Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iehlpr.dll - Stuck


  • Please log in to reply
7 replies to this topic

#1 JJDarling

JJDarling

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 August 2008 - 04:23 PM

Hey guys, I was directed by someone on the 2+2 forums to come here with my problem. I recently started up my computer and a folder popped up called "common". Inside the folder was a "iehlpr" file which I later learned is a form of malware. I've attempted to fix it through help from guys at 2+2, in the computer technical forum, but to no luck. The last poster mentioned combofix and told me to come here because you guys had experience with the program.

Here's the thread, so you can get an idea of what's happened so far: http://forumserver.twoplustwo.com/showthre...9402&page=4

Thanks,

JJ

Edited by Orange Blossom, 23 August 2008 - 04:29 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 23 August 2008 - 07:21 PM

Hello JJDarling, welcome to the forum. Before we send you off to the HJT forum for a CF log,please run this.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JJDarling

JJDarling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2008 - 06:37 PM

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

7:34:07 PM 8/24/2008
mbam-log-08-24-2008 (19-34-07).txt

Scan type: Quick Scan
Objects scanned: 62869
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So far there hasn't been any noticeable performance issues so I'm just wondering what exactly does the iehlpr32.dll virus do? Can I use online banking without worrying? online poker?

Thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 24 August 2008 - 07:18 PM

Well Ok I looked at the other post and this one. The scan is clean.
Does the folder still come up?
I would say you are clean. But can you give the exact path to the File? eg C:\Windows\........

Edited by boopme, 24 August 2008 - 07:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JJDarling

JJDarling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2008 - 07:27 PM

This is the folder that pops up on start up... C:\Program Files\Common

I deleted the contents of the folder so there's nothing in it.

When I was getting help on the other forum I ran HJT and fixed all the entries they asked me to however one...

O18 - Filter hijack: text/html - {86941959-3786-4511-8525-b8ff45fe4d32} - C:\WINDOWS\system32\iehlpr32.dll

resisted. Each time I scan it's still there.

What's the purpose of this spyware or malware or whatever it is. Can I use online banking?

Thanks for your speedy response.

JJ

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 24 August 2008 - 10:18 PM

I cannot find enough definitive info on this malware to say if you can bank or not.
I think the best routwe is to post the HJT log in our forum. I know you've gone thru it but perhaps our guys may see or know something that some one else didn't.

Did you ever run the file assasssin thru MBAM ?
Do you have Show hidden files on?
I know you've submitted to Jotti and VirusTotal.
Does the folder,common, say the size of the file inside.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JJDarling

JJDarling
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 August 2008 - 10:47 PM

Did you ever run the file assasssin thru MBAM ? Ya, got rid of 9 files
Do you have Show hidden files on? Yes
I know you've submitted to Jotti and VirusTotal.
Does the folder,common, say the size of the file inside. I deleted the two files that were in there. One was iehlpr23.dll that I deleted a few days ago. Then there was a smaller helper.sig file that I deleted tonight, hoping it fix the problem. Common directory stipp pops up though

I just had 1 entry that they told me to fix in HJT that wouldn;t fix

O18 - Filter hijack: text/html - {86941959-3786-4511-8525-b8ff45fe4d32} - C:\WINDOWS\system32\iehlpr32.dll

I fixed about 5 others will no problems

Thanks

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 AM

Posted 25 August 2008 - 03:13 PM

Hello, I have spoken with our staff. We feel that either another tool is protecting it or there is still a piece of malware somewhere. The best solution is to have our HJT team take a look.

Go to this link at proceed to the line for producing a log.
Preparation Guide for use before posting a HijackThis Log

Post the Complete log here
HijackThis Logs and Malware Removal
by clicking New topic and giving it a relevant title.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users