cobra2411
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Persistent spyware.banker infection - AcroIEhelpe.dll
in Malwarebytes for Windows Support Forum
Posted
I have a persistent infection that comes back every time I reboot. Mbam finds and removes it, but on a reboot it shows up again. At first it was showing up as AcroIEhelpe.dll, not to be confused with Adobe's AcroIEhelper.dll. Now it's showing up as AcroIEhelpe002.dll. If I let the computer run it will download and install other malware. I'm at a loss for how to remove this thing.
Here's the scan log.
Malwarebytes' Anti-Malware 1.36
Database version: 2174
Windows 5.1.2600 Service Pack 3
5/25/2009 12:50:53 PM
mbam-log-2009-05-25 (12-50-53).txt
Scan type: Full Scan (C:\|)
Objects scanned: 127380
Time elapsed: 22 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\lodupgd.jpg (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\AcroIEHelpe002.dll (Spyware.Banker) -> Quarantined and deleted successfully.