TechSpot

Help with CiD virus!

By SARMAK06
Jun 19, 2007
Topic Status:
Not open for further replies.
  1. Hello, i have CiD popup virus on my PC,i've run my NOD32 in normal and safe modes-but it finds nothing, could anyone help me please?

    Below is my HijackThis log:

    (This is a half of log only-another half is in a next post)

    Thank You!
    Moderator Edit: Do not copy and paste the logs as it is against the rules of this forum.
  2. momok

    momok Newcomer, in training Posts: 2,272

    Hi SARMAK06 and welcome to techspot. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please do the following.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Alcmtr
    DownloadDefyExtraBird
    Win Browse


    Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    Give4Free Plugin
    IE7Pro


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
    O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Program Files\Give4Free Plugin\ibho.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DownloadDefyExtraBird] C:\Documents and Settings\All Users\Application Data\MfcdLocksDownloadDefy\creative warn.exe
    O4 - HKCU\..\Run: [Win Browse] C:\DOCUME~1\Toshiba\APPLIC~1\SENDPL~1\grim stupid.exe

    O8 - Extra context menu item: Закачать &все при помощи ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: Закачать при помощи Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\Documents and Settings\All Users\Application Data\MfcdLocksDownloadDefy\
    C:\DOCUME~1\Toshiba\APPLIC~1\SENDPL~1\grim stupid.exe
    C:\Program Files\Give4Free Plugin\
    C:\Program Files\IE7Pro\
    C:\Program Files\ReGetDx\
    C:\WINDOWS\ALCMTR.EXE

    Reboot into normal mode and rehide your protected OS files.

    Next, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of SARMAK06 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. SARMAK06

    SARMAK06 Newcomer, in training Topic Starter

    Thank you for quick reply,i did everything as you said.My antivirus(NOD32) and AVG anti-rootkit didn't find anything.So far there is no problem,hope it's gone. Logs are attached.
    Thank You

    Attached Files:

  4. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Your logs look clean now.

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of SARMAK06 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. SARMAK06

    SARMAK06 Newcomer, in training Topic Starter

    Thank You Very Much!
  6. RaFa XD

    RaFa XD Newcomer, in training

    hello, i have the same issue as sarmak06, i get CID disney adds on mi computer all the time I pone fireFox. could you help me to??
  7. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    This thread was intended for the use of the original poster ONLY.

    I see that you made your own thread so will help you there. Wanted to post the above so that future people with this infection will make their own thread when this is found through google
  8. gabrillio

    gabrillio Newcomer, in training

    Hi, Te-Kes

    I was looking for a remedy for CiD and found this site. I have had successfuly removed this type of virus before on, Win3.2, Win95, Win98, and XP and now with Vista. I went through the whole process as stated, I didn't find any of these files. So then I looked over and over in C:\ProgramFiles, and found a Directory/File under CiD. Entred this directory, it had an uninstall CiD. Ran that uninstall from that file, and so far it has removed all the CiD interuptions. Thanks for momok and the TechSpot, and CiD people who installed an easy way to totally remove CiD.

    Thanks

    Gabrillio
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.