--------------------------------------------------------------------------------

I have also got the damn thing. Can you please help me? I am a novise at this, so please explain it as simple as you can. Also i am norwegian, so my inglish is not perfect.

THX

I am not on my normal computer or I would have a saved speech for this, but go to

Start, Control panel, Add/remove programs and uninstall anything that starts with Cid.

Then Run through the 15 step preliminary removal UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Hey blind ive got it here,

1)Uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and

double-click on Add/Remove Programs. From within Add/Remove Programs

highlight each one and select Remove.

Netpumper
BitRoll
Browser Enhancer
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Lop.com
LOP SEARCH
Messenger Plus
Ultimate Browser Enhance
Window Search
Window Searching
Zone Media

2)Setup" is now displayed. Click on the Uninstall button. Note: options

displayed on the first screen are not related to the sponsor program.

3)The sponsor screen is now displayed (if you don't see it, search for it

in your Task Bar). To prove that someone is currently reading the screen,

you have to type the code that is displayed. Once you enter the code,

press Uninstall.

4)If you entered the code properly, the program will ask you to confirm that

you want to uninstall. You must answer "Yes" to this question,

else, you won't have another chance of uninstalling.

5)Reboot your computer

6)Run another scan with Hijackthis and attach a new log

The damn thing is still here after 9 hours of scanning my pc according to the 15 step program. The Panda antiroot came up with nothing. Help!!!!

Attached Files

	hijackthis.log (8.2 KB, 2 views)
	Report-Scan-20080325-024937.txt (12.7 KB, 2 views)
	main.txt 1.txt (18.2 KB, 1 views)

Navigate to c:\winnt\system32\drivers\etc\hosts

With the hosts file open delete the following entries:

127.0.0.1 bin.errorprotector.com
127.0.0.1 br.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 de.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 download.cdn.drivecleaner.com

Close your hosts file. While still in the etc folder -> Right click on the hosts file and select properties, make sure that Read-only is checked

-------------------------------------------------------------------------------------------------------

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm
--------------------------------------------------------------------------------------------------------

Boot into Safe Mode - Print out this section

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.no/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
  R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
  O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
  O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users.WINNT\Programdata\Part title burn dvd\Free Safe.exe

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Show hidden files through windows explorer

• Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
• On the Tools menu in Windows Explorer, click Folder Options.
• Click the View tab.
• Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.

Use Windows Explorer to navigate to and delete the following files:

Folder:
C:\Documents and Settings\All Users.WINNT\Programdata\Part title burn dvd <-This folder only

Rehide system Files

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please check Hide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

----------------------------------------------------------------------------------------------------

Restart your computer into normal mode

Run a new scan with Hijackthis from normal mode and attach the log

-------------------------------------------------------------------------------------------------------

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply


So your next reply should include
1)New Hijackthis log
2)The kaspersky log

These instructions are for the use of pajoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I have NOT seen the ad's for the last hours. I hope that it's gone. I am extremely thankful for your help.

Attached Files

	KASPERSKY ONLINE SCANNER REPORT.doc (66.5 KB, 2 views)
	hijackthis.log (7.5 KB, 1 views)

Still a lot of infections showing on there. When you ran housecall did you have it fix everything it found? It shows some infections in quarantine.

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt