Keep getting these CID popups

Status
Not open for further replies.
I keep receiving these pop ups out of nowhere that have CID in the title. I use counter spy and norton and ran scans and nothing shows.

I ran nolop and it said i had an infected log and it reboot and fixed it, not sure if that was the right step to take or not
 
Thank you, I followed the 8 step process and it detected many things and fixed a lot of them but here are the log files that each of the 3 programs have generated. if anything needs to be fix I would greatly appreciate it as these popups are annoying :(
 

Attachments

  • hijackthis.log
    12.7 KB · Views: 6
I see that you have Symantec (Norton) installed. And also note that your MBAM log had removed may found entries.

I am not a great supporter of Norton Antivirus, how it basically does not protect.
I have written about this on many threads here. Just a google search on others thoughts will show my concerns.

Therefore, I would like to suggest that you remove this (basically useless) purchased product, and try Free Antivirus like Avast or Avira

Once Norton is removed (this can be an issue in itself!)
Install one of the (better) free Antivirus softwares, then run a full scan
It will be interesting to see what is then found and automatically halted (removed) by doing this
 
I'd recommend running Ad-Aware 2008 (click here to download from this site) Ad-Aware specifically targets CID popups. Another good one is AVG 8 (click here) AVG * is combination anti-virus, anti-spyware and anti-rootkit. Plus it's a lot smaller than Norton which can then remove. Overall, your computer should run faster with the Norton replaced with AVG.

Repost if you still have problems.

Best,
-- Andy
 
Support the comments on both Norton and AVG 8. Much of my time spent fixing user systems is removing one or the other of those two A/V programs. We now recommend Avira (over Avast). Both Avira and Avast have great resident protection and low overhead, but for system scans, Avast requires user interaction and Avira allows scheduled scans. Most home users just want their software to do it's job without them having to do much.

Recently I saw a technology report on Norton's latest release that claims they have fixed their bloatware problem. I am not convince but plan on testing on my testbed (with 30 day trial). When I have I shall post results to the appropriate forum.

It has been my experience that Norton misses more than it catches.

Also, there is a Norton removal tool if you find that you have problems after the normal removal process. You can download the removal tool here:

http://service1.symantec.com/SUPPOR...573460011fc9a?OpenDocument&seg=ag&lg=en&ct=us
 
Update the Java to v6u10 here: http://java.com/en/download/manual.jsp
You were heavily infected. Mbam removed MyWebSearch, PopCar and TrojanDownloader.
SAS found more. You need to have SAS remove all it found-including the numerous Tracking Cookies.

To reset the Cookies:
Internet Options (through Tools or Control Panel)> Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'allow first party Cookies'> CHECK 'BLOCK third party Cookie's> CHECK 'allow per session'> Apply> OK

Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
The following is most likely the source of the pop-ups:
O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\coal inside.exe
O4 - HKCU\..\Run: [SAVE PROC] C:\DOCUME~1\eric\APPLIC~1\SIGNBA~1\BITS AMOK.exe
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:.
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
All Viewpoint entries
Java v6u7 and any other Java EXCEPT v6u10.
PayPal
Start> Run> type in 'msconfig' witohout qupotes> Evter> Selective Startup> Startup tab> UNCHECK everthing except the antivirus program and firewall> Apply> OK.

Right click on Taskbar> Task Manager> Processes tab> highlkight each of the following, then End Task:
SBAMSvc.exe
MINIME.EXE
RBroker.exe

Start> Run> services.msc> right click on each of th following Services> Properties> Change the Startup type to Disabled:
Sunbelt VIPRE Antivirus Service
Viewpoint Manager Service

Reboot into Normal Mode. Run HijackThis again and post the new log.

We may have to run another program for cleaning, depending on the log.

Please do a Disc Cleanup: My Computer> Right click on Local Drive-usually C> Properties> click on Disc Cleanup and run it. DO NOT use System Restore. The programs can't clean malware in the restore points because they are protected files. We will drop them and create new clean restore point when through.
 
thanks for the help

I tried to follow everything to the par but some of the files when i went searching for them I could not find.



mainly the paypal broker that you wanted me to in hijack.


i am doing the diskclean now but this is the new log that i have from hijack


all the help is appreciated as my pc already seems a tad faster than before
 
This program is no longer showing:
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe

It appears that I left out one entry that needs to be removed:
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
The toolbar is called Sweetie IM. While this is not considered malware, it does leave you with an avenue for ads and tracking cookies: http://www.sweetim.com/about_overview.asp
I had this all written out and must have cut it off of the screen I was working on.

This hasn't been done:
[Update the Java to v6u10 here: http://java.com/en/download/manual.jsp[/quote]
And the entries for the earlier versions remain and should be removed.

If you had done this, you should be more that a 'tad' faster:
Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK everything except the antivirus program and firewall> Apply> OK.

You have an enormous number of processes loading on boot- when these are stopped, you should note a big improvement in load time, surf time and shutdown time.

You have 5 IM programs loading at Startup> these will take resources as all will run in the background:
SWEETIM> enhancement for MSN Messenger
MySpaceIM
AIM
Yahoo Messenger
Windows Messenger

So if speed is an issue, you need to take as much as indicated which was all except AV and firewall, off of Startup.
 
Are you still getting the popups? If so, have you tried Ad-Aware 2008? You can find it in the Donwloads section at this site.

-- Andy
 
Are you still getting the popups? If so, have you tried Ad-Aware 2008? You can find it in the Donwloads section at this site.
We are in the process of an organized cleaning program. I would appreciate it if you would restrain from recommending other program. If we can't solve this, other programs may be needed. However, AdAware wouldn't be one I'd suggest.
 
Bobbye, this is an open forum and anyone can contribute his/her recommendations. It's up to the originator to decide whose advice to follow. You seem to insist that it must be yours or the TS guideline. That's not an "open forum" attitude. If you can't understand that, you're in the wrong place.

Ad-Aware is a highly rated anti-spyware program. It specifically targets Adware, the type of spyware pedigree is reporting. Not only that, Ad-Aware is available for download at this very site! Obviously, I'm not ranting nonsense.

Pedigree, I suggest trying Ad-Aware at this point.

-- Andy
 
CID popups have a history of being tricky to fix. Ad-aware in this case is definitely not sufficient to eradicate the problem.

If you do a search on this forum as well as google other malware removal forums you'll find that several users who have attempted to use Ad-aware to fix a CID infection have failed. That is why they turn to the malware removal forum approach which uses HijackThis for diagnostics of the system. It is not a trial-and-error approach, but rather a standard focused approach in a large majority of online communities.
 
Status
Not open for further replies.
Back