02/25/2015

SONAR.SuspHelpRun

Type:  Other
Discovered:  25.02.2015
Updated:  25.02.2015
Affected systems:  Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
AV Vendor:  Symantec

Description:

SONAR.SuspHelpRun is a heuristic detection that is designed to detect suspicious modifications to system startup behaviors and the Windows help folder.


SUBMITTING A SAMPLE TO Naked Security
Please submit files that are detected as SONAR.SuspHelpRun to Naked Security so that these new risks or variants can be identified and assigned specific names. To learn how to submit a file, read the document for the type of Symantec antivirus product that you are using:

• Norton users
  To learn how to submit a file to Naked Security using Norton products, please read the following document:
  Manually submitting an item to Symantec
  

• Business users
  To learn how to submit a file to Naked Security using Symantec Endpoint Protection, please read the following document:
  The Naked Security sample submission process
  

REMOVING A FILE FROM QUARANTINE
It is possible to restore a file from quarantine to its previous location on your computer. This should only be done if you are certain that the file is not malicious. Symantec strongly recommend that you submit the file that was detected as SONAR.SuspHelpRun even if you choose to restore the file from quarantine.

• Norton users
  To learn how to restore a file from quarantine using Norton products, please read the following document:
  Restoring an item from the Quarantine
  

• Business users
  To learn how to restore a file from quarantine using Symantec Endpoint Protection products, please read the following document:
  Restoring a false positive file detection from the Symantec Endpoint Protection quarantine

Removal instructions from Symantec Security Response Team

You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your computer has been affected by this risk.

Before proceeding further we recommend that you run a full system scan. If that does not resolve the problem you can try one of the options available below.



FOR NORTON USERS
If you are a Norton product user, we recommend you try the following resources to remove this risk.

Removal Tool

• Run Norton Power Eraser (NPE)
• Norton Power Eraser did not remove this risk

If you have an infected Windows system file, you may need to replace them using from the Windows installation CD.


How to reduce the risk of infection
The following resources provide further information and best practices to help reduce the risk of infection.

• Operating system updates to fix vulnerabilities
• File sharing protection
• Disable Autorun (CD/USB)
• Best practices for instant messaging
• Best practices for browsing the Web
•