TechSpot

CiD Popups/Long Slow Road Itch... How can I fix this?

By jfranke03
Dec 15, 2007
  1. I keep getting non-stop CiD popups on my computer. I've looked at some other posts on how to fix this but can't figure it out. I can't delete the folder 'Long Slow road itch' because it says its being used by another user or program but i've opened the task manager and cannot find where it would be in use?? Please someone help me get rid of these popups!!
     
  2. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    With the proper tools, this infection shouldn't be too hard to remove.

    First of all, go and read the Viruses/spyware/malware preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HijackThis, ComboFix, and AVG Anti-Spyware logs as attachments, only after doing the above.

    Please post the results of the Panda Anti-rootkit scan as well.

    Regards :)

    This thread is for the use of jfranke03 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    Well it took like two years, but I did what it said to :p

    Panda RootKits had nothing to show after the scan.

    And I added the other three attachments below. It's my first time doing this so if they didn't attach right let me know and I'll try again.

    Thanks!!
     
  4. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    crap, the AVG scan thing still had the NO ACTION TAKEN thing show up. I thought i changed it before the scan. How can I fix that?
     
  5. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    I think I figured out the quarentine problem. I'm running another scan.
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    After the AVG is done and before posting the log, run these two scans in order and attach their logs in the same post.

    Then run a fresh HijackThis scan and post that log also. Run HijackThis only AFTER everything else is done.

    ----------

    Please download Vundofix.exe to your desktop.

    * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish, sometimes it can take multiple passes

    ----------

    Download SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following:
    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, the Advanced Options Menu should appear;
    * Select the first option, to run Windows in Safe Mode, then press Enter.
    * Choose your usual account.
    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    *] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
    * Finally add the contents of the Report.txt in your next post as an Attachment with a new HijackThis log
     
  7. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    NVM, the new scan did the same thing. Did I do it right that first time? If so, what now?
     
  8. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    OK, I'll do those things.
     
  9. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    Panda Anti-Rootkits -- NOTHING
    VundoFix -- NOTHING
    AVG Scan -- NOTHING
    ComboFix -- Posted Above

    HijackThis and SDFix attached.


    hope you can help!
     
  10. evilfantasy

    evilfantasy Banned Posts: 428

    Disable Spybot's TeaTimer

    First:
    [*] Right click
    • Spybot in the System Tray (looks like a calendar with a padlock symbol)
    • Choose Exit Spybot S&D Resident
    Second:
    • Open Spybot S&D
    • Click Mode, check Advanced Mode
    • Go To Left Panel, Click Tools, then also in left panel, click Resident
    • If your firewall raises a question, say OK
    • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.

    Open HijackThis and select Do a system scan only then place a check mark next to:

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)

    Close all windows and click Fix checked

    ----------

    Please download ATF Cleaner by Atribune. ATF Cleaner.exe

    Make sure that all browser windows are closed.
    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All and UNCHECK Cookies.
    * Click the Empty Selected button.

    If you use Firefox browser
    * Click Firefox at the top and choose: Select All and UNCHECK Cookies.
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    * Click Opera at the top and choose: Select All and UNCHECK Cookies.
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    ----------

    Download Superantispyware (SAS) SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment along with a new HijackThis log in the next post.

    ----------

    Next post please attach
    SUPERAntiSpyware log
    New HijackThis log
     
  11. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    here's those two logs.
     
     
  12. evilfantasy

    evilfantasy Banned Posts: 428

    There are two firewalls and maybe two antivirus on the computer. Pick one of each and uninstall the other. It is unnecessary.

    ----------

    Open HijackThis and select Do a system scan only and place a check mark next to:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O4 - HKCU\..\Run: [wipewarn] C:\DOCUME~1\JAMESF~1\APPLIC~1\ITCHPL~1\Mess Admin.exe


    Close all windows and click Fix checked.

    ----------

    Now download The Avenger By Swandog46, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the Input script manually box.
    * Click on the Magnifying Glass Icon which will open a new window titled View/edit script
    * Copy everything in the Quote box below, and paste it in the box that opens:

    Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system

    * Now click the 'Done' button.
    * Click on the Green Light and OK the prompt.
    * You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    The Avenger will automatically do the following:

    * It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    Please attach the C:\avenger.txt in your next post.

    ----------

    Next post please attach the avenger log and let us know how the computer is running now.
     
  13. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    Here's the Avenger attachment and everything seems to be working great now!!!
    Anything else I need to do? If not, thanks so much for all your help.
     
  14. evilfantasy

    evilfantasy Banned Posts: 428

    Sorry, I need another HijackThis log also.
     
  15. jfranke03

    jfranke03 TS Rookie Topic Starter Posts: 17

    here ya go...
     
  16. evilfantasy

    evilfantasy Banned Posts: 428

    Have HijackThis fix this entry.

    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    ----------

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u

    [​IMG]

    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

    ----------

    Let's clear out the programs we've been using to clean up your computer, they are not suitable for
    general malware removal and could cause damage if launched accidentally.

    Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.

    1. Double click OTMoveIt.exe to launch it.
    2. Click on the CleanUp! button.
    3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. You will be prompted to allow the clean up procedure, click Yes
    5. When finished exit out of OTMoveIt

    ----------

    If anything else comes up just let us know.

    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

    Safe surfing......
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.