NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need help

Discussion in 'NOD32 version 2 Forum' started by exnergy, Mar 4, 2007.

Thread Status:
Not open for further replies.
  1. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Since last friday I receive NOD32 2.7 (updated, latest vir definitions) alerts that there is a possible a version of Win32/Genetik trojan and it runs from windows/system32/helper.dll and helper1.dll and then it (according to Nod32 alert) creates ri.exe in documents and settings/favourite/temp

    Alert mainly shows up when browsing i-net with the latest firefox.

    When the alert showed up for the first time I was using Kerio 4.2 firewall, then I switched to COMODO - but as it slows down my computer and webbrowsing i switched to jetico 1 firewall

    And just one sec ago I received another alert from NOD32 that there was helper.dll and helper1.dll quarantined as there is a probably variant of win32/genetik trojan

    HELP :)
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    exnergy, I suggest you to run a full system scan with NOD32 in Safe Mode. What is i-net ?
     
  3. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    i-net stands for internet ;)

    ~snip~ removed HijackThis log file ~ Blackspear - I am afraid we no longer allow the posting of unsolicited HijackThis logs as per this Announcement
     
    Last edited by a moderator: Mar 4, 2007
  4. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    I have notice You are using COMODO pro firewall, how does it affect your system performance?
    When I have latest comodo installed I got really slow web browsing, freshly installed WIN XP home was also slow - I have 1 GB ram and Turion 1,8Ghz processor with 5400rpm mobile Samsung drive. When working in full speed and with silent mode(800mhz) - there was no difference - comodo seemed to slow down such a pretty speedy system. OR maybe it was because I have updated old comodo to the newest one(frankly doubt it, cause I heard comodo eats resources) ..hmmm?
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    My system performance is not affected at all by comodo. Basically I don't feel it. Please let us know how is your scanning going. Do you have the latest version: 2.7 ? And how about the latest signatures ? Do you have 2093 ?
     
  6. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    by now nod32 (2.7, latest vir definitions) found some dll's with poissible trojan in system volume information on C: disk, and I deleted them. Cant rememer oif this system volume foilders come with Noreton system works, as I have part of this apps installed.

    still scannuing ( i am connected via another pc now)

    Concerning comodo: I have one installed on PC desktop also (athlon 2100 , hdd 7200rpm, 512 ram), and it dont affect its performance, as I saw it on notebook(turion 1,8 ghz, hdd 5400rpm, 1gb ram), but I have had some bittorrent issues previously (now i have found some settings guides at comodo forum). Well i dont know what is the issue with this at notebook's system.(maybe 5400rpm is stil too slow).
     
  7. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    well , I had to stop nod32 in safe mode (after some dll's with troan deleted) cause some guys from hijackthis wanted me to perform theit test. If their methods fail I will be looking for a help here, but for now I am waiting for their assistance ;)
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    ok, exnergy. ;)
     
  9. exnergy

    exnergy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    6
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    ok as the hijackers ;) seem to have siesta-time I am going to try nod32 in safe mode. (right now is scanning)
     
  10. wastelander

    wastelander Registered Member

    Joined:
    Mar 11, 2007
    Posts:
    2
    Re: NOD32 alert>in Windows/system32/helper.dll Win32/Genetik trojan -important! need

    I have encountered the exactly same problem as exnergy's these two days.
    exnergy, have you solved this problem?
    Can you post the solution here?
     
  11. ASpace

    ASpace Guest

    The solution is to scan with NOD32 (possibly in Safe Mode) and remove infections found

    :thumb:
     
  12. wastelander

    wastelander Registered Member

    Joined:
    Mar 11, 2007
    Posts:
    2
    Hello HiTech_boy,

    I have scaned with NOD32 in both normal and safe mode. However, no infected file has been found.
    I also have set the settings the exactly the same as what Blackspear has suggested and then scaned again in both normal and safe mode. Nothing improved.
    NOD32 just keeps alerting the Win32/Genetik trojan from windows/system32/helper.dll and helper1.dll and creation of ri.exe in documents and settings/favourite/temp.
    Through what I have investigated, I do not consider it as false alarm but some virus that I can do nothing so far.
    Have you experienced exactly the same problem and solved it? It will be highly appreciated if you can give me a hand.
     
  13. ASpace

    ASpace Guest

    Hi . No , I haven't experience the same problem . Have you scanned with Ewido ?
     
Thread Status:
Not open for further replies.