IE BHO - iehelper.dll

This section provides some notes on a malicious IE (Internet Explorer) BHO (Browser Helper Object), iehelper.dll, installed to the local system as part of the Antivirus System PRO infection.

More notes on what I did to remove Antivirus System PRO and related malicious programs.

18. Looking at the folder, C:\WINDOWS\System32. A new file is there:

Name                  Size   Type                    Date Modified

iehelper.dll          15KB   Application Extension   7/4/2009 10:26 AM

19. Opening IE (Internet Explorer) and clicking Tools > Internet Options... > programs > Manage Add-ons.... iehelper.dll is listed as Enabled under the name of BHO.

20. Clicking on BHO and clicking the "Disable" radio button to disable iehelper.dll to be used as an IE add-on. See the picture below:

Antivirus System PRO iehelper.dll
Antivirus System PRO iehelper.dll

21. Running HijackThis and got 1 extra O2 (Enumeration of existing MSIE BHO's) line in the log file:

O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} 
   - C:\WINDOWS\system32\iehelper.dll

22. Checking this BHO line and clicking the "Fix checked" button in HijackThis to remove iehelper.dll been used again by IE.

23. Deleting C:\WINDOWS\system32\iehelper.dll file from the hard disk.

Some quick conclusions:

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

Antivirus System PRO

 Antivirus System PRO - Fake Security Alert

 Antivirus System PRO - Task Bar Icon Message

 Malicious Progarm - WinSpywareProtect sysguard.exe

 Malicious Programs - pp10.exe and ld12.exe

IE BHO - iehelper.dll

 Faked Host Name - 209.44.111.62

 Malicious System Service - drv.dll and drv.sys

 References

 Full Version in PDF/ePUB