Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure, but think it's help assistant virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 pekingese727

pekingese727

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 18 February 2010 - 02:48 PM

I'm running firefox on windows xp home edition with a pentium 3.

I was sent here from the "am i infected section" to post my dds logs and my gmer log...which i attached...following is a compilation of the posts from the other section is here describing my issues. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/296704/keep-getting-infected-with-everything/ ~ OB

I keep getting into antivirus soft somewhere, and i'm not sure where at (no i dont surf porn, cracks and wares sites or games). I have windows firewall up, use windows defender and avg 9 and iobit360. I also scan often with malware bytes, scan with my iobit360 and also scan with housecall, windowslive, super antispyware and cc cleaner. I use dr web too but that one will not run right now. It shuts down and forces a reboot when i try.
I recently had a ton of issues which seemed to be cleared up, then suddenly i got, and keep getting reinfected with antivrus soft...it APPEARS i got rid of it. But who knows for how long.
But lately my computer has been shutting down while i'm working on it or during the day when i'm gone. I got a re-direct on ebay, when i tried to log in asking for a ton of personal information, before the shut downs started happening...so stupidly i thought it was legitimate and i gave them all my info. i am worried about that now, although i dont know what to do other than wait and see if i start having problems with my credit, identity etc...Ugh!!! But that's neither here nor there really unless someone knows something premptive i can do about that.
Well the last few days as i've mentioned my pc gets so much going on at once, that it is causing it to shut down and it's overloading during the day and shutting off.
I found several trojans with malware bytes (and i removed them) but it said they were in the help assistant folder. I looked for said folder and sure enough, there it was, and it was duplicating my entire hard drive by copying all my files to it.
I looked for my symptoms and came up with what i believe it to be is help assistant virus. I keep deleting the folder but it comes back up on start up so i delete it over and over when i reboot or my system gets so taxed it won't run.
I ran the mbm.exe and it found nothing wrong.
I ran malware bytes again today, it found a trojan it cleaned off. However upon reboot to finish removing the trojan, the help assistant folder came back and began copying files again. Again, i deleted it before it sucked up all my hard drive space.
Even though i'm learning i'm a total beginner at getting rid of this crap on my pc so easy explanations of what i have to do would be appreciated greatly!
I called the place i got my pc and they suggested whatever it is has dropped malicious info all over my pc that keeps opening up randomly and that i may not be able to clean it off without a full xp restore (system wipe), however my pc is old enough they no longer cover it in warranty and it won't run correctly anyway if i can even get a hold of an xp disk to wipe it myself, which is why they no longer cover it.
I'd appreciate your help!
Thanks!

Attached Files


Edited by Orange Blossom, 18 February 2010 - 04:51 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 19 February 2010 - 07:26 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

First..........
  • Create a new folder on your Desktop by right-clicking and selecting New > Folder.
  • Name the folder SWRegfolder.

Next.............
  • Download SWReg by Bobbi Flekman
  • Save it to the SWRegfolder on your Desktop.

Finally.........
  • Launch Notepad, (Start > Run, type in: notepad)
  • Copy/paste all the text inside the code box below to Notepad:

CODE
@echo off
swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >>log.txt
swreg query "HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters" /s >>log.txt
Notepad log.txt

  • In Notepad, go to File (upper menu bar), and select: Save as
  • Save in: SWRegfolder
  • File Name: SWReg.bat
  • Save as Type: All files
  • Click: Save
  • Exit out of Notepad.
Note: Both SWReg.exe and SWReg.bat must be in the same folder for this to work.
  • Locate SWReg.bat in the SWRegfolder and double-click on it.
  • When done, a log opens in Notepad.
  • Please post the contents of the log in your reply.

==========

Open Notepad.
Copy contents in the code box into Notepad:

CODE
@echo off
net user HelpAssistant>"%userprofile%\desktop\log.txt"
start notepad "%userprofile%\desktop\log.txt"
cls


Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: ha.bat
File type: All files (*.*).
Now, click Save.

Doubleclick ha.bat.
Post the contents of the logfile that opens in your next reply.

==========

With your next post please provide:

* RKill log
* Combofix.txt
* SWReg.bat
* HA.bat

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 25 February 2010 - 10:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users