I have competed the 8 steps for virus removal and still have a common file pop up

By awndrea ยท 5 replies
Nov 2, 2008
  1. I completed the 8 steps but still have program files\common window pop up. I don't know what else to do.
  2. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    You have not done the steps properly

    Your Malwarebytes log reveals that you did not remove a total of 25 infections that were found on your system.
    Please run Mbam again and remove whatever is found. Also please post your SaS log, another thing, run a new HJT scan and post the log.

    It would also help if you state what your problem is. Be specific.
  3. almcneil

    almcneil TS Guru Posts: 1,277

    If Malwarebytes can't remove it, then try Ad-Aware 2008 (see Download section at this site) It specifically targets this type of spyware.

    -- Andy
  4. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    What do you mean by, "If malwarebytes can't remove it"? Why wouldn't Mbam be able to remove them?
  5. awndrea

    awndrea TS Rookie Topic Starter

    It started about a month ago. When I would restart my computer, Program Files\Common would pop up with two files, _helper.sig and helper.sig. I didn't know what it was, but I did a complete scan with Norton and all that it found were some tracking cookies. Meanwhile, my computer has been running a little slow and I've been having problems with ending tasks.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    NOTE to tw0rld: I was up early and thought I'd give you a hand. Please feel free to make any changes- additions, deletions or other to my review of the logs.

    It's not a question of "can't". It's a matter of the user not checking to have the malware removed. running another program isn't an issue here- running Malwarebytes correctly is the issue.

    What is strange though is that the new log doesn't even show these infections at all- present or removed.

    Have SAS remove the tracking Cookies. See image here:

    For adyieldmanager: Ad.yieldmanager.com is a known adware site and should t be included in your "Restricted Sites list". It will place itself in Trusted Sites and can be removed from there and added to Restricted:
    Internet Options> Security tab> Trusted sites> Sites button> A window will open with the trusted sites...allowing you to add or remove entries...> Remove the Ad.yieldmanager entry from the list if there> Go to the Restricted Sites> Sites and Add it there> OK> Apply> OK..

    To reset the Cookies:
    Update Java: Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
    Please install it and then reboot your computer.

    Per Step 1 in the cleaning, you must disable Realtime Protetion:
    Spybot S&D (Teatimer)
    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    Please reopen HijackThis and scan. Check the following processes:
    The following sites are known for adware. I advise removing them:
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus, firewall, touchpad if laptop> Apply> OK
    NOTE: this includes any reference to MSZipTools which is a Trojan ad-clicker)

    Control Panel> Add/Remove Programs> uninstall the flowing if present:
    Any Java EXCEPT v6u10
    Smart Cource or 'Coupons'
    Offers, Incentives

    Please look at the installed programs list. If there are any you do not use, uninstall them. If you are not sure what it does, include the name with the next log.

    Right click on Start> explore> Windows> System32> delete the following if found:

    Reboot into Normal Mode> you will get a nag message which you can ignore after checking 'don't show this message again'. Stay i Seelctive Startup.

    Run HijackThis again and attach log.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...