Trojans/helper.dll/helper.sig

[PsychoDave]

Ok, so in the last few days when I start my machine or restart it a window pops up. C:\Program Files\Common In the window are Helper.dll, Helper.sig, _helper.dll and _helpre.sig. Ive run Ad-Aware full scan as well as SuperantiSpyware and so far the only file other than spyware that has been deleted is _helper.dll. Im still going through the steps that are advised in https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/


Any help would be appreciated


Dave

 

[PsychoDave]

Ok, ive stopped on step 9. I downloaded CCleaner and ticked all the boxes but got tones of warning messages upon doing so...now im not so sure I want to run that. Will not ticking every box leave a possibility of missing some sort of spyware/malware/virus?

 

[PsychoDave]

I ended up running the CCleaner a few times untill 0 files were found and deleted...

 

[PsychoDave]

Ran Panda Antirootkit programme, no rootkits found

 

[xxdanielxx]

once you finish post the 3 logs here

hijackthis
SAS or MBAM
ComboFix

 

[PsychoDave]

Here is the HJT Log, SAS and ComboFix to follow

 

[xxdanielxx]

Post a fresh hijackthis log after you have ran SAS and ComboFix

 

[PsychoDave]

Just ran ComboFix and reran SAS...here are the logs

Rerunning HJT now...

 

[PsychoDave]

Here is the new HJT log

 

[xxdanielxx]

* Click here to download FindAWF.exe and save it to your desktop.

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
• Come back here to this thread and attach the AWF.txt file in your next reply.

 

[PsychoDave]

heres the AWF log file...

 

[xxdanielxx]

post a fresh hijackthis log

 

[PsychoDave]

Fresh HJT log as of 9:55pm 8/21

 

[PsychoDave]

any verdict?

 

[xxdanielxx]

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

=================================================

Now run hijackthis and place a check next to the items below then click on fix items then exit hijackthis and reboot.

O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

====================================

Please run an on-line virus scan at http://www.kaspersky.com/virusscannerKaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please make sure to post the results of the scan(s) in your next reply)

 

[sharkie21]

Dave if you resolve it can you let me know the steps. I have the exact same problem as you. My computer keeps restarting also.

 

[PsychoDave]

here is the new HJT Log

The virus scan detected and deleted a bunch of infected files but for some reason the log didnt save...

There were a ton of Trojans and some worms

 

[xxdanielxx]

Download & Install SDFix

• Download SDFix & save it to your Desktop.
• Double click SDFix.exe & it will extract the file to %systemdrive%
  (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode

• Restart your computer & start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix

• Open the extracted SDFix folder & double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
• Attach Report.txt back here

 

[PsychoDave]

Ok, I ran SDFix, here is the report...not sure what it says but after rebooting and finishing the Common folder opened and still has the helper.dll, helper.sig and _helper.sig files

 

[xxdanielxx]

ComboFix

• Download ComboFix to your desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file**& save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

 

[PsychoDave]

nevermind, saw the answer to my question in one of the pictures.

 

[xxdanielxx]

Make sure to disable any AV or Spyware protection before running this tool

 

[PsychoDave]

Ok, here are the combofix and HJT logs

 

[xxdanielxx]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

[sharkie21]

Trojan/helper.dll/helper.sig

I have the same problem as Dave. Can you check to see if my HJT log is clean. The windows doesn't pop up anymore after I ran malwarebytes twice, and then deleted helper.sig and the folder. However, my computer restarts randomly.

Thanks.