Cid problems

[py2248]

hii im new to this forum but i saw how you all helped a person before with the same problems and hope you can do the same for me. i have a popup problem with CiD: ....

so my questions start with :

1. basically i start doing the step by step program and post some logs up right??

2. hopefully when someone responds to this, i can post my hijackthis log on here

thank you

phil

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of py2248 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[py2248]

hi sorry its taken me this long, but i followed all the instructions and this is what i came out with...

i just attached two log files because the spybot one exceeds the attachment limit or something...115 kb, 15 kb over the limit.

i am still getting these cid popups tho...

please helppppp

 

[howard_hopkinso]

All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

You didn``t attach a Combofix log as requested, nor did you let me know the results of the AVG Antirootkit scan.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

2D0523BE

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

A9BC6E05.EXE
safe load.exe
inetsrv.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe

O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\safe load.exe

O20 - Winlogon Notify: usbmon - C:\WINDOWS\system32\usbmons.dll (file missing)

O23 - Service: 2D0523BE - Unknown owner - C:\WINDOWS\system32\A9BC6E05.EXE (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\inetsrv.exe
C:\WINDOWS\system32\A9BC6E05.EXE
C:\Documents and Settings\All Users\Application Data\flag barb cake wipe<Delete the entire folder.
C:\Documents and Settings\Owner\Desktop\uninstall.exe

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT, AVG Antispyware and Combofix logs

Regards Howard

This thread is for the use of py2248 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[py2248]

yea sorry about that, the antiroot scan found no roots? so i guess it was all good... i actually had a problem while in safe mode... its cause the resolution is set really low, and the avg program that was scanning my computer was too big, and i really couldnt locate buttons and stuff, so i had to kinda just click whatever i could see... i tried to up the resolution, but that wasnt possible.. is there a way to do that so i can see the other buttons??

 

[howard_hopkinso]

Run the programme from normal mode.

Regards Howard

This thread is for the use of py2248 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.