Jump to content

Persistent spyware.banker infection - AcroIEhelpe.dll

cobra2411
 Share

Recommended Posts

cobra2411

cobra2411

Posted
Posted

I have a persistent infection that comes back every time I reboot. Mbam finds and removes it, but on a reboot it shows up again. At first it was showing up as AcroIEhelpe.dll, not to be confused with Adobe's AcroIEhelper.dll. Now it's showing up as AcroIEhelpe002.dll. If I let the computer run it will download and install other malware. I'm at a loss for how to remove this thing.

Here's the scan log.

Malwarebytes' Anti-Malware 1.36

Database version: 2174

Windows 5.1.2600 Service Pack 3

5/25/2009 12:50:53 PM

mbam-log-2009-05-25 (12-50-53).txt

Scan type: Full Scan (C:\|)

Objects scanned: 127380

Time elapsed: 22 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\lodupgd.jpg (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\system32\AcroIEHelpe002.dll (Spyware.Banker) -> Quarantined and deleted successfully.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Greetings.

To get you fixed up please follow the instructions here: I'm infected - What do I do now?

And post your logs in a new topic here: Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some/any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.