CiD Pop-Ups. Ran NoLop, but still there. Please Help.

Status
Not open for further replies.
N

Nanakib

My parents computer has started to have a CiD pop up all the time. I ran NoLop and updated the system32 file with the new mscomctl.ocx file, but it did not find the rest of the infection. Here is my HJT Log.


Second question. I would like to get rid of the toolbars my parents have as well. I have attempted to uninstall google toolbar, but it does not uninstall will deleting the registry key do it? Thanks.
 
Hello and welcome to Techspot.

You`re running an outdated version of HJT.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Reinstall the Google Toolbar and we help you to get rid of it permanently. Don`t be tempted to start using regedit. It can cause too many unforseen problems.

Regards Howard :wave: :wave:

This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okay here is my updated HJT log and my Combofix log.

Does anyone know if AVGAS interferes with McAfee Virusscan?

AVG Rootkit did not find anything.
 
AVG Antispyware does not interfere with McAfee. Please attach the AVG Antispyware log to your next reply.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

mapi fork.exe<This is the lop file

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [body safe tool drv] C:\Documents and Settings\All Users\Application Data\active move body safe\mapi fork.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\All Users\Application Data\active move body safe<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :)

This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okay the CiD's pop-ups are gone, but when I unchecked hide folders and files a few weird exe's showed up on my desktop. They are crash.exe, blackhole.exe, and evilsmiley.exe. Any idea how to get rid of them?

Here is my AVG post from before removing the lop as well.
View attachment 21328

Here is my latest HJT report and Combofix report. I will run AVG after posting this.
View attachment 21325

View attachment 21327




Thanks for all the help so far.
 
All items in your AVG Antispyware log say "No Action Taken". This is because you didn`t follow the instructions properly for using AVG Antispyware. See HERE.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

crash.exe
blackhole.exe
evilsmiley.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

crash.exe
blackhole.exe
evilsmiley.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh AVG Antispyware log.

Regards Howard :)

This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, that`s fine mate.

Follow the instructions in my post above and let me know how your system is running. Obviously, I no longer require an AVG Antispyware log.

Regards Howard :)

This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okay I deleted those files too. Do you need any new log files from HJT or Combofix? The CiD pop-ups are gone. Thanks for all the help!
 
If you`re not having any further problems, you should be good to go.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Nanakib only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
N
Windows 11 review round-up: Better than Windows 10, but still a work in progress
2
Replies
30
Views
6K
loki1944
L
J
Solved Win32/Skeeyah.B!rfn and Win32/Fuerboos.D!cl infection
2
Replies
27
Views
7K
Broni
Broni

Latest posts

Back