Winzix adware

By dayslayer8
Apr 21, 2009
Topic Status:
Not open for further replies.
  1. k im stupid and i installed winzix before i knew it was a stupid adware. After i unistalled, i (obviously) still get random pop-ups with 3 iexplorer.exe processes are appearing on task manager. Everytime i tried to end the iexplorer.exe, 2 of them just comes back while the other one is the real one. Im a noob in computing and i really need help for removing the stupid pop-ups...:dead:
    I attached my log from hijackthis

    Thanks everyone :D

    Attached Files:

  2. vexon13

    vexon13 Newcomer, in training

    i think normal procedure is follow the 8 steps and wait for some one to look at the 3 logs,

    www .techspot.com/vb/topic58138.html << 8 steps

    in other words try to follow all of those steps and come back with the malwarebytes log and the supper antispyware one.

    if your having problems there are people on this board who can help .
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Your HijackThis log indicates you have a LOP malware infection.

    But there is also indication of the use of the AQW Hacking Toolbar, used to pirate software.

    We an help with the Lop infection but:
    If you feel this is in error, please provides all three of the logs for Virus & Malware Removal. We will be able to verify any pirating with them.
  4. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    lol that took a while

    @vexon13
    Thank you for being so remindful to new members like me!!:D

    @bobbye
    thank you for your patience and nice altitude, however aqw hacking toolbar is just a toolbar that lets you go to game forums faster, like cheatengine.org, where people post cheats, walkthroughs and glitches in swf games. It is absolutely NOT crack/warez and have completely NOTHING TO DO with piracy. You can check and prove it on my 3 new logs. (i uninstalled the toolbar before the logs were made and hope that im in your favour and get more support...) anywayz here are my 3 new logs.
    im sorry if i've made any offense to you but i really didnt mean to.

    Alternatively, in control panel -> add/remove programs, i've found this thing called Cid help, which came with the winzix. So should i remove it by using add/remove programs or should i do something else?

    sorry double post... forgot to attach logs
  5. touch

    touch Newcomer, in training Posts: 978

    Looks like you´ve got rid of AQW Hacking Toolbar.

    We have a special fix tool to remove LOP/CID infections, I´ll therefore suggest we use it ;)


    Download http://eric.71.mespages.googlepages.com/LopSD.exe
    by Eric_71 and save it to your desktop.

    Double-click LopSD.exe
    Choose the language by typing of the corresponding letter and press Enter
    Click OK at the informative window
    Type 2 to choose Option 2 (Fix + Hosts), then press Enter
    Wait until the end of the scan have finished
    A report will be generated, attach the contents of it in your next reply.
  6. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    @touch
    i've installed LopSD to my desktop.
    i've double-clicked the icon and clicked on 'run' in the security thing
    however, the cmd-like window gets a blue screen and immediately shuts...nothing more happens
    EDIT: the words 'please wait...' appears in the middle of the screen before it closes itself
  7. touch

    touch Newcomer, in training Posts: 978

    Ok, try from safe mode then
  8. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    nope, didnt work...
    the same thing happened :(
  9. touch

    touch Newcomer, in training Posts: 978

    That´s odd :confused:

    Let´s try this scanner ->

    Please Download NoLop to your desktop:

    http://www.greyknight17.com/spy/NoLop.exe
    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK

    Now click the "REBOOT" Button.

    A Message should popup from NoLop. If not, double click the program again and it will finish Please attach the contents of C:\NoLop.log along with a fresh HijackThis log
    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program.
  10. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    @touch
    thanks for the software
    i've done everything and here are the logs
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    touch, Lop is still on board as seen below:
    .How about trying Lop S&D again:

    Download Lop S&D by Eric_71 and save it to your desktop.

    Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon.
    • Double-click LopSD.exe
      If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
    • Choose the language by typing of the corresponding letter and press Enter
      [​IMG]
    • Click OK at the informative window
    • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
      [​IMG]
    • Wait until the end of the scan
      [​IMG]
    • A report will be generated, post the contents of it in your next reply.
    (Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

    Maybe the images will help.
     
  12. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    Nope, the same thing happened
    i double clicked on lopSD and click 'run' on the security thing.
    the blue screen comes up and says please wait...
    then it closes and nothing more happens
    however, this time i was just able to see a line saying something about: " 'find'............." before it closes
    (this message appears really fast just before lopSD closes itself)

    By the way, as mentioned earlier
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please go to the Event Viewer and find the Error that corresponds to the BSOD.

    Start> Run> type in eventvwr

    Please ignore Warnings and Information Events. You do nor need to include the lines of code-if ant- in the box below the Description. Please do not attach the entire Event log.

    Force the BSOD if you have to and check the time on the computer clock. The logs are time-coded so you will be looking for Errors occurring at the same time.

    I had hoped that maybe the images might help with the Lop program.

    This CAN be normal in IE8, but it can also be malware disguised.

    Touch, do you think it's worth tryng another Lop program? IF so, how about this?

    Download FindLop HEREand save to the desktop.
    A Notepad file will open.
    Copy the content of that file and paste it into your reply to this thread.

    Also, copy the part in bold below into notepad and save it as direxie.bat
    Set File type to "All files"

    Start the file by double clicking direxie.bat
    That will open a file called directory.txt. Post the content of that file.

    Please do a right click> Delete on the 2 setup files for the previous Lop programs.

    CiD Help is a Malware and Adware. You could get this Malware if you download a software from some un-trusted web sites.

    To remove CiD Help, go to Start–>Settings–>Control Panel–> Add and Remove Programs, then select CiD Help, click remove.

    Please wait to see if Touch agrees to this before running.
  14. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    @Bobbye
    Unforunately, my system shows all the information from event viewer in chinese, including event logs.:mad:
    I'm cannot understand the chinese words nor able to translate them into english.
    So do you think there are any chances of skip this step?
  15. touch

    touch Newcomer, in training Posts: 978

    It´s not easy to understand Chinese, and it almost impossible to pronounce it :D

    Please download http://swandog46.geekstogo.com/avenger2/download.php
    by Swandog46 to your Desktop.
    Click on Avenger.zip to open the file
    Extract avenger2.exe to your desktop

    Start Avenger


    Copy/Paste all the text in the above quote box into the main window
    Click Execute

    The Avenger will automatically do the following:
    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions.

    This log file will be located at C:\avenger.txt

    Attach C:\avenger.txt in next reply, along with fresh hijackthis log and tell how things are running now ?
  16. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    when i pressed execute, an error appears:
    "Error: Invalid script, a valid script must begin with a command directive. Aborting execution!"

    should i use direxie.bat or remove 'CiD Help' with Add and Remove Programs before any other steps?
  17. touch

    touch Newcomer, in training Posts: 978

    If avenger don´t close, just continue.
  18. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    i have to press 'ok' when the error occurs and avenger does not start executing.
    however, avenger does not close but everytime i press execute, i get error and have to press ok, which stops the execution process.
     
  19. touch

    touch Newcomer, in training Posts: 978

    Ok. Then you´ll have to delete the folders (in bold) manually:

    C:\Documents and Settings\All Users\Application Data\License Ford Hope Draw
    C:\Documents and Settings\Zihao\Application Data\Defaultwaitremote
    C:\Documents and Settings\Zihao\Application Data\Utorrent

    Reboot, attach new hijacktis log and tell how thing are running
  20. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    i'm not able to delete the folder: License Ford Hope Draw
    because an error that 'Idle Dumb.exe' is being used or something like that.
    However. the other two folders are now deleted.
    (dumb.exe is not shown in task manager)
  21. touch

    touch Newcomer, in training Posts: 978

    Ok. Post new hijackthis log
  22. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    Never mind, that folder was deleted after a reboot and i've just rebooted again.
    Here's a new Hijack This log
  23. touch

    touch Newcomer, in training Posts: 978

    Great :)

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    O4 - HKLM\..\Run: [Hope Draw Obj Funk] C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW\Idle Dumb.exe
    O4 - HKCU\..\Run: [ForkHide] C:\DOCUME~1\Zihao\APPLIC~1\DEFAUL~1\ref vga sixth.exe


    Reboot, post fresh hijackthis log, and let us know how things are running ?
  24. dayslayer8

    dayslayer8 Newcomer, in training Topic Starter Posts: 53

    Yep, i'm finished
    Currently, there are no more multiple iexplorer.exe in taskmanager anymore nor random pop-ups when using ie instead of firefox:D
    Here's my new hijack this log.
    However, CiD Help is still in 'Add or Remove Programs'...
    Should i do anything about it?
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Question: Check the Computer Management for "language"

    Control Panel> Administrative Tools> Computer Management> click on each entry on the left, then look on the right screen> check each category for language.

    If part of your system is on one language and another part in a different language,, it's likely your operating system can't understand itself! There is no separate setting in Computer Management in which you will find the Event Viewer, to set a language. That is set in the Control Panel> Regional settings.

    You have three Asian language programs loading on boot:
    Is this intentional?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.