TechSpot

I think I have a lot of viruses

By noobkiller69
Oct 19, 2009
  1. Theses pass few month my computer slowed down and lag alot. When i use Mozilla Firefox or Internet Explorer a pop-up called CiD keeps poping up. Ths is very annoying cause it happen every 5 minutes. Could someone please review the attachment and give me some feedback?
     
  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    You have a program error. Something needs to be removed and reinstalled.
    I see no viruses or other infestations.
    You can probably figger out the problem software by clicking on that pop-up.
     
  3. momok

    momok TS Rookie Posts: 2,265

    @noobkiller69: You definitely have malware on your system.

    CiD popups are a common infection with several users.

    This in your hijackthis log for example, is bad:
    O4 - HKCU\..\Run: [Coal 4] C:\DOCUME~1\USER\APPLIC~1\ENCFOR~1\ballhopedraw.exe

    @Ray: please do not give such resolute conclusive advice when you do not read all the logs, or do not know how to read HijackThis logs. You should have seen enough on the forums to realise CiD popups are an infection, and clicking on the popup is going to lead the user to bad sites and more infections.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, noobkiller. I'll help you find and remove the malware on your system.

    The CiD Pop-up is a browser hijacker that was downloaded and installed by Adware.Lop. It displays excessive advertisements on infected computer and modifies Internet Explorer settings.This isn't a virus or spyware, but is considered a PUP which is a 'potentially unwanted program.

    First, let me make if clear that you should never click on an unknown pop-up! Never.

    Please follow my instructions below. Run programs in the order that I have them. Don't install, uninstall, download anything else unless I instruct you to do so.

    Please update and run a full system scan with AVG AV and clean/delete all infected files. Save log and attach to new reply.

    • [1] Download NoLop from HERE and save to your desktop.

      [2]Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER

      [3] Double-click to run NoLop.exe on your desktop

      [4] Click the button "Search and Destroy." It will searched for infected files on your computer.

      [5] Click "Reboot" if it finds infected files and prompt you to do so.

      [6] After rebooting the computer, NoLop will prompt for another action, if not please re-run the program again to complete the process.
    Close the program.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Rescan with HijackThis when through. Paste in new HJT log.
    Attach all other logs and reports.
     
  5. noobkiller69

    noobkiller69 TS Rookie Topic Starter Posts: 17

    So far, so good! No more CiD popped up lately and my computer speed nearly back to normal without lag. Thank you for your expert help!

    I don't know how to save a log from AVG AV 8.5, so it not attached here. Sorry.

    EDIT: The pop-up still appear
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, so you came back in an did an Edit saying trhe CIP pop-up reappeared? It that correct?

    I'd like you to run a more up to date LOP program. The one I gave you is an older version (sorry) and it didn't pick up the LOP entries:

    It is best to disable the antivirus and malware programs for the scan; you'll re-enable them after the scan

    Download Lop S&D and save to your desktop.


    • [1] Double-click Lop S&D.exe
      [2] Choose the language, then choose Option 2 (Fix + Hosts)
      [3] Wait till the end of the scan
      [4] Attach the log which is created: (%SystemDrive%\lopR.txt)

    Edit to add:
    Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

    A report should pop open for you. Please post the contents in your next reply.

    Rescan with HijackThis and paste the log in your next reply.
     
  7. noobkiller69

    noobkiller69 TS Rookie Topic Starter Posts: 17

    Do I have to rerun all the other things like combofix and AVG AV
     
  8. kritius

    kritius TS Guru Posts: 2,084

    No. Just run what you were asked.
     
  9. noobkiller69

    noobkiller69 TS Rookie Topic Starter Posts: 17

    Okay I ran the new Lop S&D and so far so good. No CiD pop-up has pop-up. If there's anymore CiD pop-up I'll edit this reply.
     
  10. kritius

    kritius TS Guru Posts: 2,084

    Just going to do this bit for Bobbye,

    Fix this entry in HijackThis,

    O4 - HKCU\..\Run: [Coal 4] C:\DOCUME~1\USER\APPLIC~1\ENCFOR~1\ballhopedraw.exe

    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      
      :Services
      
      :Reg
      
      :Files
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen
      C:\DOCUME~1\USER\My Documents\Installer\keygen.exe
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen\issdm_en_32.exe
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen\Keygen
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen\Serials.txt
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen\Keygen\file_id.diz
      C:\DOCUME~1\USER\My Documents\Installer\CA Security Suite2008+Genuine Serials+Keygen\Keygen\keygen.exe
      C:\DOCUME~1\USER\My Documents\Installer\Nero 7.10.1.0\Keygen.exe
      C:\DOCUME~1\USER\My Documents\Installer\Norton Internet Security 2009 v16.0.0.125\Crack
      C:\DOCUME~1\USER\My Documents\Installer\Norton Internet Security 2009 v16.0.0.125\Crack\Norton_TrialReset_1.5V.exe
      C:\DOCUME~1\USER\APPLIC~1\ENCFOR~1
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
      
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you kritius. You help is always welcome.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...