BitTorrent CiD removal

By Damedog19 ยท 6 replies
Apr 12, 2008
  1. CiD popups hijack log help

    A few days ago I downloaded a program called BitDownload and afterwards started getting CiD pop ups. I did the uninstall on BitDownload and deleted all the files i could find related to it. That of course did not solve the pop up problem. After doing some research on CiD, I found some people who said a program called 'CiD help' can be uninstalled to get rid of the pop-ups. I did that and it worked but after some more research I decided that the pop-ups might be the least of my worries.

    I looked in the system registry and found and deleted all of the entries for BitDownload. I also found a couple of entries under HKCR called CID and CID.local. They also appeared under software. I did NOT delete these because they each have a lot of sub catagories and i did not want to compromise my system at all.

    Then I found this site and decided to do the prelim. virus, malware removal steps listed in this thread. I did come up with 1 trojan in spybot, but nothing related to CiD (I think.) I have the combo fix and Hijack this logs attached (avg spyware only came up with some usual tracking cookies) and would like an experts opinion on what I Should do now.

    P.S. the date was April 5, 2008 when the BitDownload was downloaded, and I did notice some wierd entries in the combo fix log for that date. At least it looked unusual to me. I'll let u guys be the judge

    Attached Files:

  2. Damedog19

    Damedog19 TS Rookie Topic Starter

  3. momok

    momok TS Rookie Posts: 2,265


    Interestingly, your HJT log looks clean.
    Have your run an antivirus scan and an AVG antispyware scan in safe mode yet? If not, I'd like you to do so and post back with the log and results. Thanks.

    1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    2. Save this as CFScript on the desktop.
    3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.

    momok =)

    This thread is for the use of Damedog19 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  4. Damedog19

    Damedog19 TS Rookie Topic Starter

    Hi Momok,

    Thanks for taking my case so to speak. Just to bring you up to date, since my last post I ran the online check from Panda. It said that there was a backdoor trojan in my combofix file...

    01176994 Bck/VB.XB C:\ProgramFiles\Security\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]

    The online scan could not fix the problem so I sent combofix.exe to recycle bin and ran ccleaner. I don't know if this was the right thing to do, so any info on that would be great.

    The scanner also came up with two vulnerabilities:

    184379 MEDIUM MS08-001
    182048 HIGH MS07-069

    I don't know if those numbers mean anything to you, but I couldnt seem to find any description on their site

    Also, Norton AV had been giving me problems since i completed the prelim. removal steps. It was taking forever to load at startup, wasn't allowing Firefox to connect to the net, and every time i tried to enable the phishing filter the Symantec framework would crash. I only had a couple days left on my free trial so i just deleted Norton and downloaded AVG.

    Other than that everything seems to be running fine. I'll let you take a look at my new logs and see what you think. Hope to here from you soon

    I cant seem to upload my combofix log at this time i'll try again later
  5. momok

    momok TS Rookie Posts: 2,265

    Your Hijackthis log looks fairly clean.

    I would remove this though:
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    and uninstall spyhunter since it is generally not really effective as compared to other programs. Are you downloading a new combofix to run?
  6. Damedog19

    Damedog19 TS Rookie Topic Starter

    well I deleted that BHO and spy hunter. But every time I try to upload my ComboFix log the connection to server resets. the file is only 67k so I'm not sure what the problem is. Any suggestions?
  7. momok

    momok TS Rookie Posts: 2,265


    Try copy and pasting your log here instead
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...