Need Help With _helper.sig File

Status
Not open for further replies.

pvwojciak

Posts: 10   +0
Hi - this is actually my first post - I promise to head to the "Introduction" section and post there as well.

I've seen this problem described here before, which is what took me to the 8 steps. Upon start-up, a folder called "common" opens up on my desktop with a _helper.sig file in there. There originally were a couple other helper files, but was able to get rid of them with the 8 steps.

I am attaching the logs. If anyone can help, that would be great.

Thanks!!
Paul
 

Attachments

  • mbam-log-2009-03-22 (21-29-38).txt
    1 KB · Views: 5
  • hijackthis.log
    10.8 KB · Views: 5
Hi there. It got rid of one of them. The "common" folder still shows up upon start-up, but now there's only one "helper" file left in there. There were originally two files in there and the Malwarebyte got rid of one of them.

Any ideas?
 
Thanks for the help, Touch. I will try this as soon as I get home from work, and will let you know what happens.
 
Ok, so I tried the MSCONFIG (nothing there about the "common" folder).

I did find and delete the common folder from the C: drive as well as well as the Recycle Bin afterward.

And...nothing popped up when I rebooted. So, great news. I'll monitor the next couple times that the computer is rebooted.

Is there anything else I need to do? Should I delete those programs that were used as part of the 8 steps, or is it good to keep those on my computer?
 
Yes, that´s good news :)

However, there was an infected file in the hijackthis log, I´ll like to see if it´s gone.

Therefore, please attach a fresh hijackthis log
 
Ok, sounds good. Upon reboot this morning, there was again, no "common" folder.

Woohoo!!

And here's the latest HJT file...
 
Great :)


Run a scan with HijackThis. Check the following and hit 'Fix checked'
O18 - Filter hijack: text/html - {87fca9c8-c96a-4c03-9ec9-7c4a871943b0} - C:\WINDOWS\system32\mst122.dll

Reboot to safe mode ->
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
.


Show hidden files and folders
Click Start button, then go to Programs, Accessories and click on Windows Explorer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading please check Show hidden files and folders.
Uncheck the Hide protected operating system files (Recommended) option.
Click Yes to confirm.
Click OK.

Find and delete this file (if present)
C:\WINDOWS\system32\mst122.dll

Reboot normally, attach new hijackthis log
 
Ok, did all those instructions, and attached a new HJT file.

That mst122.dll file was not there when I went in in safe mode and followed those other directions.

Let me know what you see...
 
Ok, but it is still in hijackthis log, and I assume you have fixed it in hijackthis ?. If you have, I suggest we dig deeper -

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Attach the contents of that log in your next reply
 
Yes, I got rid of it in HJT, so I'll take a look into this Combofix. Will let you know once I have a log with that.

Ok, I have the ComboFix log. Let me know what you think.

THANKS!
 

Attachments

  • log.txt
    12.4 KB · Views: 5
Everything's working great on this end. Thanks a ton for the help. You can't imagine how many other methods we used before getting the help here. So, much appreciation from myself and the family (it's the family laptop :)) for your help.

One last question - is it safe to run all of those different spyware/malware programs on my desktop computer? Seeing as those runs uncovered files that I had no idea were there, I wonder if some of that stuff could account for the desktop running slower than usual?

Thanks again!!

Paul
 
That´s good news, it was My pleasure to help :)

I´ll suggest you keep Ccleaner, Malwarebyte or Superantispyware and run them frequently

We´ll remove the other programs now -

Download OTCleanIt here:
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
& save it to your desktop.
Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

I also suggest you read Tony Klein´s article :
http://www.spywareinfoforum.com/index.php?showtopic=60955

If you have any comments or questions, feel free to post back
 
Status
Not open for further replies.
Back