We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
CID: Pop ups
Shazza1976
Posts: 90 Forumite
in Techie Stuff
Does anyone else get these pop ups :mad:
How can i stop them? i have all my pop up blockers turned on
Thanks
How can i stop them? i have all my pop up blockers turned on
Thanks
0
Comments
-
You are most likely infected with LOP aka C2Media aka CiD.
Lop is an advertising program that uses odd names like "FunkObjSeek.exe" or "Kind style third.exe" or "camp seek.exe", it injects code into internet explorer, shows popup ads (often for non-legitimate products/programs), uses a number of ways to automatically reinstall, aggressively fights removal, and automatically updates.
Download nolop from here …..
http://www.spywareedge.net/nolop/NoLop.exe
save anything you are working on and prepare for a possible reboot …..
run nolop.exe…..
click the button "search and destroy"…..
when it's done it will prompt you to reboot if you are infected …..
click the "reboot" button.
Post the log which is saved to c:\nolop.log.
**********************************
Next download ComboFix (either location will do) >
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Double click combofix.exe & follow the prompts.
Note >> Do not mouseclick combofix's window while it's running. That may cause it to stall.
When finished, it will produce a log for you. The report is called ComboFix.txt.
Post that log in your next reply along with the nolop log AND an update on how the computer is operating now.
[FONT="]PCH[/FONT]0 -
Hmm ....Nolop + Combofix usually does the job.
When you say "nothing was found" are you saying that you are still getting the CiD pop ups? Did NoLop say that it found No infected files?
************
Clean your temp folder, recycle bin, etc. with Ccleaner and run it on the default options ..........
http://www.ccleaner.com
Install Options:
Don't install any Toolbars, or other programs, should it ask you.
Just uncheck the option of installing the Yahoo toolbar.
************
Please download and install Superantispyware here ….
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
- Load SUPERAntiSpyware and click the Check for Updates button.
- Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.- Open SUPERAntiSpyware and click the Scan your Computer button.
- Check Perform Complete Scan and then click Next.
- SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
- Make sure that they all have a check next to them, and then click Next.
- Click Finish and you will be taken back to the main interface.
- It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
- I'll need a log afterwards of what has been found.
- To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
- Please post the results of the SUPERAntiSpyware log in your next reply.
************
If this doesn’t succeed in fixing the problem download a self-extracting copy of HijackThis from here …….
http://downloads.malwareremoval.com/hijackthis_sfx.exe
Save it to your Desktop.
Double-click on the hijackthis_sfx.exe file and it will self-extract into its own folder ……
C:\Program Files\HijackThis
Go to this folder and run the hijackthis.exe file.
From the menu click on "Do a system scan and save a logfile".
Copy and paste both the Superantispyware scan report and the HJT logfile to this thread. More specific removal instructions will follow for any malware revealed.
PCH0 -
Very helpful reply.
I had these, only when my daughter browsed the net with IE.
I use firefox on my side of the pc.
I could not stop the cid pop ups so I disabled IE and removed short cuts to it.
So my daughter only uses firefox now and all is ok.
No pop ups.0 -
Oops I've edited this post!0
-
Cargo,
The software is probably still running in the background.
Go to Add/Remove Programs in your Windows Control Panel and click Remove on:
Messenger Plus! Live & Sponsor (CiD) (if you got Lop through a Messenger Plus! installation)
You'll be asked if you want to uninstall the full program or just the sponsor program (CiD).
Choose the sponsor program only if you want to just remove the adware. Alternatively, if you want to stick two fingers up to the developer of Messenger Plus and completely withdraw your support for a program that includes a trojan by default, uninstall both!!0 -
I had the same problem and followed all the steps. Here's my log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/28/2007 at 11:08 PM
Application Version : 3.9.1008
Core Rules Database Version : 3275
Trace Rules Database Version: 1286
Scan type : Complete Scan
Total Scan Time : 00:50:12
Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 6877
Registry threats detected : 0
File items scanned : 93202
File threats detected : 18
Adware.Tracking Cookie
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@fastclick[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@azoogleads[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@www.clash-media[2].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@zedo[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@adrevolver[1].txt
C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Cookies\glen@azjmp[1].txt
Adware.Lop-Variant
C:\PROGRAMDATA\BOWS TRANS AXIS MEOW\LIES SAFE VIEW.EXE
C:\PROGRAMDATA\MEOW INTRA BAIT FACE\TITLE STUPID.EXE
C:\PROGRAMDATA\MESS HOLD MIX\EKBDABHU.EXE
C:\PROGRAMDATA\MESS HOLD MIX\GRIMSITEMEAL.EXE
C:\USERS\ALL USERS\BOWS TRANS AXIS MEOW\LIES SAFE VIEW.EXE
C:\USERS\ALL USERS\MEOW INTRA BAIT FACE\TITLE STUPID.EXE
C:\USERS\ALL USERS\MESS HOLD MIX\EKBDABHU.EXE
C:\USERS\ALL USERS\MESS HOLD MIX\GRIMSITEMEAL.EXE
C:\Windows\Prefetch\EKBDABHU.EXE-7656073A.pf
C:\Windows\Prefetch\GRIMSITEMEAL.EXE-A6E4C9F3.pf
C:\Windows\Prefetch\LIES SAFE VIEW.EXE-DFBA13CC.pf
C:\Windows\Prefetch\TITLE STUPID.EXE-A9980921.pf
Now what?0 -
Alfonso_Skinarelli wrote: »Cargo,
The software is probably still running in the background.
Go to Add/Remove Programs in your Windows Control Panel and click Remove on:
Messenger Plus! Live & Sponsor (CiD) (if you got Lop through a Messenger Plus! installation)
You'll be asked if you want to uninstall the full program or just the sponsor program (CiD).
Choose the sponsor program only if you want to just remove the adware. Alternatively, if you want to stick two fingers up to the developer of Messenger Plus and completely withdraw your support for a program that includes a trojan by default, uninstall both!!
It just says Windows live messanger in add and remove list.0 -
DO NOT HIJACK THREADS.
cargo & Shadowolf19 please start your own new topics in this forum. Even though you may have similar problems you need to start you own disucssion.
Shazza1976 .... what's happening with your troubles?
PCH0 -
what's the point of starting a new thread when I have the same problems as him?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards