlighten me with this dll wheter it is important or not
Just in case i kept a copy in a zip file
pssw is “virus”

The “Thing” that has the two files ishost and ismini seems to be fairly active at the moment - I have had 3 cases in the last two days. A bit early in the morning, but I think there is also a dll file attached to Winlogon and Explorer.

I use two programs for this sort of thing, Current Process and Killbox with Killbox set to delete on restart.

As to the other Items both are certainly not required and I would delete both if able to, or use killbox if not.

Have Fun


Well thanks for clearing it up
i just used process explorer
suspended them moved them and renamed them
wow never knew it that it was so common
only reason i found out was because of firewall message (comodo 2.3.6 of course)
and the high Cpu usage but it’s gone.

Tried both current process and killbox on a test machine and easy as pie


Thank you very much for submitting this malware, I have gone ahead and forwarded it to the Comodo Antivirus team, hopefully it will be added to detection shortly. Also to stop the chance of users downloading it and risking infection I have removed the attachment in your first post.