CiD pop-ups...

[sajth]

Hey there! Well this is my first post, too bad its not for a good reason. I've just recently been infected with something I don't know, and I believe the result are these CiD pop-ups, some more inappropriate than others. I was wondering if someone could help walk me through the process to remove watever it is thats causing these pop-ups. Replies are much appreciated!
-Saj

 

[momok]

Hi sajth and welcome to techspot. =)

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of sajth only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sajth]

Hey! Well I've followed the detailed instructions and these are the required logs. Also, there were no rootkits found during the AVG anti-rootkit scan. I have some items currently quarantined in the AVG antispyware, will you tell me what to do with these? Thanks so much.

Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.

Sorry! The AVG log didn't turn out how it was supposed to. Actions were definately taken and they were: all deleted except the first two and last three which were quarantined

 

[momok]

Hi,

We'll get to the the quarantined files after we are done with the rest of the cleaning. But for now,

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

ALCMTR

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

ALCMTR.EXE

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\ALCMTR.EXE

Reboot into normal mode and rehide your protected OS files.

Please visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
C:\WINDOWS\system32\drivers\w600cm.sys
Click Open
Also, do the same for:
C:\WINDOWS\system32\drivers\w600wh.sys

Please let me know the results.


Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of sajth only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.