Problem: User has Trojan/Adware BHO
Symptoms:
- Internet Explorer crashes
- Performance degradation. Took more than 10 minutes to log into the computer
- At bootup/startup, the “C:\Program Files\Common” folder opens up automatically and contains helper.dll and _helper.dll
- Popups/Ads indicating viruses are present
How to remove helper.dll and _helper.dll
1. Download and run HijackThis
2. You will probably see two entries like these:
- O2 – BHO: Browser Helper Object – {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} – C:\Program Files\Common\_helper.dll
- O18 – Filter: text/html – {921b3402-a7b7-411d-84a6-70f617503fe9} – C:\WINDOWS\system32\dsound3dd.dll
3. Place a checkmark next to both and click on “Fix checked”
4. Download, install, and run CCleaner
5. Download, install, and run Malwarebytes (don’t forget to update the definitions before scanning)
6. Scan your machine using AntiVirus software
Online Scanners:
Or Download:
7. After bootup, you still may have an issue with the “C:\Program Files\Common” folder opening up automatically. Delete the folder since it was created by the Trojan, it should be empty; and is not necessary. If you want to keep it,you can also do the following:
1. Open up the registry (via regedit.exe)
2. Navigating to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Make sure all Data values under this key are surrounded by quotation marks.
4. Exit out and reboot.
For more information on this particular threat: