TechSpot

CiD Pop-Ups. Ran NoLop, but still there. Please Help.

By Nanakib
Aug 24, 2007
  1. My parents computer has started to have a CiD pop up all the time. I ran NoLop and updated the system32 file with the new mscomctl.ocx file, but it did not find the rest of the infection. Here is my HJT Log.


    Second question. I would like to get rid of the toolbars my parents have as well. I have attempted to uninstall google toolbar, but it does not uninstall will deleting the registry key do it? Thanks.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You`re running an outdated version of HJT.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Reinstall the Google Toolbar and we help you to get rid of it permanently. Don`t be tempted to start using regedit. It can cause too many unforseen problems.

    Regards Howard :wave: :wave:

    This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Nanakib

    Nanakib TS Rookie Topic Starter

    Okay here is my updated HJT log and my Combofix log.

    Does anyone know if AVGAS interferes with McAfee Virusscan?

    AVG Rootkit did not find anything.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    AVG Antispyware does not interfere with McAfee. Please attach the AVG Antispyware log to your next reply.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    mapi fork.exe<This is the lop file

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [body safe tool drv] C:\Documents and Settings\All Users\Application Data\active move body safe\mapi fork.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\All Users\Application Data\active move body safe<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Nanakib

    Nanakib TS Rookie Topic Starter

    Okay the CiD's pop-ups are gone, but when I unchecked hide folders and files a few weird exe's showed up on my desktop. They are crash.exe, blackhole.exe, and evilsmiley.exe. Any idea how to get rid of them?

    Here is my AVG post from before removing the lop as well.
    View attachment 21328

    Here is my latest HJT report and Combofix report. I will run AVG after posting this.
    View attachment 21325

    View attachment 21327




    Thanks for all the help so far.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All items in your AVG Antispyware log say "No Action Taken". This is because you didn`t follow the instructions properly for using AVG Antispyware. See HERE.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    crash.exe
    blackhole.exe
    evilsmiley.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).

    crash.exe
    blackhole.exe
    evilsmiley.exe


    Reboot into normal mode and rehide your protected OS files.

    Post a fresh AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Nanakib

    Nanakib TS Rookie Topic Starter

    Sorry about that. I saved the log before pushing apply action. Here is a new one. View attachment 21331
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, that`s fine mate.

    Follow the instructions in my post above and let me know how your system is running. Obviously, I no longer require an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Nanakib

    Nanakib TS Rookie Topic Starter

    Okay I deleted those files too. Do you need any new log files from HJT or Combofix? The CiD pop-ups are gone. Thanks for all the help!
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If you`re not having any further problems, you should be good to go.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...