TechSpot

CiD popup grrrr Help please

By Donnamck
Dec 18, 2007
  1. Hi,

    I am new and am in Australia.

    I seem to have the CiD popups coming up on my laptop (running Windows XP).

    I have AVG, Spybot S&D, Ad-Aware, CCleaner, Defender, Spyware Guard, Spyware Blaster and Tune-Up Utilities on it and run all regularly.

    The kids have downloaded games and Gaia and now it has this problem.

    Help please as this is my work computer.

    Thanks

    Donna
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi donna

    Can you please read THIS before deciding what you want to do

    If you decide you would like to clean your system, please read THIS and follow the directions exactly in the order they are posted


    This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Donnamck

    Donnamck TS Rookie Topic Starter

    Hi Blind Dragon,

    Yes I want to clean the computer not reformat it (reformatting is the chickens way out :haha:)

    I have printed out the instructions and will do them now.....it might take a bit of time though.

    Will post when I have done it all.

    Thanks

    Donna
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    It does take a while but well worth it

    ;)
     
  5. Donnamck

    Donnamck TS Rookie Topic Starter

    I am up to step 10 and the only thing I have run is Micro trend online virus scanner as in step 3....do I keep going?

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

    lol cancel that question....I just got a pop up grrrr ok going to finish the rest of the steps........
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    yes please complete the entire process without skipping anything, once you finish and post the logs somebody will be able to tell you what to do next.

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

    yes please complete the entire process without skipping anything, once you finish and post the logs somebody will be able to tell you what to do next.


    This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Donnamck

    Donnamck TS Rookie Topic Starter

    sorry I have not got back to you but I have been extremely busy. I will post the logs today.

    I have also started another thread but it is a different comuter with the same problem and didnt want to confuse to two

    ok here are the logs for my laptop and the CiD popup is still on it........

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
     
  8. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    1. Boot into safe mode under your normal user name. See how HERE
    2. Next turn on "Show all files and folders, including hidden and system". See how HERE

    3. Go to start > run and type msconfig. Press the enter key.
      Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

      book ante

    4. Go to start > run and type services.msc. Press the enter key.
      Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

      Viewpoint Manager Service

    5. Go to start > Control Panel > Add and Remove Programs.
      Remove anything related to the following:

      Viewpoint

    6. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Donna\APPLIC~1\ELSEPL~1\AXISNEW.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      Close HJT.

    7. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    8. Save this as CFScript on the desktop.
    9. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
      [​IMG]
    10. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    11. Reboot into normal mode and rehide your protected OS files.
    Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


    Regards,
    momok =)

    This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Donnamck

    Donnamck TS Rookie Topic Starter

    ok I done what you said but #3 I could not find book ante and #6 023 - Service: Viewpoint Manager Service was not their either.

    I did do the rest and here are the logs.


    Sorry Moderator if I done this wrong again
     
  10. momok

    momok TS Rookie Posts: 2,265

    Hi,

    No worries you're doing fine. Please download and run CCleaner via step 9 of the instructions HERE.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    1. Boot into safe mode under your normal user name. See how HERE
    2. Next turn on "Show all files and folders, including hidden and system". See how HERE

    3. Go to start > run and type msconfig. Press the enter key.
      Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

      face bin load show

    4. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
      O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Application Data\title tool face bin\pure intra.exe
      Close HJT.

    5. Navigate in Windows Explorer and delete the following files and folders in bold.

      C:\Documents and Settings\All Users\Application Data\title tool face bin

    6. Reboot into normal mode and rehide your protected OS files.
    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread. Do not copy and paste the logs.


    Regards,
    momok =)

    This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Donnamck

    Donnamck TS Rookie Topic Starter

    ok done that;

    could not find the files in #5 to delete.

    Here are new logs.

    I have made another thread about the same problem BUT it is a DIFFERENT computer.
     
  12. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Have HijackThis fix these entries:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O9 - Extra button: Shopping - {A8EA8602-BC2F-458E-A6F4-71FAD3D01E11} - http://www.ozeshopping.com.au (file missing) (HKCU)
    O9 - Extra button: OzEmail - {D0DB7E40-1BCE-4234-82D9-534BCDAC756A} - http://www.ozemail.com.au (file missing) (HKCU)

    Navigate in Windows Explorer manually and delete this file.
    C:\WINDOWS\Tasks\AD4DD40D918A47B5.job

    Other than that your system is clean now.
    1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    2. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    3. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    momok =)

    This thread is for the use of Donnamck only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Donnamck

    Donnamck TS Rookie Topic Starter

    Navigate in Windows Explorer manually and delete this file.
    C:\WINDOWS\Tasks\AD4DD40D918A47B5.job


    I cannot find this file....the only one that is in there like that is C:\WINDOWS\Tasks\AD4DD40D918A47B5

    it does not have the .job do I delete this file??

    I had a look in properties of that file and it said it had the .job on it so I deleted it and done the other steps.

    Just doing a defrag now .....thank you so very much for your patience and help with this.........

    now to get the stupid thing off my daughters computer...........

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
     
  14. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Yep you got it right, and you should be good to go =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...