TechSpot

[Resolved] CID ie popup infection

By Bigtony11111111
Jan 8, 2008
Topic Status:
Not open for further replies.
  1. Howdy, I've followed the 15 steps and I'm still having trouble. Here are my combo fix, avgas, and hjt logs for anyone able to help me. I'm 99% sure I just have the CID trojan giving me popups in internet explorer windows. The Combofix log is Cflog.txt, hijack this log is HJTlog.txt, and the AVGantispyware log is avgasScan.txt

    Pretty disappointed in myself for getting this -_-. I was using firefox and an assortment of protective adons, which means I probably was an ***** and downloaded it accidentally v_v,.

    Any help greatly appreciated.
  2. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    1. Boot into safe mode under your normal user name. See how HERE
    2. Next turn on "Show all files and folders, including hidden and system". See how HERE

    3. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O4 - HKLM\..\Run: [DumbDent] "C:\ProgramData\Rect ref ref.gdfso2"
      O4 - HKLM\..\Run: [Grey pop cake audio] "C:\ProgramData\TICK CITY JUGS.qxlyz"

      Close HJT.

    4. Navigate in Windows Explorer and delete the following files and folders in bold.

      C:\ProgramData\TICK CITY JUGS.qxlyz
      C:\ProgramData\Rect ref ref.gdfso2
      C:\Users\All Users\Part Hide Grey Pop
      C:\Users\All Users\hearttrustbird
      C:\ProgramData\Part Hide Grey Pop
      C:\ProgramData\hearttrustbird
      C:\Program Files\Viewpoint

    5. Reboot into normal mode and rehide your protected OS files.
    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs.


    Regards,
    momok =)

    This thread is for the use of Bigtony11111111 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Bigtony11111111

    Bigtony11111111 TS Rookie Topic Starter

    Followed instructions, here are the three new logs. Thank you very much :D
  4. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Your logs look clean now.

    1. Please download and run CCleaner via step 9 of the instructions HERE.

    2. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    3. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    4. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    5. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    momok =)

    This thread is for the use of Bigtony11111111 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Bigtony11111111

    Bigtony11111111 TS Rookie Topic Starter

    I am unfortunately using windows Vista. should I be concerned with the system restore step? Otherwise, thank you immensely for your assistance.
  6. momok

    momok TS Rookie Posts: 2,272

    Hi,

    I'm sorry I forgot about that..
    You can and should do the off/on of system restore. Simply Go to control panel and it should be under there. Alternatively go to start and type "system restore" in the search bar.

    To turn it off, uncheck the boxes for all your drives, then check them back again.
    If prompted to turn off, click yes.

    Regards,
    momok =)
  7. momok

    momok TS Rookie Posts: 2,272

    Thread closed as the problem appears to have been resolved. Should the original starter require it to be reopened, please PM a mod.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.