Posts Tagged ‘Internet Explorer’
Potent malware link infects almost 300,000 webpages • The Register
Make sure your IE has the up-to-date patches (or switch to Firefox) and update to the latest Adobe Flash
Potent malware link infects almost 300,000 webpages • The Register.
A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.
People who visit infected pages receive an invisible link that pulls code from a series of sites tied to 318x .com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microsoft applications, and when they are detected it exploits them to surreptitiously install malware known as Backdoor.Win3.Buzus.croo. The rootkit-enabled program logs banking credentials and may do other nefarious bidding, Landesman said.
Another program which can help determine if you have all the latest updates and patches for your installed applications is Secunia PSI.
helper.dll and _helper.dll removal
Problem: User has Trojan/Adware BHO
Symptoms:
- Internet Explorer crashes
- Performance degradation. Took more than 10 minutes to log into the computer
- At bootup/startup, the “C:\Program Files\Common” folder opens up automatically and contains helper.dll and _helper.dll
- Popups/Ads indicating viruses are present
How to remove helper.dll and _helper.dll
1. Download and run HijackThis
2. You will probably see two entries like these:
- O2 – BHO: Browser Helper Object – {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} – C:\Program Files\Common\_helper.dll
- O18 – Filter: text/html – {921b3402-a7b7-411d-84a6-70f617503fe9} – C:\WINDOWS\system32\dsound3dd.dll
3. Place a checkmark next to both and click on “Fix checked”
4. Download, install, and run CCleaner
5. Download, install, and run Malwarebytes (don’t forget to update the definitions before scanning)
6. Scan your machine using AntiVirus software
Online Scanners:
Or Download:
7. After bootup, you still may have an issue with the “C:\Program Files\Common” folder opening up automatically. Delete the folder since it was created by the Trojan, it should be empty; and is not necessary. If you want to keep it,you can also do the following:
1. Open up the registry (via regedit.exe)
2. Navigating to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Make sure all Data values under this key are surrounded by quotation marks.
4. Exit out and reboot.
For more information on this particular threat:
