Help with CiD virus!

Status
Not open for further replies.
Hello, i have CiD popup virus on my PC,i've run my NOD32 in normal and safe modes-but it finds nothing, could anyone help me please?

Below is my HijackThis log:

(This is a half of log only-another half is in a next post)

Thank You!
Moderator Edit: Do not copy and paste the logs as it is against the rules of this forum.
 
Hi SARMAK06 and welcome to techspot. =)

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please do the following.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Alcmtr
DownloadDefyExtraBird
Win Browse


Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:

Give4Free Plugin
IE7Pro


After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DownloadDefyExtraBird] C:\Documents and Settings\All Users\Application Data\MfcdLocksDownloadDefy\creative warn.exe
O4 - HKCU\..\Run: [Win Browse] C:\DOCUME~1\Toshiba\APPLIC~1\SENDPL~1\grim stupid.exe

O8 - Extra context menu item: Закачать &все при помощи ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Закачать при помощи Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

Close HJT.


Navigate in Windows Explorer and delete the following files and folders in bold.

C:\Documents and Settings\All Users\Application Data\MfcdLocksDownloadDefy\
C:\DOCUME~1\Toshiba\APPLIC~1\SENDPL~1\grim stupid.exe
C:\Program Files\Give4Free Plugin\
C:\Program Files\IE7Pro\
C:\Program Files\ReGetDx\
C:\WINDOWS\ALCMTR.EXE

Reboot into normal mode and rehide your protected OS files.

Next, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of SARMAK06 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you for quick reply,I did everything as you said.My antivirus(NOD32) and AVG anti-rootkit didn't find anything.So far there is no problem,hope it's gone. Logs are attached.
Thank You
 

Attachments

  • AVG_antispyware.txt
    2.3 KB · Views: 5
  • hijackthis.log
    10.9 KB · Views: 6
Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of SARMAK06 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hello, i have the same issue as sarmak06, i get CID disney adds on mi computer all the time I pone fireFox. could you help me to??
 
This thread was intended for the use of the original poster ONLY.

I see that you made your own thread so will help you there. Wanted to post the above so that future people with this infection will make their own thread when this is found through google
 
Hi, Te-Kes

I was looking for a remedy for CiD and found this site. I have had successfuly removed this type of virus before on, Win3.2, Win95, Win98, and XP and now with Vista. I went through the whole process as stated, I didn't find any of these files. So then I looked over and over in C:\ProgramFiles, and found a Directory/File under CiD. Entred this directory, it had an uninstall CiD. Ran that uninstall from that file, and so far it has removed all the CiD interuptions. Thanks for momok and the TechSpot, and CiD people who installed an easy way to totally remove CiD.

Thanks

Gabrillio
 
Status
Not open for further replies.
Back