helper.dll and _helper.dll removal
Problem: User has Trojan/Adware BHO
Symptoms:
- Internet Explorer crashes
- Performance degradation. Took more than 10 minutes to log into the computer
- At bootup/startup, the “C:\Program Files\Common” folder opens up automatically and contains helper.dll and _helper.dll
- Popups/Ads indicating viruses are present
How to remove helper.dll and _helper.dll
1. Download and run HijackThis
2. You will probably see two entries like these:
- O2 – BHO: Browser Helper Object – {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} – C:\Program Files\Common\_helper.dll
- O18 – Filter: text/html – {921b3402-a7b7-411d-84a6-70f617503fe9} – C:\WINDOWS\system32\dsound3dd.dll
3. Place a checkmark next to both and click on “Fix checked”
4. Download, install, and run CCleaner
5. Download, install, and run Malwarebytes (don’t forget to update the definitions before scanning)
6. Scan your machine using AntiVirus software
Online Scanners:
Or Download:
7. After bootup, you still may have an issue with the “C:\Program Files\Common” folder opening up automatically. Delete the folder since it was created by the Trojan, it should be empty; and is not necessary. If you want to keep it,you can also do the following:
1. Open up the registry (via regedit.exe)
2. Navigating to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Make sure all Data values under this key are surrounded by quotation marks.
4. Exit out and reboot.
For more information on this particular threat:
Faulting application iexplore.exe, version 6.0.2900.2180
Problem: User’s Internet Explorer crashing alot. Event log registered the following error message on numerous occasions:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0×00000000.
Almost ALWAYS, this error is caused by some third party adware app that’s installed. Sometimes it’s a fancy IE toolbar (not yahoo or google), such as some sort of “shopping assistant” , MyWebSearch, or HotBar toolbar. Stay away from these third party apps. They claim they are not spyware or adware, but they are. In this particular user’s case, the user had screensaver software that they had downloaded from Screensaver.com.
Solution: Download SuperAntiSpyware, install it and update the definitions. Get yourself Revo Uninstaller and install it. Run Revo in safe mode, uninstall any third party toolbars or search assistant applications. Revo scans and removes entries from the registry. Also in safe-mode, run a complete scan using SuperAntiSpyware. Next, check the MS System Configuration Utility (type “msconfig” at the run prompt – go to the Startup tab) to make sure there are no other unnecessary third party apps that run at startup. Next, check the IE Add-ons (IE–>Tools–>Manage Add-ons) to make sure no unnecessary third party app is loaded when IE is launched. Finally, download and use HijackThis and the HijackThis Log Analyzer, if necessary, to remove the browser helper objects (BHO).
Note: User’s machine running Windows XP Service Pack 2
leave a comment