TechSpot

Need Help With _helper.sig File

By pvwojciak
Mar 23, 2009
  1. Hi - this is actually my first post - I promise to head to the "Introduction" section and post there as well.

    I've seen this problem described here before, which is what took me to the 8 steps. Upon start-up, a folder called "common" opens up on my desktop with a _helper.sig file in there. There originally were a couple other helper files, but was able to get rid of them with the 8 steps.

    I am attaching the logs. If anyone can help, that would be great.

    Thanks!!
    Paul
     

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hello Paul.

    It looks like malwarebyte got rid of it ?
     
  3. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Hi there. It got rid of one of them. The "common" folder still shows up upon start-up, but now there's only one "helper" file left in there. There were originally two files in there and the Malwarebyte got rid of one of them.

    Any ideas?
     
  4. touch

    touch TS Rookie Posts: 978

    Check in msconfig, if you have anything about common folder checked, if you have, untick it. Look here how to:
    http://netsquirrel.com/msconfig/

    Also delete common folder from C: Progam Files.

    Reboot, and tell how thing are running now ?
     
  5. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Thanks for the help, Touch. I will try this as soon as I get home from work, and will let you know what happens.
     
  6. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Ok, so I tried the MSCONFIG (nothing there about the "common" folder).

    I did find and delete the common folder from the C: drive as well as well as the Recycle Bin afterward.

    And...nothing popped up when I rebooted. So, great news. I'll monitor the next couple times that the computer is rebooted.

    Is there anything else I need to do? Should I delete those programs that were used as part of the 8 steps, or is it good to keep those on my computer?
     
  7. touch

    touch TS Rookie Posts: 978

    Yes, that´s good news :)

    However, there was an infected file in the hijackthis log, I´ll like to see if it´s gone.

    Therefore, please attach a fresh hijackthis log
     
  8. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Ok, sounds good. Upon reboot this morning, there was again, no "common" folder.

    Woohoo!!

    And here's the latest HJT file...
     
  9. touch

    touch TS Rookie Posts: 978

    Great :)


    Run a scan with HijackThis. Check the following and hit 'Fix checked'
    O18 - Filter hijack: text/html - {87fca9c8-c96a-4c03-9ec9-7c4a871943b0} - C:\WINDOWS\system32\mst122.dll

    Reboot to safe mode ->
    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.
    .


    Show hidden files and folders
    Click Start button, then go to Programs, Accessories and click on Windows Explorer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the "Hidden files and folders" heading please check Show hidden files and folders.
    Uncheck the Hide protected operating system files (Recommended) option.
    Click Yes to confirm.
    Click OK.

    Find and delete this file (if present)
    C:\WINDOWS\system32\mst122.dll

    Reboot normally, attach new hijackthis log
     
  10. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Ok, did all those instructions, and attached a new HJT file.

    That mst122.dll file was not there when I went in in safe mode and followed those other directions.

    Let me know what you see...
     
  11. touch

    touch TS Rookie Posts: 978

    Ok, but it is still in hijackthis log, and I assume you have fixed it in hijackthis ?. If you have, I suggest we dig deeper -

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any


    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply
     
  12. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Yes, I got rid of it in HJT, so I'll take a look into this Combofix. Will let you know once I have a log with that.

    Ok, I have the ComboFix log. Let me know what you think.

    THANKS!
     

    Attached Files:

    • log.txt
      File size:
      12.4 KB
      Views:
      5
  13. touch

    touch TS Rookie Posts: 978

    It looks clean.

    How are your computer behaving now ?
     
  14. pvwojciak

    pvwojciak TS Rookie Topic Starter

    Everything's working great on this end. Thanks a ton for the help. You can't imagine how many other methods we used before getting the help here. So, much appreciation from myself and the family (it's the family laptop :)) for your help.

    One last question - is it safe to run all of those different spyware/malware programs on my desktop computer? Seeing as those runs uncovered files that I had no idea were there, I wonder if some of that stuff could account for the desktop running slower than usual?

    Thanks again!!

    Paul
     
  15. touch

    touch TS Rookie Posts: 978

    That´s good news, it was My pleasure to help :)

    I´ll suggest you keep Ccleaner, Malwarebyte or Superantispyware and run them frequently

    We´ll remove the other programs now -

    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.

    I also suggest you read Tony Klein´s article :
    http://www.spywareinfoforum.com/index.php?showtopic=60955

    If you have any comments or questions, feel free to post back
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...