Helper.dll and Multiple iexplorer.exe processes

By spyderbyte
Apr 13, 2009
  1. Hello, I've been following many of the threads that deal with viruses and malware recently as I've been having my bouts with them. I've been able to handle most of the items I've run into, but let me throw this one out there in hopes that someone has dealt with this one.

    I've got a machine here in which I can't find anything else to remove, disable, or clean, yet the iexplore.exe process occasionally runs in the background without me doing anything. Around then a folder would be created under PROGRAM_FILES called COMMON, and a file HELPER.DLL would be dropped in, and registry entries created. Malwarebytes removes these of course, but give it some time, and it would return.

    If i was actually running a copy of IE8 (I know...bad me) then at the time this BHO got added to my system again, it caused IE8 to APPLICATION fault with a SYSFADER error, and no further IE windows would open. I can continue to browse in my already open browser, but no links that open to new windows would work, or new tabs either.

    In my efforts to combat this, I've recently installed ZoneAlarm, a program I used at one of my previous jobs, and I know this can block it from doing any damage, as I can block IE from having any access to the actual internet, but I still get the iexplore processes running in the background.

    Blocking IE isn't my preferred method as, 1.) I'm a web programmer and would really like to have IE functioning again so that I can test my code and, 2.) IE being so ridiculously embedded into windows, blocking IE causes weird bugs in many of my programs, (development code).

    The attached is my hijack
    (I didn't attach malwares log as it is clear atm)

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hello spyderbyte

    There are one more infection to delete, and combofix will probably also find some, therefore ->

    Please download Combofix:

    And save to the desktop.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  3. spyderbyte

    spyderbyte TS Rookie Topic Starter


    Ok, did that.

    It's wonderful that these DLL files are so similar to the actual dll files that you miss them entirely. Why is this file not flagged by Zone Alarm? AVG? AdAware? (all of which I have tried?)

    Thanks for you help by the way. :)
  4. touch

    touch TS Rookie Posts: 978

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...