CiD popups and iexplore.exe using 95% system mem without using IE
- Thread starter yarrrheal
- Start date
- Status
Hi yarrrheal and welcome to TechSpot
You will need to follow the following recommendations first
Viruses/Spyware/Malware, preliminary removal instructions
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
With files like B.exe in you Windows folder, you are most certainly infected !
You will need to follow the following recommendations first
Viruses/Spyware/Malware, preliminary removal instructions
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
With files like B.exe in you Windows folder, you are most certainly infected !
Blind Dragon
Posts: 3,774 +4
Need to tighten up security, but first - do you still use Norton AV?
Also I need to see
Generate Uninstall List
Also I need to see
Generate Uninstall List
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Blind Dragon
Posts: 3,774 +4
- Click the following link
Java Runtime Environment 6 Update 6 - The 5th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder
Uninstall these from control panel -> Add/remove programs
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Messenger Plus! Live & Sponsor (CiD)
After uninstalling messenger plus sponsor'
1)Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.
2)The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.
3)If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
4)Reboot your computer
5)Run another scan with Hijackthis and attach a new log
Blind Dragon
Posts: 3,774 +4
That should help, but you still have infections on there
Malwarebytes' Anti-Malware
Remove Viewpoint
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Remove Viewpoint
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
- Click Start, point to Settings, and then click Control Panel.
- In Control Panel, double-click Add or Remove Programs.
- In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:- Open AOL
- Go to Help on the toolbar
- Select About AOL
- Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Blind Dragon
Posts: 3,774 +4
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Also attach a fresh Hijackthis afterwards.
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Also attach a fresh Hijackthis afterwards.
Blind Dragon
Posts: 3,774 +4
Upload a File to Virustotal
Please visit Virustotal found HERE
--------------------------------------------------------------------------------------
Launch Spybot -> click on the Recovery Icon -> Highlight everything and select the red X that says purge.
------------------------------------------------------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Platform bows.exe
O4 - HKCU\..\Run: [CakeTest] C:\Document~1\Owner\APPLIC~1\GRIMEQ~1\Store Vc.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Documents and Settings\All Users\Application Data\great coal love default
C:\Documents and Settings\Owner\Application Data\GRIMEQ~1 <- check this one, it will have a longer name
-----------------------------------------------
FileASSASSIN
------------------------------------------------
Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.
1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
* When finished exit out of OTMoveIt2
-----------------------------------------------------
clear system restore points
---------------------------------------------------------------------
After all of this run another Kaspersky and attach the log along with the result from VirusTotal
Please visit Virustotal found HERE
- Click the Browse... button
- Navigate to the file C:\Windows\System32\NeroCheck.exe
- Click the Open button
- Click the Send button
- Copy and paste the results back here please.
--------------------------------------------------------------------------------------
Launch Spybot -> click on the Recovery Icon -> Highlight everything and select the red X that says purge.
------------------------------------------------------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Platform bows.exe
O4 - HKCU\..\Run: [CakeTest] C:\Document~1\Owner\APPLIC~1\GRIMEQ~1\Store Vc.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Documents and Settings\All Users\Application Data\great coal love default
C:\Documents and Settings\Owner\Application Data\GRIMEQ~1 <- check this one, it will have a longer name
-----------------------------------------------
FileASSASSIN
- Launch Malwarebytes' Anti-Malware
- Select the More Tools Tab
- Under FileASSASSIN select Run Tool
- Navigate to C:\Program Files\DAEMON Tools Lite\SRSAI.exe
- Press Open
------------------------------------------------
Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.
1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
* When finished exit out of OTMoveIt2
-----------------------------------------------------
clear system restore points
This is a good time to clear your existing system restore points and establish a new clean restore point:- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Choose the option to clean up system restore and OK it.
---------------------------------------------------------------------
After all of this run another Kaspersky and attach the log along with the result from VirusTotal
Blind Dragon
Posts: 3,774 +4
Good deal. You now have a nice clean restore point set also.
Let me know if anything else comes up.
Regards,
BD
Let me know if anything else comes up.
Regards,
BD
Vundo strikes again
Okay, so this is my issue this time. I have come back home for a while to visit and the "family" desktop really just hasn't been taken care of at all. Hasn't been cleaned in probably a year, no av, no firewall (NAT or software), no anything. The only thing it is used for is playing games. They have lost the OS install disks and the restore disks.
Vundo is the main culprit I know of, though I highly suspect there may be more.
I would be very happy if you guys could help.
Thanks for your time.
Okay, so this is my issue this time. I have come back home for a while to visit and the "family" desktop really just hasn't been taken care of at all. Hasn't been cleaned in probably a year, no av, no firewall (NAT or software), no anything. The only thing it is used for is playing games. They have lost the OS install disks and the restore disks.
Vundo is the main culprit I know of, though I highly suspect there may be more.
I would be very happy if you guys could help.
Thanks for your time.
- Status
Similar threads
