How to remove "dll-propagation" virus

Follow these advises at your own risk.

I have been having internet connection problems for a couple of weeks, both in the computer and other devices using the home network. At the same time, computer was running slower than usual. I checked the processes running (taskmgr in the search box) and found a strange process using a lot of resources (you can order them by CPU or by memory usage). This process was called dll-propagation.

I searched this process in Google and found only results in polish forums.

The first step I took was to try to run Windows Defender, but it was disabled and I did not manage to turn it back on. I ran then a couple of online antivirus (ESET and F-Secure) without positive results. I installed then Malware Bytes which did find a file with the virus and delete it. But the virus stayed in the system. Malware Bytes kept popping-up messages that it had blocked the access to the web by 'dll-propagation' but it didn't delete the virus, and it kept appearing in Processes when running the Task Manager.

The thing that worked for me: I identified the two processes by which the virus was running:

    dll-propagation_2.9.8.exe

    dll-propagation.exe

    dllruntime.exe

Windows 10 (and probably previous and newer versions too) has an option to block programs from running. I added then these three exe files in this list. I did this in Windows running in Safe Mode(*).

To add these programs I typed gpedit in the Windows search box and clicked on "Edit group policy".

Then went to: User Configuration -> Administrative templates -> System -> Don't run specified Windows applications

I clicked then in 'Show' and added the three exe files as:

Still in Safe Mode I deleted several folder related to the virus:

I removed EVERYTHING in 'C:\Users\YOUR-USERNAME\AppData\Local\Temp\'

In 'C:\Users\YOUR-USERNAME\AppData\Roaming\', I removed the folders:

    Ookla 

    dll-access 

    dll-propagation 

    dllservices 

    .dllbackups

I also un-installed HandBrake, as it appeared in the log-file from the polish forum where dll-propagation was mentioned, and my problems started at the same time I installed the program. I also uninstalled another program I installed in the same time, just in case.

After all this, I restarted the computer in normal mode.

Finally, I installed CCleaner and cleaned both the system and the registry.

After these steps, dll-propagation has stopped appearing in the Processes when running the Task manager and the pop-ups from Malware Bytes saying it blocked dll-propagation from connecting to the web also stopped. My internet connection works as usual, as well as does the computer.

Update 27.10.2021

In a work computer where I also had to remove dll-propagation, I noticed that it was in the list of start-up processes. Go to the Windows search box and type 'taskmgr' and the sheet 'Startup'. Check if any dllruntime or dll-propagation appear and Disable them.

(*) Start Windows in Safe Mode:

Type msconfig in the Windows search box.

Go to 'Boot'

Click in 'Safe mode' (keep it minimal - you will not have internet connection when you restart, and this 

Click 'Ok'

To restart in normal mode, just go to the same place and disable 'Safe mode'