TechSpot

Need help with CiD Virus

By Ruby202
Aug 12, 2008
  1. Hey, finally got the new thread, i really need help with this virus, nothing seems to be working, ive tried loads of different spyware programmes but the popups keep coming up and threats coming to my computer, im desperate now to try and get it away its hard to do work on the comp when they slow it down badly

    thanks
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    hey

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Come back here to this thread and Attach the log in txt format your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    to attach the file click on advance the go down and click on manage attachments select what you want to attach the click on upload
     
  3. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    there u go =)
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]C:\Documents and Settings\All Users\Application Data\SoftLand Ltd[/b][code]
      
      [*] Return to OTMoveIt2, right click in the [b]"Paste List of Files/Folders to Move"[/b] window (under the light [color="#FFFF00"][b]Yellow[/b][/color] bar) and choose [b]Paste[/b].
      [*]Click the red [b]Moveit![/b] button.
      [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
      [*]Close [b]OTMoveIt2[/b]
      [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
      
      [color=red]After that, [b]Reboot[/b][/color], and post a new HijackThis log here in a reply
     
  5. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    Im not sure if i did it right because it didnt seem to work, but here are the logs to show you =)
    the popups have nerly gone, ive only had one or two yesterday and none today so far
    thanks
     
  6. runekey

    runekey TS Rookie

    Yes. I having the same problem now. (PLEASE HELP ME)

    But just wondering, did you already go to "ad/remove programs" and search for "CiD" or any programs with "SPONSOR" in the title (IE "MSN Pluse! Sponsor)? If you find it and remove it, it could be a quick fix for you. For me, it didnt work, but it couldnt have hurt, right?
     
  7. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    i already did that lol it didnt work bt it cud of helped
    tho wat ive been told to do from this thread so far theres def been something thats worked cause they are rarely any popups anymore
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    sorry that was my fault I messed up on the code put whats below into OTMoveIt2

    Code:
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd
     
  9. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    hmm that didnt work either =/
    its probably something im doing wrong,
    heres what it sed again
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    post a fresh hijackthis log
     
  11. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    here you go =)
     
  12. rezzzy

    rezzzy TS Rookie

    With malwarebytes is easy to remove it but first need a log from HJK..I had this virus too 2 times and i removed it with malwarebytes..
     
  13. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    yeah i havnt had any popups since the HJK was downloaded and i was told what ones to take away :) but i duno if that means the virus is fully gone =/
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    open hijackthis and place a check next to the item below

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Now just to make sure run the online scan below.

    TrendMicro™ HouseCall Java Scan
    • Please go HERE to run the Trend Micro™ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.
     
  15. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    i ran the scan, and it found a few things and i cleaned them and it ran the scan again and no results came up so i thought that meant there was nothing found again after it was removed.
    Anything else i have to do?

    thank you so much by the way, youve been a lifesaver!
     
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    post a fresh hijackthis log
     
  17. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    there you go =)
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    OK looks good how is your computer running

    ------------------------------------------------------------------

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

    ==================================

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    ==========================================

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    xxdanielxx
     
  19. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    its running great thanks so much for your help your a genius =)

    when i run these programmes do you need anything sent back?
     
  20. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    No thats about it were done but if you have any problems post back in this thread
     
  21. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

  22. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    CiD virus back again

    Hello again, the msn plus i tried to download again it brought back the CiD virus and I'm soo anoyed with it.

    Would you mind helping me again get rid of it?

    Thanks
     
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  24. Ruby202

    Ruby202 TS Rookie Topic Starter Posts: 28

    if i attach another log file would u mind looking at it?
    i wouldnt be pestering so much im just desperate to get this off my computer ive tried everything you guys have said and use really helped me last time.

    My computer is used for work and im just worried it will ruin some of it.

    thanks so much
     
  25. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...