TechSpot

Sick of CiD pop-up. Help to remove this problem

By MAHKUM
Jul 2, 2007
  1. My computer has severely slowed down and is infected with CiD Virus. A Xoftspy ware says ther are 505 items of concern but will not sort it without paying $39. I tried Hijack This software and please find the log saved.

    Can anybody help to resolve this for me.
    Many Thanks.

    MAHKUM.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi MAHKUM and welcome to techspot. =)

    I see that you have McAfee on your system; have you used it to run a full system scan in safe mode?

    Your system is infected with some nasties and I advise you to do the following.

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    In step 14, whilst still in safe mode, before you run HijackThis, do the following.

    Go to Start > run. Type services.msc and press enter. Search for the following service in bold and stop them from running. Right click to set the startup to disabled.

    mess bone each bows

    Next, run HijackThis and fix these entries:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)

    O4 - HKLM\..\Run: [mess bone each bows] C:\Documents and Settings\All Users\Application Data\32pingmessbone\This1.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O14 - IERESET.INF: START_PAGE_URL=http://www.creaf.com
    O20 - AppInit_DLLs: WIKI.DLL

    Close HijackThis.

    Navigate manually in Windows Explorer and delete this entire folder:
    C:\Documents and Settings\All Users\Application Data\32pingmessbone

    Reboot into normal mode and rehide your system files. Continue with Step 15.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of MAHKUM only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...