c:\programfiles\common

Discussion in 'Malware Help (A Specialist Will Reply)' started by sassysmurf, Mar 7, 2009.

  1. sassysmurf

    sassysmurf Private E-2

    I am running WindowsXP on a Lenovo laptop. I use the latest CA Security suite software for my regular antivirus. I have been having problems for about a year now that started with a Win32/vmalum infection that was "cured" by my AV software, since then I keep getting infection after infection. I restored to before the problems began but last week I again got notices of infection with vmalum that were then (again) "cured" by my antivirus. Today I got a screen that popped up upon startup with the folder C:\Program Files\Common with helper.dll and helper.sig. I ran my CA antivirus and antispyware software then I ran Superantispyware, Adaware, and Superantispyware again before coming across this forum. I have since followed the instructions for the XP Cleaning Procedures but upon startup I still have C:\Program Files\Common popping up but it is now empty. Attatched are the requested logs.
     

    Attached Files:

    sassysmurf, Mar 7, 2009
    #1
  2. sassysmurf

    sassysmurf Private E-2

    MG Log
     

    Attached Files:

    sassysmurf, Mar 7, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do you know what these are:
    C:\d0cbd992c84e302493
    C:\WINDOWS\JS08GOW4CKS08GOW

    Use windows explorer to find and delete:
    C:\Program Files\NoAdware

    Now use add/remove programs to delete:
    J2SE Runtime Environment 5.0 Update 6

    Reboot and install:
    Java Runtime 6

    Are you still having problems?
     
    TimW, Mar 10, 2009
    #3
  4. sassysmurf

    sassysmurf Private E-2

    I have no idea what either of those files are.

    I deleted the Noware folder and removed my Java and replaced it with the Java 6.0 version you suggested.

    I am still having the c:\programfiles\common popup upon start up. The folder is empty, just pops up. Perhaps I should just delete the folder?
     
    sassysmurf, Mar 10, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If that folder is empty, then:

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Let me know if that stops it.
     
    TimW, Mar 10, 2009
    #5
  6. sassysmurf

    sassysmurf Private E-2

    It worked!! :)

    I got a success message when I double clicked on the .reg file and so far no more pop-ups!

    Should I now delete the .reg file? And should I proceed with the final 'Readme' instructions to turn off windows recovery then turn it back on? Also, since Lenovo has a seperate recovery function do I need to do anything with that to ensure none of my infections are saved as recovery files that could wreck my computer again??

    Thank you so much!!!
     
    sassysmurf, Mar 11, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good! Then If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:


    your cool...you can just delete the reg fix on the desktop. Now as to your backup folder....unless you have had it updated while you were infected, you would be safe to update it now. Otherwise, you may want to create a new backup.
     
    TimW, Mar 13, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds