Spammed by Cid and others

[Lazersam]

Nothing has worked so far. I keep getting pop ups and pop unders - all sorts.
CiD, Sublimedia, ad.zanox.com, right-ads.com to name a few.

I have tried Ad-Adaware, S&D and HJT. I have followed lots of advice but to no avail. Please could someone help me before I delete the entire hard drive and start again!! I attach a log file from HJT.

 

[momok]

I would recommend you following the sticky on our malware removal instructions first, and post the required logs, not just hijack this.

 

[SpiritWind]

Hi :

Recommend you try the info at http://cidhelp.com , especially
" 4) The use and presence of the Software is voluntary. The Software may be uninstalled at any time from your computer. The only authorized means to uninstall the Software is to use the ADD/REMOVE function on your control panel or contact support@cidhelp.com for assistance. Instructions to uninstall the Software are as follows:

1. Access your control panel by going to the Start menu;

2. Select Control Panel;

3. Choose ADD/REMOVE PROGRAMS; and,

4. Select Messenger Plus! and Sponsor or CiD Help for removal.

5. If you do not remember which bundled software product you installed that included the sponsor software you can download and run the universal uninstaller located here. "

The Info in "5" is probably what you should be using !?

 

[tw0rld]

Suspicious about this...

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

I have noticed this setting within logs of people with the CiD problem. This may need to be removed, but I unable to say for certain as I have nothing to back my findings. I do find it odd though that the same proxy setting would appear in all CiD related problems, but doesn't otherwise.

This might fix the problem

Reset IE to default

1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.

 

[tw0rld]

Have a look at this, it support my proxy argument; http://www.sophos.com/security/analyses/viruses-and-spyware/trojraznewa.html, Maybe you were infected with this Trojan. When you get to the page click the "More Information" Button.

 

[rf6647]

Tw0rld, here is a symantec security bulletin that is very similar to your findings.

However, neither reference uses the " *.local " construct. Does this refer to any file with local as the extension? It appears that both references need enabling by an o4 entry.

SpiritWind, the link to "cidhelp" upsets my ZA internet security program and calls it a "spy site". I am slowing getting the picture why "cid" is so maddening (judging by the numerous hits in this forum).

 

[tw0rld]

Tw0rld, here is a symantec security bulletin that is very similar to your findings.

However, neither reference uses the " *.local " construct. Does this refer to any file with local as the extension? It appears that both references need enabling by an o4 entry.

It is the same both entries is refered to as local

"ProxyServer"="127.0.0.1:8080"
"ProxyOverride"="local"

I need to have a look at the log again, but I am off to work. when I get back I will.

 

[momok]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

I believe this simply means that Internet Explorer will bypass any proxy settings for the address *.local, which refers to your own computer.
Also see -> https://www.techspot.com/vb/post578061-3.html

 

[tw0rld]

I believe this simply means that Internet Explorer will bypass any proxy settings for the address *.local, which refers to your own computer.
Also see -> https://www.techspot.com/vb/post578061-3.html

I understand that. My question is.... Why is it showing up in the logs? I have only seen it in instances such as this. if it is showing up in the logs..I'm thinking something must be using it(I could be wrong).

Read the info found at this link; http://www.symantec.com/security_response/print_writeup.jsp?docid=2004-081014-2032-99.

Lazersam, I would love to get a snapshot of this section of your registry

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

if no would you check to see if proxy is enabled.

1. Start IE
2. Click tools on the menu bar
3. select Internet options
4. Click the connections tab
5. Click Lan Settings button

Tell me if yours is similar to the one below:

If the use a proxy server for your lan option is selected click the advance button, and let me know what you see interms of settings.