I have competed the 8 steps for virus removal and still have a common file pop up
- Thread starter awndrea
- Start date
- Status
tw0rld
Posts: 549 +6
You have not done the steps properly
Your Malwarebytes log reveals that you did not remove a total of 25 infections that were found on your system.
Please run Mbam again and remove whatever is found. Also please post your SaS log, another thing, run a new HJT scan and post the log.
It would also help if you state what your problem is. Be specific.
Your Malwarebytes log reveals that you did not remove a total of 25 infections that were found on your system.
Please run Mbam again and remove whatever is found. Also please post your SaS log, another thing, run a new HJT scan and post the log.
It would also help if you state what your problem is. Be specific.
tw0rld
Posts: 549 +6
What do you mean by, "If malwarebytes can't remove it"? Why wouldn't Mbam be able to remove them?
It started about a month ago. When I would restart my computer, Program Files\Common would pop up with two files, _helper.sig and helper.sig. I didn't know what it was, but I did a complete scan with Norton and all that it found were some tracking cookies. Meanwhile, my computer has been running a little slow and I've been having problems with ending tasks.
Bobbye
Posts: 16,313 +36
NOTE to tw0rld: I was up early and thought I'd give you a hand. Please feel free to make any changes- additions, deletions or other to my review of the logs.
What is strange though is that the new log doesn't even show these infections at all- present or removed.
Have SAS remove the tracking Cookies. See image here:
http://screenshots.en.softonic.com/en/scrn/50000/50803/3_antispy4.jpg
For adyieldmanager: Ad.yieldmanager.com is a known adware site and should t be included in your "Restricted Sites list". It will place itself in Trusted Sites and can be removed from there and added to Restricted:
Internet Options> Security tab> Trusted sites> Sites button> A window will open with the trusted sites...allowing you to add or remove entries...> Remove the Ad.yieldmanager entry from the list if there> Go to the Restricted Sites> Sites and Add it there> OK> Apply> OK..
To reset the Cookies:
Update Java: Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
Per Step 1 in the cleaning, you must disable Realtime Protetion:
Spybot S&D (Teatimer)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Please reopen HijackThis and scan. Check the following processes:
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus, firewall, touchpad if laptop> Apply> OK
NOTE: this includes any reference to MSZipTools which is a Trojan ad-clicker)
Control Panel> Add/Remove Programs> uninstall the flowing if present:
Any Java EXCEPT v6u10
MSXZiupTools
Smart Cource or 'Coupons'
Offers, Incentives
Please look at the installed programs list. If there are any you do not use, uninstall them. If you are not sure what it does, include the name with the next log.
Right click on Start> explore> Windows> System32> delete the following if found:
msziptools.dll
Reboot into Normal Mode> you will get a nag message which you can ignore after checking 'don't show this message again'. Stay i Seelctive Startup.
Run HijackThis again and attach log.
It's not a question of "can't". It's a matter of the user not checking to have the malware removed. running another program isn't an issue here- running Malwarebytes correctly is the issue.
What is strange though is that the new log doesn't even show these infections at all- present or removed.
Have SAS remove the tracking Cookies. See image here:
http://screenshots.en.softonic.com/en/scrn/50000/50803/3_antispy4.jpg
For adyieldmanager: Ad.yieldmanager.com is a known adware site and should t be included in your "Restricted Sites list". It will place itself in Trusted Sites and can be removed from there and added to Restricted:
Internet Options> Security tab> Trusted sites> Sites button> A window will open with the trusted sites...allowing you to add or remove entries...> Remove the Ad.yieldmanager entry from the list if there> Go to the Restricted Sites> Sites and Add it there> OK> Apply> OK..
To reset the Cookies:
Update Java: Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
Per Step 1 in the cleaning, you must disable Realtime Protetion:
Spybot S&D (Teatimer)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Please reopen HijackThis and scan. Check the following processes:
The following sites are known for adware. I advise removing them:
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus, firewall, touchpad if laptop> Apply> OK
NOTE: this includes any reference to MSZipTools which is a Trojan ad-clicker)
Control Panel> Add/Remove Programs> uninstall the flowing if present:
Any Java EXCEPT v6u10
MSXZiupTools
Smart Cource or 'Coupons'
Offers, Incentives
Please look at the installed programs list. If there are any you do not use, uninstall them. If you are not sure what it does, include the name with the next log.
Right click on Start> explore> Windows> System32> delete the following if found:
msziptools.dll
Reboot into Normal Mode> you will get a nag message which you can ignore after checking 'don't show this message again'. Stay i Seelctive Startup.
Run HijackThis again and attach log.
- Status
Similar threads
Latest posts
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Squid Surprise replied
-
How to play PS1 Doom on PC (and why you might want to)- Daniel Sims replied
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
-
Google is cracking down on third-party apps that block YouTube ads- Athlonite replied
