TechSpot

CiD Virus - problems with preliminary removal

By untitledself
May 1, 2007
Topic Status:
Not open for further replies.
  1. CiD Virus AVG Antispyware, Combofix, and HijackThis logs

    UPDATE:
    I couldn't run the programs in Safe Mode, but I ran them in normal mode. I'm attaching the AVG Antispyware, Combofix, and HijackThis logs. The AVG Antirootkit scan didn't find anything.



    ORIGINAL POST:
    Hi, I have the CiD Virus and have tried to follow the instructions in the "Viruses/Spyware/Malware, preliminary removal instructions" thread. I've run into a few problems. The first is that VundoFix didn't work for me or I was too impatient, but it took a really long time scanning. Is this normal? I skipped it and continued on. I got stuck, however, on step 13 when I tried to run SS&D and it gave me the error:

    "There is no disk in the drive. Please insert a disk into drive \DEVICE\HARDDISK1\DR1"

    I also always get this error:
    "A Runtime Error has occured.
    Line 147
    Error: "menu.filters.0" is null or not an object"


    I've attached the HijackThis log.

    Hope someone can help!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    style creative.exe
    Dentthedata.exe
    GMT.exe
    jinit.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Settingsroamdenthole] F:\Documents and Settings\All Users\Application Data\DefyProxySettingsRoam\style creative.exe

    O4 - HKCU\..\Run: [Dumb Date] F:\DOCUME~1\ANCAMA~1\APPLIC~1\CORNGR~1\Dentthedata.exe

    O4 - Global Startup: GStartup.lnk = F:\Program Files\Common Files\GMT\GMT.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra button: @Home - {4CE1D3E8-DF96-479F-8890-7298041A24A3} - http://www/ (file missing) (HKCU)

    O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab

    O16 - DPF: {9A5A6B87-B458-47EF-8284-E0EE52877BAD} (CDWeb SmarTimers ActiveX) - http://w3.cdt.ops.tdbank.ca/ActiveX/CDWebAxLib.cab

    O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://ssora.tdbank.ca/forms/jinitiator/jinit.exe

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tdbank.ca,ctwan.com

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 49.10.69.10 49.10.68.10

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tdbank.ca,ctwan.com

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 49.10.69.10 49.10.68.10

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tdbank.ca,ctwan.com

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 49.10.69.10 49.10.68.10

    Only fix the above 017 entries, if they don`t belong to your ISP or you don`t recognise the domain.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    F:\Documents and Settings\All Users\Application Data\DefyProxySettingsRoam<Delete the entire folder.
    F:\DOCUME~1\ANCAMA~1\APPLIC~1\CORNGR~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of untitledself only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. untitledself

    untitledself TS Rookie Topic Starter

    oops, you've answered in the meanwhile. i will do everything you've mentioned and then repost everything!

    thanks!!!

    Okay, here are the HJT, AVG Antispyware and Combofix logs. The AVG Antirootkit scan was fine.

    I guess there is still a problem, though, because AVG Antispywave quarantied two of the high threat viruses, but they re-appeared in the second scan. But I don't have random casino and porn ads showing up anymore every time I open a page, though, so I guess that's pretty good!

    :)

    p.s. yes, I recognize and need the 017 entries.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    delete all files in AVG Antispyware quarantine.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of untitledself only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. untitledself

    untitledself TS Rookie Topic Starter

    great! thanks so much! i really appreciate it.

    :)

    I do, however, get this error still:

    "A Runtime Error has occured.
    Line 147
    Error: "menu.filters.0" is null or not an object"

    I have twice since I've been on this site. Is that unrelated?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.