Last Night I was infected by Poweliks while using ESET Smart Security 8. Due to being infected by Poweliks in November while using a different av, I recognized the infection right away. The "ESET Poweliks Cleaner" tool DOES appear to remove the infection. Is your real-time av simply not able to deal/detect registry based infections? Should I upload the Poweliks Cleaner log somewhere? I am unsure what information is passed on to ESET when I use the removal tool. The only reason I was able to deal with this infection in a timely manner was because of my previous experience/knowledge.
Below is a detailed description of the event.
Using a fully up to date Internet Explorer (with up to date Flash), I visited 4 websites and made no download attempts. The 4 sites were Google, Youtube, a page on forums.civfanatics.com, and a page on strategywiki.org. After visiting the last website, within 2 seconds the Smart Security firewall alerted me of dllhost.exe trying to be outbound traffic. Please note that i'm using Interactive Mode for the firewall. After choosing to deny outbound access, the firewall alerted me that Windows Powershell wanted outbound access as well. A look in Windows Task Manager did indeed show a single dllhost.exe process that had no legitimate reason to be running at the time. The Image Path and Command Lines were blank and right clicking properties would do nothing. I Immediately went to google then to ESET's Poweliks Cleaner and downloaded successfully. My Internet security settings were not changed to stop downloads. I am unsure when this action occurs with Poweliks. Perhaps after communication with the server? (which I think I blocked). The ESET Poweliks Cleaner found and removed the Poweliks infection. Two restarts later and Poweliks Appears to still be gone.
