A friend sent a file so I thought it was safe but it asked me to download ilivid and it’s a virus or potential virus. How can I remove this program before it starts doing damage infecting my computer?
thanks
A friend sent a file so I thought it was safe but it asked me to download ilivid and it’s a virus or potential virus. How can I remove this program before it starts doing damage infecting my computer?
thanks
where do you have the file?
did anything (avast) detect it as malware?
if you have saved it to your computer…upload the file to www.virustotal.com and test with 40+ malware scanners
post the link to the scan result here
hi stummies0,
Receiving a file is not the same as opening and running it on your system.
If Avast! alerted when opened, and you chose quarantine to the virus chest, you should be ok. Quarantining removes the file from your system and puts it in an isolated area where it can do no harm.
Did you run an on-demand scan by Avast! before you opened it to see if it was clean? Virus Total dot com is an useful tool for situations such as this one.
The file itself exceeds the 32MB limit so unable to check on virustotal.com. I’m not as worried about the file itself more the program called ilivid which I downloaded in order to receive/hear the file. I did some research on ilivid after the fact because I noticed that it already changed my homepage and search engine functions automatically. So I want to remove that program.
Here’s some research I found on ilivid on some site called 2-viruses.com
What is ILivid?
iLivid is one more browser toolbar that can be installed to most of the browsers. It redirects computer users to iLivid.com despite what website they wanted to visit. Ilivid vimodifies your browser settings, it expands your bookmark list with various unknown websites that you never included to your favorites and changes your homepage to iLivid.com. This is not only annoying but it also leads to more serious problems.
Basically, Ilivid attempts to collect information about your activity on the Internet and send it to various marketing companies that need this data for their personal reasons or straight to computer hackers who can later try to get some profit by using your passwords, data of bank accounts, etc. As you understand, this is violation of your privacy and for this reason iLivid redirect must be removed. Unfortunately, it is not that easy to remove iLivid as you would think first. Most of the toolbars can be removed using uninstall tool that comes provided during the installation. However, the problem is that Ilivid toolbar changes the search provider settings which are not removed through uninstall process. And in some software bundles, the uninstaller does not work properly at all. This causes lots of headaches for PC user.
Downloading the ilivid program hasn’t caused any problems YET that I noticed so I’m trying to prevent it from infecting my computer if it hasn’t already started to do that. I’ve rebooted in safe mode with networking options so far but not sure what to do next.
if you are not able to uninstall remove it…
follow this guide and attach the logs…not copy and paste
http://forum.avast.com/index.php?topic=53253.0
AdwCleaner
Malwarebytes
OTL
aswMBR
Adw Cleaner and MBAM logs attached. OTL and aswMBR to follow.
you did not update Malwarebytes before you scanned…always click the update button before you start a scan
OBS: no need to attach new log if nothing is detected
Oh okay I’ll make note of that. Attached is the last MBAM log after I ran the quick scan. I clicked on the detected items and had them removed and it rebooted the system. OTL and aswMBR logs attached as well.
Let me know if this kills it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
[2012/11/13 12:24:56 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2004/08/04 04:00:00 | 000,004,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\gkvaezkawz@gkvaezkawz.org.xpi
[2012/11/13 12:20:56 | 000,530,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/11/13 12:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Processes killed report after the reboot attached along with the OTL quick scan report. I think it killed it but don’t know for sure.
I can see no remains at this time, how is the computer behaving ?
It seems to be running smoothly and the redirect home page/search engine issue is gone now. Would you advise holding off on accessing personal accounts with passwords for a while though?
Not really as this type of malware is more interested in getting you redirected to their search engine than anything else
If all is well tomorrow let me know and I will tidy up
Everything is working fine so far thanks so much for all your help
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2012/09/22 12:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daryl Lee\Application Data\blekko [2012/11/13 12:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daryl Lee\Application Data\ilividtoolbarguid:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe