TechSpot

I have had cid pop up removed, should I reformat ?

By kenaki
Aug 9, 2007
  1. My computer was infected with CID pop up, but I have tried to clean it with AVG anti virus and No lop. After that it seems working normally now (No more pop ups). I am wondering now, if it is completely cleaned or not. Should I reformat my computer considering I use this computer for banking and buying/paying purpose ? I am afraid of identity theft. What would you recommend : cleaning it or reformat it ?

    The only reason I am reluctant to reformat is because I am not very good in reinstalling the wireless connection. It's pretty troublesome for me. So if this spyware is not taking personal info, I would rather have it cleaned . Btw, when I searched and cleaned with AVG, the first search found some trojan virus but the 2nd and many more later shows nothing.

    Please help me decide...
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I'm sure that if you would run into trouble setting up your wireless connection, people here would be happy to help.

    You can read this thread to help you decide whether to clean or reformat.

    Regards :)
     
  3. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    I tried to post more info on this thread but somehow it doesn't show up. Anyway, this is my 3 rd attempt. I know from the thread that I am supposed to format and reinstall my computer but it is a real pain for me to do so. That's why I was actually expecting you to explain to me whether this cid spyware is stealing any info from my computer or just bugging us with pop up (which already stopped).

    I need a step to step guidance to make sure that my computer is perfectly cleaned up from any spyware/virus.

    What do I do first ?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The cid popup is an advertising trojan and as far as I`m aware, it poses no threat to your personal info. However, having said that, it`s possible your system is infected with other nasties that may well steal your private data/details etc.

    Given the fact that you use your computer for online banking etc, there is no way that anyone can guarantee 100% that your system is safe to use for such purposes.

    The best advice I can give you, is to post a HJT log as per the instructions HERE. I`ll take a look at it and see what if any infections appear on your system.

    The bottom line is, if you suspect backdoor trojans etc, a reformat and reinstall is called for as is contacting your financial institutions to let them know your system may have been compromised.

    Regards Howard :)

    This thread is for the use of kenaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    My log reports

    Hi Howard,

    Thanks for your reply. I have been spending the last two days following all the steps that you provided. Now I think I have done all the steps and here attached are the log results. Please take a look at them and inform me if my computer is free of any spyware/virus/trojan/malware or other nasties.

    The AVG antirootkit scan found nothing on my computer. As I mentioned before, that my computer is running fine, I just want to make sure because last time I didn't do it according to your steps but now I just did. Let me know if I still have to reformat my computer as I use this computer for internet banking too.

    Thank you so much. I really appreciate your help.


    Best regards,

    Ken
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything on your system that would be cause for a reformat. The only infection you have is the lop advertising trojan which is easily gotten rid of.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ISOAXIS.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKCU\..\Run: [IdolBurn] C:\DOCUME~1\DANIEL~1\APPLIC~1\THISFL~1\ISOAXIS.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\DANIEL~1\APPLIC~1\THISFL~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kenaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    My HJT log

    Thanks for your quick reply. I have followed your instruction but having a bit trouble trying to find and delete the path you showed me but I think I did delete it. Please take a look at the attached HJT log here and let me know if there is anything else I need to do.

    Ps : I am also attaching the VBG log which I didn't attach last time.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of kenaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    2 more things..

    Now that my computer is clean, my private date is safe right ? there is no possibility of any backdoor trojan virus that are not detected in the HJT log right ?

    Two things still bugs me though, my anti virus result shows :
    1. Reading error on boot sector of disk C
    2. C:\WINDOWS\system32\drivers\etc\hosts status is changed

    Are these normal ? How do I fix them if they are not normal.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Reading error on boot sector of disk C. <This is a problem with AVG, see HERE for details.

    2. C:\WINDOWS\system32\drivers\etc\hosts status is changed

    Open your hosts file in notepad and delete all entries except for 127.0.0.1 localhost, then close and save.

    As I said earlier in this thread. No one can guarantee 100% that your system is safe to use for online banking etc.

    I can`t see any signs of backdoor trojans in your log files, but that doesn`t necessarily mean your system is perfectly clean.

    If you`re at all unsure, your best course of action would be to reformat.

    Regards Howard :)

    This thread is for the use of kenaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Boot sector error

    so you are saying it's the problem with the AVG software NOT a real problem with my computer ? I read your link, that guy ran into another problem after following the instruction so I guess, it's better for me NOT to do anything to correct it and just leave it as is right ?

    I have deleted the other content of the host and just leave the one you told me to.

    Thanks.

    Ken
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s what I`m saying. You could always try using a different antivirus programme such as Avast.

    Regards Howard :)

    This thread is for the use of kenaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Thank you

    Alright then... thank you so much for all your help. I really appreciate it.
    I will post to this thread again if I have other problems. For now, I am good

    You did a good job bro..

    Ken
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...