CiD popups

[Mark Needham]

Hello,

I'am a new member just signed up today after reading some previous threads. I am having the CiD popups in Internet Explorer and wish to get rid of them. I know that you have helped others and I am hoping you can help me. I have followed Howard's instructions step 1 to 13 and enclose the logs for HJT, AVG Antispyware and Combofix logs.

The AVG Antirootkit did not find anything.

PS Step 8, the Ad-Aware SE Personal link is missing, but I found it doing a Google search.

Regards
Mark Needham

 

[momok]

Hi,

Hello and welcome to techspot. =)
Thank you for informing us about the missing link.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.

Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

RULE INTERNET.exe
Narrator.exe

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

RULE INTERNET.exe
Narrator.exe

Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WipeExitMapiBits] C:\Documents and Settings\All Users.WINDOWS\Application Data\TitleLocksWipeExit\RULE INTERNET.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.
C:\Documents and Settings\All Users.WINDOWS\Application Data\TitleLocksWipeExit\ <- delete the entire folder and its contents.

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.

Also, I need you to visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
Click Open

Please let me know the results.


Regards,
Your friendly Momok =)

 

[Mark Needham]

Hi Momok,

Thanks very much for your reply, those CiD popups are now a thing of the past!

I have attached a new log for HJT and AVG Antispyware.

The scan from virusscan.jotti.org found nothing on the file secstat.exe
When going onto its properties it is a Symantec file. Its Description is Security Status Server and its Product Name is Norton Internet Security Status Helper.

One other thing, my son is going to get a laptop for when he goes to university. What would you suggest for antivirus, antispy, etc.

Thanks once again for the help and for being so quick with a response.

Regards
Mark

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log is clean.

Run the Ccleaner programme as per step9 of the instructions HERE.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Here is a list of security programmes I recommend.

AVG free or Avast antivirus programmes.

Zonealarm or Kerio free firewall programmes.

Spybot Search & Destroy.

Ad-Aware se personal.

Spyware Blaster.

AVG Antispyware.

Ccleaner.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :wave: :wave:

This thread is for the use of Mark Needham only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Mark Needham]

Everything is working fine.

Thanks for all the help and information.

Regards
Mark