CiD Popups on vista

[Gosimer]

Hi,

Im not very good with computers and i need to know how to get rid of these annoying "CiD" popups, I have also tryed that nolop.exe but that did nothing.

I was told to get a HIjackthis log file..

Here it is.

View attachment 53794

 

[AnonymousSurfer]

Hi Gosimer,

Here is the malware that you have on your computer. Check these off after preforming a hijackthis scan to delete these from your computer.:

O4 - HKCU\..\Run: [ball admin] "C:\ProgramData\Delete gpl gpl.vibsoj"
O4 - HKCU\..\Run: [upload curb default new] "C:\ProgramData\Proc film up.e5ohmcj"

 

[Gosimer]

Thanks for the fast reply!, so far so good. =)

Thanks again, these popups were really annoying me.

My Mailware scanner did not detect these, nor did some others i tryed.

 

[AnonymousSurfer]

You are most certainly welcome.

 

[Bobbye]

AnonymousSurfer, please stop advising these members. the Hijackthis log does not screen for viruses, nor can it be used to tell someone they are virus free.

Gosimer, please follow the steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

When you have finished, attach the logs from Malwarebytes and Superantispyware.

Rescan with HijackThis and paste that in your reply> I will then review all of the logs and help you with the malware.

 

[AnonymousSurfer]

I am sorry and realize my mistakes. All of my posts were in the past and now know to post the 8 steps guide to people who want to clean their computer and that hijackthis is NOT a virus detection software.

 

[Bobbye]

Surfer, you picked up 9 malware threads in 3 hours! before you start helping members of any forum, read the stickies that are in the section above the forum. You can do a lot of damage in a hurry and have a poster think their system is clean and safe when it is not.

 

[Gosimer]

Ahh.. I see, i knowtised I still get the CiD popups.

Well here are the logs you requested..

Malwarebytes Scan Log-

View attachment 53806

SUPERAntiSpyware Scan Log-

View attachment 53805

Hijackthis Log(updated)-

View attachment 53808

 

[Bobbye]

Gosimer, tell me about this:

DeviceVM, Inc. is a privately held software company offering Splashtop, an award-winning ‘instant-on’ platform that improves the personal computing experience.

It is a legitimate program- no problem there, but I hadn't seen it before so had to look it up: I see some companies preload it also.
http://www.splashtop.com/overview.php

I want to make sure you downloaded it and if the pop-ups started after.

Please reopen HijachThis to [b['do system scan only.'[/b] Check each of the following if present:

O4 - HKCU\..\Run: [ball admin] "C:\ProgramData\Delete gpl gpl.a0z38a"
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C> (from a Trojan named: Generic.dx!fcb!5aa31ba27512)

Close all Windows except HijackThis and click on "Fix Checked"

Did you install the following and/or are you aware of them?

O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe>> Related to Cisco WebEx online meetings.

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe>> this is for Remote Access and Support over the Internet, Remote Support, Meetings/Presentations, Remote Access/Remote Office.
http://www.teamviewer.com/index.aspx

These are both legitimate Services.

Then Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attach the Combofix report.

Rescan with HJT and paste in a new log.

 

[Gosimer]

Gosimer, tell me about this:

DeviceVM, Inc. is a privately held software company offering Splashtop, an award-winning ‘instant-on’ platform that improves the personal computing experience.

It is a legitimate program- no problem there, but I hadn't seen it before so had to look it up: I see some companies preload it also.
http://www.splashtop.com/overview.php

I want to make sure you downloaded it and if the pop-ups started after.

I do not understand that...

I am awear i downloaded Teamview4, and that other thing i would just guess it came with Network Magic.

Here are the logs.

Combofix Log-

View attachment 53825

Hijackthis Log (updated2)-

View attachment 53826

 

[Bobbye]

Just skip it. It isn't a Network Magic process.

Shaw is providing your system with security from F-Secure. It includes an antivirus program, firewall and other security. This should be disabled when you run Combofix:

Please do a right click> Delete on the Combofix file on your desktop.
Then double click the setup you saved and run Combofix again.

Please attaach the report in next reply..

Follow with online antivirus scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Include log in next reply.

Are you still noticing the CID pop-ups? Any other problems?

 

[Gosimer]

Allmost forgot to thank for the help

I unloaded shawsecure when i used combo fix, unpluged my internet, and closed every thing.

Here is Combofix.

View attachment 53856

For the nod32 scanner i was suprised to see the trojans there..

View attachment 53857

But i didn't remove them just as you said

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan

And for the CiD popups i have not see one forawhile now but does that mean its really gone?

My internets been going a bit slower then usal thow.

 

[Gosimer]

Srry about this i accidently double posted my internet was doing somthing funky.

 

[Bobbye]

I'd like to spell this ut for you, but your main objective is to get rid of the malware! Suffice it to say that on 11/08/09, you got a Lop infection: If you intentionally downloaded a program called Circle Development, I recommend you uninstall it immediately

It is best to disable the antivirus and malware programs for the scan; you'll re-enable them after the scan

Download Lop S&D and save to your desktop.

• 
  
  [1] Double-click Lop S&D.exe
  [2] Choose the language, then choose Option 2 (Fix + Hosts)
  [3] Wait till the end of the scan
  [4] Attach the log which is created: (%SystemDrive%\lopR.txt)

We'll do the next step when I see the log.