CID Popups cant get rid off might have to reformat

By Noxah ยท 7 replies
Jul 11, 2008
  1. Hello, guys i posted my log on another forum, and didnt get any replies so i hope this is the right place, i got a virus from msn messneger ive tried all the removal methods but it didnt work. ive scanned it with lavasoft it didnt find. please help.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Cid popups are no cause to reformat -

    Please post over at techguy that you are already receiving help here so that they don't waste time going through instructions and we don't give conflicting advice.

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKCU\..\Run: [hidebalm] "C:\ProgramData\ListIdleIdle.qy1mu3
      O4 - HKCU\..\Run: [SHIM LINK FREE BALL] "C:\ProgramData\REAL JOY SIGN.1szi1xd"

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      C:\ProgramData\REAL JOY SIGN.1szi1xd[/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Run a fresh Hijackthis scan for me

    Attach here:
    1) OTMoveit2 log
    2) MBAM log
    3) Fresh Hijackthis log
  3. Noxah

    Noxah TS Rookie Topic Starter

    Thanks ok ill do that, im going to use your technqiues. btw this seems pretty long atm so im going to do it tommorow and give you the response. because the virus is on my sisters pc not mine.
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That's fine, its not as bad as it looks -> just very detailed steps for each program
  5. Noxah

    Noxah TS Rookie Topic Starter

    will this 100% get rid of it, you sure those processes are causing the problem?
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I am positive they are, and there is no 100% garuntee that this will be the end of the instructions, but after you show me the logs I can verify that they are gone and we can run a few more scans to be sure. After I see the requested logs then we can go from there in making sure that it is gone
  7. Noxah

    Noxah TS Rookie Topic Starter

    otmoveit log
    malware log
    fresh hijackthis log
    also prefetched was disabled in ATF Cleaner.exe

    Im still getting cid popups after doing all those methods
  8. rf6647

    rf6647 TS Maniac Posts: 829

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...