IE Helper Virus slipped through

Hello Everyone,

I'm brand new to this forum kind of out of odd circumstances. I've been Using NOD 32 Antivirus for about 2.5 years, and I switched to the Smart Security suite about a year or so ago (current version is 3.0.642.0, latest Virus Signature database is 3735(20090104)

My current situation is this. I recently got infected with a virus (or viruses) that installed themselves as IE Browser Helpers. I run WinPatrol Plus so I only noticed it because it popped up saying that the .dll file wanted to become a startup program, to which i told it no and to kill the task and remove it. It immediately popped up again and that's when I decided to run a system scan through NOD 32. It came back completely clean!!!

I went back to WinPatrol and looked at where the files resided. They are as follows:

C:\WINDOWS\system32\iifdEuvv.dll

and

C:\WINDOWS\system32\urqqOFUl.dll

I then manually added these two files to NOD32's Quarantine. The WinPatrol popup does not come up anymore, however they are still installed as IE Browser Helpers, I can't delete them, I can't rename them, I can't move them, I cant delete upon reboot via WinPatrol or GiPO@Utilities Move On Boot, I've edited the registry entries and they just come back, and lastly, I've booted into safemode and tried all of the above with no luck.

To add to the headache and complexity, I went to my System Restore to try and restore it to a point before the infection and I have no available restore points! AND when I search the internet for PC helps related or security sites they are blocked! Forums, tech sites, all of the adware, spyware, and antivirus sites, online scanners, etc. This virus also prevents me from installing any scanners, malware removers, and utilities (Hijack This, Spybot S&D, etc ALL fail!)

This is LITERALLY one of two sites that did not get a "Connection Interupted" page load failure screen, so I joined and posted. Can anyone help??

 

Hello Jblade,
Since there is no one program that will detect everything, this may happen to anyone. A compatible layered approach is beneficial. This may be a newer type of spyware that may not be in the NOD32 signature database. There may still be parts of the malware left on your system. I would recommend that you try two excellent free programs that you can use for on demand scanning when such a need arises. Try to download and install Malwarebytes anti malware from Malwarebytes.org. The link to the downlaod page is: http://www.malwarebytes.org/mbam.php.
You can also try to download and install Superantispyware at www.superantispyware.com. Both of these free programs can catch things that many other programs might miss. If you are unable to go directly to the web sites on your computer, see if you can use another computer to download the executables for these programs and put them onto a USB drive that you may use to transfer them to your computer. If that gets blocked you may have to rename the files until they are on your machine. After installation update the program and run a scan. ESET may be good at detecting viruses and some spyware, but as I said previously, no matter how good an anti malware software may be, there may be some new form that might slip through. See if these programs work out for you and if you are successful and they do find something that was missed, let them quaratine whatever was found and leave it in quarantine, it can't do any harm once quarantined. Later you would be able to send these files to ESET so that they may be examined, after you follow the correct procedure to do so. I hope this information will be helpful to you.

 

Hello,

It sounds like you have been infected with malware that is not yet detected by the software. In order to help remove these types of threats, ESET has created a tool called ESET SysInspector which can be used to generate a log file of affected areas of the system.

You can download a copy of ESET SysInspector from ESET, create a log file and mail it to support@eset.sk along with a link to this message thread for analysis and further assistance by a support engineer.

Regards,

Aryeh Goretsky