Cid problem
- Thread starter kov
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
The Cid popups are only one of the problems
We need to fix the major problems first
Run Smitfraudfix
----------------------------------------------------------------
We need to fix the major problems first
Run Smitfraudfix
- Download Smitfraudfix by S!ri from HERE
- Double-click SmitfraudFix.exe
- Select 1 and hit Enter
- The report can be found at the root of the system drive, usually at C:\rapport.txt
----------------------------------------------------------------
Blind Dragon
Posts: 3,774 +4
Not yet
Run Smitfraudfix
Run Smitfraudfix
- Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
- Double-click SmitfraudFix.exe
- Select 2 and hit Enter to delete infected files.
- You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
- A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Blind Dragon
Posts: 3,774 +4
Disable Windows Defender
Combofix
Combofix will automatically save the log file to C:\combofix.txt
- Launch Windows Defender
- Click on "Tools"
- Click on "General Settings"
- Scroll down to "Real-time protection options"
- Uncheck "Turn on Real-time protection (recommended)"
- Click "Save"
Combofix
- Download Combofix to your desktop.
- Double click combofix.exe & follow the prompts.
- A window will open with a warning.
- When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Combofix will automatically save the log file to C:\combofix.txt
Blind Dragon
Posts: 3,774 +4
click the help options next to the big question mark, in the drop down box click Exit windows defender
Blind Dragon
Posts: 3,774 +4
before I continue did you install gaurdian monitor?
Description of : Guardian monitor is a monitoring tool that can be abused and used to capture and record keystrokes, downloaded files from peer to peer applications, chat transcripts, and instant messages. It can be customized to run in stealth mode threatening users’ privacy especially when it is used to snoop on sensitive data such as login usernames and passwords.
Description of : Guardian monitor is a monitoring tool that can be abused and used to capture and record keystrokes, downloaded files from peer to peer applications, chat transcripts, and instant messages. It can be customized to run in stealth mode threatening users’ privacy especially when it is used to snoop on sensitive data such as login usernames and passwords.
Blind Dragon
Posts: 3,774 +4
**P2P programs = Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. see http://spywarewarrior.com/viewtopic.php?t=26216
-----------------------------------------------------------------------------
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
-----------------------------------------------------------------------------
In case I leave do this next step.
Malwarebytes' Anti-Malware
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. see http://spywarewarrior.com/viewtopic.php?t=26216
-----------------------------------------------------------------------------
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
-----------------------------------------------------------------------------
In case I leave do this next step.
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Blind Dragon
Posts: 3,774 +4
Disable McAfee VirusScan ScriptStopper feature by:
Then please try the combofix script again
- Right-mouse click the McAfee VirusScan icon in the system tray.
- Select VirusScan then click Options.
- Click the Advanced button and then click the ScriptStopper tab.
Note: McAfee VirusScan 10 users, click the Exploits tab.
- Make sure Enable ScriptStopper (recommended) option is de-selected.
- Click OK and then click OK to complete disabling McAfee ScriptStopper feature.
Then please try the combofix script again
Blind Dragon
Posts: 3,774 +4
Ok, try booting into safe mode (tap F8 before windows loads) then dragging the script into combofix as shown below
- Status
Similar threads
