Helkern

Discussion in 'Malware Help (A Specialist Will Reply)' started by sunfrackle, Jun 16, 2006.

  1. sunfrackle

    sunfrackle Private E-2

    Kasperski anti-hacker keeps repulsing Helkern attacks, sometimes ten times per day. Six days in total.I'm not sure wheather Helkern caused any damage yet. It always attacks from different IP address. I'm using Adaware,AVG,Spyboot S&D, Ewido anti-malware and Kaspersky anti-hacker,windows XP sp2 . I also use windows washer and Tune Up utilities. I'm not sure is it related to Helkern attacks but half of my desktop icons just vanished and sometimes i have trouble turning off the system. I attached Kaspersky log-file.
     

    Attached Files:

    sunfrackle, Jun 16, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Jun 17, 2006
    #2
  3. sunfrackle

    sunfrackle Private E-2

    I followed all from READ & RUN ME instructions and at first it seemed it worked out. Anyway I installed Zone alarm instead of Kaspersky anti-hacker. ZA is still reporting that malicious attacks were blocked. I'm sending logs. Panda didn't find anything, I would send log but I deleted log file by mistake.
     

    Attached Files:

    sunfrackle, Jun 20, 2006
    #3
  4. sunfrackle

    sunfrackle Private E-2

    I had no problem scanning, only bitedefender & counterspy found infected files. I attached Zone alarm log. It took a few hours to scan with panda via High speed connection. It was kind of strange. Bitedefender finished up much quicker.
     

    Attached Files:

    sunfrackle, Jun 20, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not according to your HijackThis log. I only see Kaspersky still installed.

    Is Ewido a paid or free version? If free, I recommend uninstalling since you have Ad-watch from Lavasoft.
    Is CounterSpy a paid or free version? If free, I recommend uninstalling since you have Ad-watch from Lavasoft.


    We do not ask for Bitdefender log attachments to be PDF files. It should have been a plain text file if you follow the directions in step 6 exactly.


    The only item you need to fix from your HJT log is:
    R3 - URLSearchHook: (no name) - {A4B26649-C767-4BDC-A2BC-0011D78DA9A1} - (no file)

    I'm assuming the below are valid entries you configured. Is this true?
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sbb.co.yu:8080
     
    Last edited: Jun 20, 2006
    chaslang, Jun 20, 2006
    #5
  6. sunfrackle

    sunfrackle Private E-2

    Scans were already done when I installed ZA. ZA doesen't recognize AVG.I fixed problem you suggested. Proxy was my configuration, but mini search wasn't. I already uninstalled ewido, because after Run & read me first I had too many different security programs and it slowed down system a lot. I send new HJT log.
     

    Attached Files:

    sunfrackle, Jun 20, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only item from the READ ME that would use any system resources is CounterSpy which you installed in place of Windows Defender. Since you have a paid subscription to Ad-Aware (I see Ad-watch), you should also uninstall CounterSpy.

    Your HJT log still shows minisearch. I assumed you were fixing it. Also there is now an additional R0 line. Have HJT fix the below:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode and post a new HJT log.


    Make sure you tell me how things are working now.
     
    chaslang, Jun 20, 2006
    #7
  8. sunfrackle

    sunfrackle Private E-2

    I reseted web settings. Do I need to clear all cookies & cash from firefox too?
    I unistalled CounterSpy so the system works a little faster.It seems okay so far. Do you need ZA log too? It still reports some high rated attacks and a lots of medium and low rated ones.
     

    Attached Files:

    sunfrackle, Jun 21, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not really concerned about cookies. They are not really a problem to be concerned with. You could empty the cache though.

    As long as ZA is blocking the attacks , your fine. You have gotten yourself onto the list have some hackers and once they have your IP address it is hard to get off the list. They may eventually quit after they keep getting blocked. The other alternative is to get your IP address changed.


    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Jun 21, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds