Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have The Cid Virus, How Can I Get Rid Of It


  • Please log in to reply
13 replies to this topic

#1 Matt.Ham

Matt.Ham

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 September 2008 - 10:07 AM

I have pop ups appearing on my laptop which start with CiD and then bring up adverts.

It is really annoying, can someone please help me get rid of it.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:54 AM

Posted 06 September 2008 - 03:27 PM

Hello and welcome. Need to know a couple of things to proceed.
Is this an XP PC or another system?
THe Antivirus and spyware tools installed.
Is Messenger Plus! installed?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Matt.Ham

Matt.Ham
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 07 September 2008 - 08:32 AM

Hi,

Thanks for the reply. I currently have Windows XP. I have a free AVRIA antivirus installed but have just purchased Kaspersky Complete Protection 2009 but have not installed it yet. I don't have Messenger Plus Installed

Thanks

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:54 AM

Posted 07 September 2008 - 10:33 AM

Wait on installing any of the Kasp. suite till you are clean and then make sure that avira is completely uninstalled

http://www.bleepingcomputer.com/forums/ind...st&p=935289

Would you run a scan with MBAM and post the log please
Chewy

No. Try not. Do... or do not. There is no try.

#5 Matt.Ham

Matt.Ham
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 07 September 2008 - 04:03 PM

Malwarebytes' Anti-Malware 1.26
Thanks,

Here is the log:-


Database version: 1125
Windows 5.1.2600 Service Pack 3

07/09/2008 22:01:48
mbam-log-2008-09-07 (22-01-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116337
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware353 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware353\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware353\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\RecipeSearch_Foreign (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Recipes_Foreign (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\recipes.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\recipes.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\recipes_foreign_feed.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\recipes_foreign_feed.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware353\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Recipes_Foreign\Recipes_ForeignOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\Recipes_Foreign\Recipes_ForeignOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Starware353\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:54 AM

Posted 07 September 2008 - 05:08 PM

Do you have an entry in add/remove programs for that starware suite?

Whatever you installed seemed to be part of that
Chewy

No. Try not. Do... or do not. There is no try.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:54 AM

Posted 07 September 2008 - 06:45 PM

Also do this ...

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media


Be sure to reboot when done.

Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
  • First close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled "Search and Destroy"
    <>
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the "REBOOT" button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log in your next reply.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Matt.Ham

Matt.Ham
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 08 September 2008 - 11:57 AM

I have checked the add/remove programs and do not have any of the following

Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media

and I can not find anything to do with Starware


Here is the result of the log:

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Program Files\AOL 9.0\download
[08/09/2008]
[17:49:46]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\All Users\Application Data\Avira
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Faxctr
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Long Slow Road Itch
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Paretologic
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Macromedia
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
C:\Documents and Settings\Localservice\Application Data\Adobe
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Matt\Application Data\Adobe
C:\Documents and Settings\Matt\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Matt\Application Data\Ahead
C:\Documents and Settings\Matt\Application Data\Aol
C:\Documents and Settings\Matt\Application Data\Apple Computer
C:\Documents and Settings\Matt\Application Data\Debug Log Love
C:\Documents and Settings\Matt\Application Data\Download Manager -- EMPTY Directory
C:\Documents and Settings\Matt\Application Data\Faxctr
C:\Documents and Settings\Matt\Application Data\Garmin
C:\Documents and Settings\Matt\Application Data\Google
C:\Documents and Settings\Matt\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Matt\Application Data\Identities
C:\Documents and Settings\Matt\Application Data\Legalsounds
C:\Documents and Settings\Matt\Application Data\Limewire
C:\Documents and Settings\Matt\Application Data\Macromedia
C:\Documents and Settings\Matt\Application Data\Malwarebytes
C:\Documents and Settings\Matt\Application Data\Microsoft
C:\Documents and Settings\Matt\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Matt\Application Data\Paretologic
C:\Documents and Settings\Matt\Application Data\Skype
C:\Documents and Settings\Matt\Application Data\Skypepm
C:\Documents and Settings\Matt\Application Data\Sports Interactive
C:\Documents and Settings\Matt\Application Data\Sun
C:\Documents and Settings\Matt\Application Data\Toshiba
C:\Documents and Settings\Matt\Application Data\Windows Desktop Search
C:\Documents and Settings\Matt\Application Data\Yahoo!
C:\Documents and Settings\Matt\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Sobia\Application Data\Adobe
C:\Documents and Settings\Sobia\Application Data\Adobeum
C:\Documents and Settings\Sobia\Application Data\Aol
C:\Documents and Settings\Sobia\Application Data\Apple Computer
C:\Documents and Settings\Sobia\Application Data\Faxctr
C:\Documents and Settings\Sobia\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Sobia\Application Data\Identities
C:\Documents and Settings\Sobia\Application Data\Macromedia
C:\Documents and Settings\Sobia\Application Data\Microsoft
C:\Documents and Settings\Sobia\Application Data\Sun
C:\Documents and Settings\Sobia\Application Data\Toshiba
C:\Documents and Settings\Sobia\Application Data\Windows Desktop Search

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:54 AM

Posted 08 September 2008 - 01:46 PM

Once you've done, you will need to reboot your computer and go back to the "Add/Remove Programs" to check whether the Starware program is still present. In most cases, it won't but if you accidentally activated some programs that may still have the Starware traces within them, the Starware may reinstalled by itself.


Starware is an advertising supported executable program that is usually installed without user consent or knowledge


http://www.lycos.com/info/starware.html
Chewy

No. Try not. Do... or do not. There is no try.

#10 Matt.Ham

Matt.Ham
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 08 September 2008 - 04:14 PM

Thanks for the link Chewy.

I downloaded STOPzilla and did a full scan. It picked up three infections. One worm to do with autorun and two other adware programs. I have removed these. Is my computer now clear, as i have performed another scan and it hasn't picked anything up.

I now have the Kaspersky Complete Protection 2009 to install. I obviously need to take the free AVRIA antivirus out before I install it. Do i need to also take the STOPzilla out and download it again if & when i need it, as it cost me 10 to remove the viruses or can it run alongside??

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:54 AM

Posted 08 September 2008 - 06:40 PM

I would pass on Kasp's suite unless I paid for it, if stopzilla and kasp were paid versions I would probably disable stopzilla

I wish people would ask me before spending their money

avira pro is one of the top 3 programs

avira free plus winpatrol plus comodo free is also a good combination

Kasp does have one of the best detection engines running
Chewy

No. Try not. Do... or do not. There is no try.

#12 buddy215

buddy215

  • BC Advisor
  • 12,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:54 PM

Posted 08 September 2008 - 07:54 PM

Stopzilla is NOT a good program. It baits you into purchasing with false information. Most consider it a rogue product.
You will have difficulty uninstalling it. Should of asked BEFORE installing the program.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 Matt.Ham

Matt.Ham
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 09 September 2008 - 02:27 PM

I have got rid of the STOPzilla but now can't get rid of an antivirus called AVG. Any suggestions as it does not appear on the add/remove list

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:54 AM

Posted 09 September 2008 - 03:38 PM

AVG free comes with an un-installer. Go to Start, All Programs, hover your cursor over AVG and the un-installer will appear. Run this to un-install the software. Do not use the Add/Remove programs.


wiki answers?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users