TechSpot

Need help with CiD virus

By fusi0nsax
Aug 15, 2008
  1. I have now had pop-ups continually popping up for about a month now, I have tried following some other steps in other threads, but can't even get HJT to run on my computer, I download the setup file, and run it and get a box that says HJT will be installed into C:/ProgramFiles/HijackThis and i click Install, and a Shortcut appears on my desktop but when double-clicked or Right Clicked and Open, nothing happens, so if i can get help with that as well, then the other problem can be solved.
     
  2. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Actually "Installed" !?

    Hi :

    I wonder IF HijackThis is actually "installed" on your computer !? Not knowing your
    Operating System, have you gone to your "Add or Remove Programs" ( or a
    similar "Name" ) accessed from your "Control Panel" to see IF it is listed !?

    Have you viewed TrendSecure/TrendMicro's HijackThis Quick Start Guide ?
     
  3. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    go to C:/ProgramFiles/HijackThis and rename hijackthis to bobo then copy a shortcut to your desktop and delete the old one now run it and attach a log
     
  4. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    Here is my hijack this log (renaming the program and adding the shortcut to my desktop worked!!!)
     
  5. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

  6. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    New HJT Log


    NoLop did not work, still getting popup
     
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    I will go over it then post what to do
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    ===============================

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    ======================================

    Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

    then post a fresh hijackthis log
     
  9. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    The Malwarebytes' Anti-Malware is taking a very long time, so in the meantime i though i'd post the SDFix Report and fresh HJT Log
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Once MBAM and the online scan finish post a fresh hijackthis I can not do nothing becuase I want to make sure it gets certain things first.
     
  11. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    Here is a Fresh HJT Log and the Malware Log, I ran trend micro but did not get a log.
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    For MBAM you forgot to remove selected items iny= your log it says No action taken. You have to rescan and remove everything it finds
     
  13. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    if i go into Quarentine and delete everything from there will that be ok?
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    If everything is in there yes but I dont think it is as it didn't say it moved it there.
     
  15. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    I deleted everything in it, but am running one more scan to make sure, will post in about 30 minutes with a fresh hjt log.
     
  16. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    MBAM Log and HJT Log
     
  17. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ComboFix


    Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file**& save it as it's originally named, next to ComboFix.exe.



    [​IMG]


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Drag the setup package onto ComboFix.exe and drop it.

    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      [​IMG]

    • When the tool is finished, it will produce a report for you.

    Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
  18. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    may i ask what this does? just wondering.
     
  19. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    it removes a lot of different infections but it is not something you want to run on your own. It also creates a log with a lot of information which is what I want. Before you run it make sure to disable anything like your AV or Spyware protection. Or it can cause problems
     
  20. fusi0nsax

    fusi0nsax TS Rookie Topic Starter

    It said it cannot finish because System Restore is already installed or something along those lines.
     
  21. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Hmm do you have the recovery console install already? If you have a xp cd then we can continue
     
  22. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    If you do have a xp cd then just run combofix by double clicking it. If something happens we can use the recovery console to restore the computer
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...