Another CiD ad victim

By pajoe
Mar 22, 2008
  1. --------------------------------------------------------------------------------

    I have also got the damn thing. Can you please help me? I am a novise at this, so please explain it as simple as you can. Also i am norwegian, so my inglish is not perfect.

  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I am not on my normal computer or I would have a saved speech for this, but go to

    Start, Control panel, Add/remove programs and uninstall anything that starts with Cid.

    Then Run through the 15 step preliminary removal
  3. kritius

    kritius TS Guru Posts: 2,084

    Hey blind ive got it here,

    1)Uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and

    double-click on Add/Remove Programs. From within Add/Remove Programs

    highlight each one and select Remove.

    Browser Enhancer
    CiD Help
    CiD Manager
    Download Plugin for Internet Explorer
    Messenger Plus
    Ultimate Browser Enhance
    Window Search
    Window Searching
    Zone Media

    2)Setup" is now displayed. Click on the Uninstall button. Note: options

    displayed on the first screen are not related to the sponsor program.

    3)The sponsor screen is now displayed (if you don't see it, search for it

    in your Task Bar). To prove that someone is currently reading the screen,

    you have to type the code that is displayed
    . Once you enter the code,

    press Uninstall.

    4)If you entered the code properly, the program will ask you to confirm that

    you want to uninstall. You must answer "Yes" to this question,

    else, you won't have another chance of uninstalling.

    5)Reboot your computer

    6)Run another scan with Hijackthis and attach a new log
  4. pajoe

    pajoe TS Rookie Topic Starter

    CiD ads

    The damn thing is still here after 9 hours of scanning my pc according to the 15 step program. The Panda antiroot came up with nothing. Help!!!!
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Navigate to c:\winnt\system32\drivers\etc\hosts

    With the hosts file open delete the following entries:

    Close your hosts file. While still in the etc folder -> Right click on the hosts file and select properties, make sure that Read-only is checked


    You aren't running Firewall Software. Please download and install one of these first!

    Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
    Online Armor

    Boot into Safe Mode - Print out this section
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
      O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users.WINNT\Programdata\Part title burn dvd\Free Safe.exe
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    Show hidden files through windows explorer
    • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
    • On the Tools menu in Windows Explorer, click Folder Options.
    • Click the View tab.
    • Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.

    Use Windows Explorer to navigate to and delete the following files:

    C:\Documents and Settings\All Users.WINNT\Programdata\Part title burn dvd <-This folder only

    Rehide system Files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    Restart your computer into normal mode

    Run a new scan with Hijackthis from normal mode and attach the log


    :Run Kaspersky Online AV Scanner:

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply

    So your next reply should include
    1)New Hijackthis log
    2)The kaspersky log

    These instructions are for the use of pajoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. pajoe

    pajoe TS Rookie Topic Starter

    I have NOT seen the ad's for the last hours. I hope that it's gone. I am extremely thankful for your help.
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Still a lot of infections showing on there. When you ran housecall did you have it fix everything it found? It shows some infections in quarantine.

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...