Helper.sig & _helper.sig

Status
Not open for further replies.
C

ClemsonColin

Everytime I start up my computer, a folder pops up (c:\Program Files\Common). In this folder are the following files ("helper.sig" and "_helper.sig"). I have already removed a third file from that folder (helper.dll).

I followed the Updated 8-step Viruses/Spyware/Malware Preliminary Removal Instructions. Attached are the requested logs.


Some background on how this all played out. Out of the blue, a folder started popping up on my screen whenever i rebooted. The folder was the same folder i mentioned above but it only had two files. After a couple of weeks, a third file showed up. Then a fake program called Spyware Guard started running itself and drastically slowing down my computer. After trying to restore my computer to an earlier point in time, Spyware Guard came back but it took a day or two. Finally, i got fed up with trying to fix the issue. I decided to completely restore my computer back to its original shape when it was shipped to me. I was not happy to see that the "Common Folder" showed up again when my computer was first rebooted.

I appreciate any help or guidance in this matter. Thank you ahead of time and I look forward to resolving this issue for good. Take care.
 
All your logs look ok save one entry in your HJT log.

Please delete the following bold file.

C:\WINDOWS\ALCMTR.EXE

However as a final check, please do the following.

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Post a fresh HJT log and let us know if you're still having problems.
 
New Log and Thank You

here is the new HJT log... i think i am clean at this point in time. Thank you for the help on the ALCMTR.exe file.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E
B
Help with "special permissions" please
Replies
1
Views
523
Nelson28
N
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
400
Fastturtle
F

Latest posts

Back