TechSpot

Cid problem

By kov
Jun 14, 2008
  1. hey, recently got infected with cid regestered because i dont have a clue how to detect it here is the log file.
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    The Cid popups are only one of the problems

    We need to fix the major problems first

    Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Double-click SmitfraudFix.exe
    • Select 1 and hit Enter
    • The report can be found at the root of the system drive, usually at C:\rapport.txt

    ----------------------------------------------------------------
     
  3. kov

    kov TS Rookie Topic Starter

    here is the log do you want anothe hijackthis log?
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Not yet

    Run Smitfraudfix
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
     
  5. kov

    kov TS Rookie Topic Starter

    here is the report
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Disable Windows Defender
    • Launch Windows Defender
    • Click on "Tools"
    • Click on "General Settings"
    • Scroll down to "Real-time protection options"
    • Uncheck "Turn on Real-time protection (recommended)"
    • Click "Save"



    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  7. kov

    kov TS Rookie Topic Starter

    i dont have a genral settings tab in defender im running on vista is that different somehow?
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    click the help options next to the big question mark, in the drop down box click Exit windows defender
     
  9. kov

    kov TS Rookie Topic Starter

    here is the log entrys
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    before I continue did you install gaurdian monitor?

    Description of : Guardian monitor is a monitoring tool that can be abused and used to capture and record keystrokes, downloaded files from peer to peer applications, chat transcripts, and instant messages. It can be customized to run in stealth mode threatening users’ privacy especially when it is used to snoop on sensitive data such as login usernames and passwords.
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    **P2P programs = Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. see http://spywarewarrior.com/viewtopic.php?t=26216

    -----------------------------------------------------------------------------

    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    -----------------------------------------------------------------------------

    In case I leave do this next step.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
     
  12. kov

    kov TS Rookie Topic Starter

    here are the logs
     
  13. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Disable McAfee VirusScan ScriptStopper feature by:
    1. Right-mouse click the McAfee VirusScan icon in the system tray.
    2. Select VirusScan then click Options.
    3. Click the Advanced button and then click the ScriptStopper tab.

      Note: McAfee VirusScan 10 users, click the Exploits tab.
    4. Make sure Enable ScriptStopper (recommended) option is de-selected.
    5. Click OK and then click OK to complete disabling McAfee ScriptStopper feature.



    Then please try the combofix script again
     
  14. kov

    kov TS Rookie Topic Starter

    here are the logs
     
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, try booting into safe mode (tap F8 before windows loads) then dragging the script into combofix as shown below

    [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...