CiD popup virus thing... Having major Problems

Status
Not open for further replies.

wolver

Posts: 17   +0
So i was downloading somthing from limewire. SImply put when i opened the file i got a trojan. I don't have limewire anymore, or the program i downloaded. I wont be doing that again. I run MacAfee virus control center and it caught the trojan right away and told me it got rid of it. Immedietly after i ran a scan and it fond nothing. The message told me it got rid of it.
Problem is, now i am getting strange CiD pop ups every so often, even when the firewall is completly locked, except all i got it a blank internet box.

Virus Scanners

I have ad-aware, AVG and MacAfee. I am still waiting on the AVG, but so far Ad Aware found seventeen things, and MacAfee foind nothing but i am still getting the popups.

Things i have tried.

I have defragged, used all three virus scanners, disk cleanup, got rid of all "iffy" programs.

Other Issues

I'm not very techy so i dont understand alot of computer mumbo jumbo, but i do know a fair bit.

Computer

New, 3 month old Acer Laptop


I'm not sure entirely what would be needed here so if you need anything i can tell you, just ask.

Please, i need some help, these popups are driving me crazy.

Thanks, Wolver.
 
First of all if you remember the name of the trojan that is always helpful but if not thats ok too.

First
Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
    ***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***


Second
Generate Uninstall List

  • 1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.


Third
1)Uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Netpumper
BitRoll
Browser Enhancer
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Lop.com
LOP SEARCH
Messenger Plus
Ultimate Browser Enhance
Window Search
Window Searching
Zone Media


2)Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.

3)The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.

4)If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.

5)Reboot your computer

6)Run another scan with Hijackthis and attach a new log



After you generate an uninstall list and run the initial scan with Hijackthis post those two items here as attachments using the attach icon above your reply (looks like a paperclip) Then proceed to the third instruction uninstalling anything on the list
 
oh wow

Oh wow, thanks, i'll try that right away. MacAfee has a log feature so i found the names of the Two yes Two trojans i apparently had, so i will put them down, as well as their "status"

Virus~~~~~~~~~~~~~~~~~~~~~~~~~~Status
1. Generic QHosts.c (Trojan)~~~~~~~~~~~~Repaired
2. Downloader.gen.a (Trojan)~~~~~~~~~~~Repaired (Removed)

Also, thank you. I'll try what you said and get back. If you need anymore info let me know.:)
 
HJT log

Hope you can open it, not very good at this yet.

Also, i found CiD Help on my system, none of hte others. I will attach the new log on the next post, sorry for all the posts.
 
Last HJT log file

Like i said, sorry about all the posts, im not very good at this yet, but i have done everything you have asked. Thank again. Lets hope it works!:)
 
Ok, so was one log before removing Cid helper and one after, because at least 1 bad entry is gone from the second log. What happened in between.

If you read my post carefully.
After you generate an uninstall list and run the initial scan with Hijackthis post those two items here as attachments using the attach icon above your reply (looks like a paperclip) Then proceed to the third instruction uninstalling anything on the list

Not a big deal, but I need to know what you are doing in between instructions

and I still haven't seen the uninstall list -> #2 in my last post
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
To make this easier - you can attach multiple files to the same post.

Upload a File to Virustotal
Please visit Virustotal found HERE
  • Click the Browse... button
  • Navigate to the file C:\WINDOWS\system32\oopmagent.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.

You may or may not have to do this part when uploading the file to virustotal
Show hidden files through windows explorer
  • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
  • On the Tools menu in Windows Explorer, click Folder Options
  • Click the View tab.
  • Under Hidden files and folders, click Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
:multiple Anti Virus programs:

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    McAfee
    AVG

    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    I recommend to remove one of them. If you really want to keep both of them we can but you need to disable real time protection on one of them. They are both running everytime you start your computer.
 
All instructions were followed in order, 1st, 2nd, 3rd 4th. I was reading through and did as you said, the bottom section you quoted I read after everything else was already done.

Ok so i missed a HJT log? ok ill run it now and post it on this post.

Exact Results from Virustotal

File has already been analysed:
MD5: 9fed8e2d33238fbdfde83678b5ceac8e
Date: 11.20.2007 22:56:54 (CET) [>106D]
Results: 1/32
Permalink: analisis/a590360925b5d2793fe875b4f298665e

Anti Virus

AVG was only added today. I added it to see if it could catch somthing my other one couldn't, a suggestion of a freind. I did not know it took up so much memory, i will take it off soon, probably after this whole CiD problem is solved. Thanks

Ok, so i hope i got everything, sorry for the inconviences.
 
can you post the rest of the result from VirusTotal

Then we can proceed with the fix

Also I have the Hijackthis log already but not the uninstall list
Generate Uninstall List

  • 1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
 
Ok ya, sorry i thought i had it all.

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Additional information

MD5: 9fed8e2d33238fbdfde83678b5ceac8e
SHA1: a5cf733bbddd0a5cae20b958d12c0100a5a69507
SHA256: 5bd3993bf28462935d270d652251655520df65d8fdefaa04dd65cbe3df5abcde
SHA512: cb7cdefd5bae00ece2d05482d2bde73607c7fad1ee30c110c781acc0cc6d9540 55d3e876cf07a6539f218e1528ed057ae2911c3dc72db120797434f5460b1f42


Ok, i didn't know which list you wanted, here it is, sorry about that.
 
ok it looks like uninstalling through add/remove cleaned up the entries from Hijackthis log. Are you stilling getting popups, if so is it in Internet explorer only?

Lets clean up a few things also.

Launch Hijackthis and select Do a System Scan Only and put a check mark next to:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Select Fix Checked
-----------------------------------------------------------------------------------------------------------
Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 3


If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
 
Sweet, i haven't gotten another one since we deleted that CiD helper thing, no more porn on my computer!:haha: Glad thats over.

Thank you for helping me out here, i thought my only option would be to reformat, and I have lot of stuff i can't just get rid of, assignments and other things.

Also thanks for helping me clean up my system too.

Thanks alot, Wolver. :)
 
Status
Not open for further replies.
Back