Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
IE BHO - iehelper.dll
This section provides some notes on a malicious IE (Internet Explorer) BHO (Browser Helper Object), iehelper.dll, installed to the local system as part of the Antivirus System PRO infection.
More notes on what I did to remove Antivirus System PRO and related malicious programs.
18. Looking at the folder, C:\WINDOWS\System32. A new file is there:
Name Size Type Date Modified iehelper.dll 15KB Application Extension 7/4/2009 10:26 AM
19. Opening IE (Internet Explorer) and clicking Tools > Internet Options... > programs > Manage Add-ons.... iehelper.dll is listed as Enabled under the name of BHO.
20. Clicking on BHO and clicking the "Disable" radio button to disable iehelper.dll to be used as an IE add-on. See the picture below:
21. Running HijackThis and got 1 extra O2 (Enumeration of existing MSIE BHO's) line in the log file:
O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
22. Checking this BHO line and clicking the "Fix checked" button in HijackThis to remove iehelper.dll been used again by IE.
23. Deleting C:\WINDOWS\system32\iehelper.dll file from the hard disk.
Some quick conclusions:
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
Antivirus System PRO - Fake Security Alert
Antivirus System PRO - Task Bar Icon Message
Malicious Progarm - WinSpywareProtect sysguard.exe
Malicious Programs - pp10.exe and ld12.exe
Faked Host Name - 209.44.111.62