TechSpot

Trojans/helper.dll/helper.sig

By PsychoDave
Aug 20, 2008
  1. Ok, so in the last few days when I start my machine or restart it a window pops up. C:\Program Files\Common In the window are Helper.dll, Helper.sig, _helper.dll and _helpre.sig. Ive run Ad-Aware full scan as well as SuperantiSpyware and so far the only file other than spyware that has been deleted is _helper.dll. Im still going through the steps that are advised in http://www.techspot.com/vb/topic58138.html


    Any help would be appreciated


    Dave
     
  2. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Ok, ive stopped on step 9. I downloaded CCleaner and ticked all the boxes but got tones of warning messages upon doing so...now im not so sure I want to run that. Will not ticking every box leave a possibility of missing some sort of spyware/malware/virus?
     
  3. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    I ended up running the CCleaner a few times untill 0 files were found and deleted...
     
  4. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Ran Panda Antirootkit programme, no rootkits found
     
  5. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    once you finish post the 3 logs here

    hijackthis
    SAS or MBAM
    ComboFix
     
  6. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Here is the HJT Log, SAS and ComboFix to follow
     
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Post a fresh hijackthis log after you have ran SAS and ComboFix
     
  8. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Just ran ComboFix and reran SAS...here are the logs

    Rerunning HJT now...
     
  9. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Here is the new HJT log
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    * Click here to download FindAWF.exe and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
    • Come back here to this thread and attach the AWF.txt file in your next reply.
     
  11. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    heres the AWF log file...
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    post a fresh hijackthis log
     
  13. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    fresh HJT log as of 9:55pm 8/21
     

    Attached Files:

  14. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    any verdict?
     
  15. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

    =================================================

    Now run hijackthis and place a check next to the items below then click on fix items then exit hijackthis and reboot.

    O15 - Trusted Zone: *.whataboutadog.com
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
    O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

    ====================================

    Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please make sure to post the results of the scan(s) in your next reply)
     
  16. sharkie21

    sharkie21 TS Rookie

    Dave if you resolve it can you let me know the steps. I have the exact same problem as you. My computer keeps restarting also.
     
  17. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    here is the new HJT Log

    The virus scan detected and deleted a bunch of infected files but for some reason the log didnt save... :(

    There were a ton of Trojans and some worms
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here
     
  19. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Ok, I ran SDFix, here is the report...not sure what it says but after rebooting and finishing the Common folder opened and still has the helper.dll, helper.sig and _helper.sig files :(
     
  20. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ComboFix


    Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file**& save it as it's originally named, next to ComboFix.exe.



    [​IMG]


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Drag the setup package onto ComboFix.exe and drop it.

    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      [​IMG]

    • When the tool is finished, it will produce a report for you.

    Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction
     
  21. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    nevermind, saw the answer to my question in one of the pictures.
     
  22. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Make sure to disable any AV or Spyware protection before running this tool
     
  23. PsychoDave

    PsychoDave TS Enthusiast Topic Starter Posts: 135

    Ok, here are the combofix and HJT logs
     
  24. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  25. sharkie21

    sharkie21 TS Rookie

    Trojan/helper.dll/helper.sig

    I have the same problem as Dave. Can you check to see if my HJT log is clean. The windows doesn't pop up anymore after I ran malwarebytes twice, and then deleted helper.sig and the folder. However, my computer restarts randomly.

    Thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...