Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SecurityHelper.dll Trojan


  • This topic is locked This topic is locked
5 replies to this topic

#1 linksr

linksr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 18 May 2015 - 07:32 PM

Hello,

 

I  am having issues removing SecurityHelper.dll trojan. AVG is detecting it every time I reboot, it keeps popping back up. It is generating infected .tmp files in C:\ProgramData\Microsoft\Performance\Monitor\temp folder. I tried AVG, Superantispyware, tdsskiller and adwcleaner removal tools but its keeps coming back. Please help me  

 

Attatched are the FRST scans I have done.

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:19 AM

Posted 20 May 2015 - 01:19 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

I'll go through the logs and will get back with a fix shortly.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:19 AM

Posted 20 May 2015 - 01:34 AM

Hi,

 

 

No wonder your computer was so severely infected.

 

You use a lot of cracks/keygens. This is playing with fire though.

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications like LibreOffice, GIMP, Linux

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them! If you like Microsoft Windows and Microsoft Office I suggest that you purchase them!

 

 

 

Also I suggest you to uninstall uTorrent.


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

 

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Let me know how are things after the fix above.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 linksr

linksr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 20 May 2015 - 07:43 PM

Hi Georgi,

 

Thanks for the fast response. I believed I removed the malware with Malwarebytes and ESET online scanner but ran your fix anyway. I also ran a post fix FRST scan and have attached those logs as well. The system is running much faster and I am not getting any alerts from AVG on reboot.

 

I know this system is a mess to say the least so I don’t use it to do anything serious. I am looking into installing a fresh copy of Win 8 when I get time and utilize best practices going forward.

 

Thanks again!    

Attached Files


Edited by linksr, 20 May 2015 - 07:44 PM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:19 AM

Posted 21 May 2015 - 03:51 AM

Hi,

 

The logs are clean. However running the fixlist helped a bit since it removed a few things left by MBAM and Eset:

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => Key deleted successfully.

C:\Users\Vanessa\AppData\Local\YTDPack => Moved successfully.

 

Can you please post the logs from the tools you ran on your own?

 

Also please upload the following file => C:\Windows\Minidump\051815-54007-01.dmp at zippyshare.com and post back the download link in your next reply?

 

Note: The folder Minidump may be hidden. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

 

 

STEP 2

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

STEP 3

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations.

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:19 AM

Posted 25 May 2015 - 03:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users