CiD popup grrrr Help please

Status
Not open for further replies.

Donnamck

Posts: 10   +0
Hi,

I am new and am in Australia.

I seem to have the CiD popups coming up on my laptop (running Windows XP).

I have AVG, Spybot S&D, Ad-Aware, CCleaner, Defender, Spyware Guard, Spyware Blaster and Tune-Up Utilities on it and run all regularly.

The kids have downloaded games and Gaia and now it has this problem.

Help please as this is my work computer.

Thanks

Donna
 
Hi donna

Can you please read THIS before deciding what you want to do

If you decide you would like to clean your system, please read THIS and follow the directions exactly in the order they are posted


This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Blind Dragon,

Yes I want to clean the computer not reformat it (reformatting is the chickens way out :haha:)

I have printed out the instructions and will do them now.....it might take a bit of time though.

Will post when I have done it all.

Thanks

Donna
 
I am up to step 10 and the only thing I have run is Micro trend online virus scanner as in step 3....do I keep going?

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

lol cancel that question....I just got a pop up grrrr ok going to finish the rest of the steps........
 
yes please complete the entire process without skipping anything, once you finish and post the logs somebody will be able to tell you what to do next.

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

yes please complete the entire process without skipping anything, once you finish and post the logs somebody will be able to tell you what to do next.


This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
sorry I have not got back to you but I have been extremely busy. I will post the logs today.

I have also started another thread but it is a different comuter with the same problem and didnt want to confuse to two

ok here are the logs for my laptop and the CiD popup is still on it........

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
 
Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type msconfig. Press the enter key.
    Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

    book ante

  4. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

  5. Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    Viewpoint

  6. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Donna\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close HJT.

  7. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    Folder::
    C:\Program Files\Viewpoint
    C:\Program Files\Else plus
    C:\Documents and Settings\Tara\Application Data\Else plus
    C:\Program Files\Circle Developement
    C:\Documents and Settings\Donna\Application Data\Else plus
    C:\Documents and Settings\All Users\Application Data\title tool face bin
  8. Save this as CFScript on the desktop.
  9. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  10. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

  11. Reboot into normal mode and rehide your protected OS files.
Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok I done what you said but #3 I could not find book ante and #6 023 - Service: Viewpoint Manager Service was not their either.

I did do the rest and here are the logs.


Sorry Moderator if I done this wrong again
 
Hi,

No worries you're doing fine. Please download and run CCleaner via step 9 of the instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type msconfig. Press the enter key.
    Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

    face bin load show

  4. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
    O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Application Data\title tool face bin\pure intra.exe
    Close HJT.

  5. Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\Documents and Settings\All Users\Application Data\title tool face bin

  6. Reboot into normal mode and rehide your protected OS files.
Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread. Do not copy and paste the logs.


Regards,
momok =)

This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok done that;

could not find the files in #5 to delete.

Here are new logs.

I have made another thread about the same problem BUT it is a DIFFERENT computer.
 
Hi,

Have HijackThis fix these entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: Shopping - {A8EA8602-BC2F-458E-A6F4-71FAD3D01E11} - http://www.ozeshopping.com.au (file missing) (HKCU)
O9 - Extra button: OzEmail - {D0DB7E40-1BCE-4234-82D9-534BCDAC756A} - http://www.ozemail.com.au (file missing) (HKCU)

Navigate in Windows Explorer manually and delete this file.
C:\WINDOWS\Tasks\AD4DD40D918A47B5.job

Other than that your system is clean now.
  1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

  2. Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

  3. After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

  4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
momok =)

This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Navigate in Windows Explorer manually and delete this file.
C:\WINDOWS\Tasks\AD4DD40D918A47B5.job


I cannot find this file....the only one that is in there like that is C:\WINDOWS\Tasks\AD4DD40D918A47B5

it does not have the .job do I delete this file??

I had a look in properties of that file and it said it had the .job on it so I deleted it and done the other steps.

Just doing a defrag now .....thank you so very much for your patience and help with this.........

now to get the stupid thing off my daughters computer...........

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
 
Status
Not open for further replies.
Back