TechSpot - PC Technology News and Analysis

Hi Guys,

My computer's been infected with the CiD pop-up virus. I've run Hijackthis and have attached the log file. I'm not really familiar with what's good/bad on this list - so any suggestions/help would be greatly appreciated!!

Cheers,
Nick.

Attached Files

hijackthis.log (15.6 KB, 6 views)

Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE

• Launch SuperAntiSpyware and click on 'Check for updates'.
• Once the updates have been installed,exit SuperAntiSpyware.

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Scan with SuperAntiSpyware

• Start SuperAntiSpyware.
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.
  
  It's possible that the program will ask you to reboot in order to delete some files.
  
  Obtain the SuperAntiSpyware log as follows:
  Click on 'Preferences'.
  Click on the 'Statistics/Logs' tab.
  Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
  It will then open in your default text editor,such as Notepad.
  Attach the notepad file here on your next reply

Hi Blind Dragon,

Thanks for your help - I've attached the log file for you to look at.

Cheers,
Nick.

PS - Note: I'm still getting the pop-ups after running this program.

Attached Files

SUPERAntiSpyware Scan Log - 07-06-2008 - 10-46-22.log (5.4 KB, 1 views)

That didn't pick it up lets try fixing part of it manually then scanning with a different program

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: RGWIE Class - {D4D5806E-EA2C-45b2-972D-8BE237697B87} - RGWIE.dll (file missing)
  O4 - HKCU\..\Run: [TONS BOLT] "C:\ProgramData\MPEG BASE BASE.2b9ijq"
  O4 - HKCU\..\Run: [else tool title ping] "C:\ProgramData\anti 64 poll.mlpqttn"

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

----------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

------------------------------------------------------------------------------

and just to be sure in case it doesn't find them

FileASSASSIN

• Launch Malwarebytes' Anti-Malware
• Select the More Tools Tab
• Under FileASSASSIN select Run Tool
• Navigate to C:\ProgramData\MPEG BASE BASE.2b9ijq
• Press Open
• Navigate to C:\ProgramData\anti 64 poll.mlpqttn
• Press Open

---------------------------------------------------------------------------------

Please attach the MBAM log as well as a new hijackthis ran after the above

Hi Blind Dragon,

Thanks for your help again... I've run Hijackthis and attachd the log file as requested. I also downloaded and tried to run the Malware program you suggested, however about halfway through it kept locking up.

Let me know your thoughts.

Nick.

Attached Files

hijackthis.log (16.1 KB, 2 views)

were you still able to run File Assassin to take out those 2 files?

There must be something on there causing MBAM not to run - can you try running it from safe mode

Hi Blind Dragon,

Yes I was able to still removed the specified files and everything appears to be back to normal now - no pop-ups anymore!

Thankyou very much for your assistance. I'll let you know if I have any further difficulties.

Thanks again.
Nick.

Not done yet. You need to update java and we need a 2nd opinion

Update your Java Runtime Environment

• Click the following link
  Java Runtime Environment 6 Update 6
• The 5th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder

---------------------------------------------------------------------

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply