Computer Hope
Software => Computer viruses and spyware => Topic started by: joda on November 26, 2013, 07:53:01 AM
-
Hi,
A Windows 7 Pro user was on YouTube, searching for Bentley (professional CAD systems) related video presentations and think that while being on YouTube got infected by iLivid. A Message now appears after every startup of the machine:
iLivid
Allow iLivid on firewall
Click ”Yes” on the User Account Control notification in your taskbar to continue using iLivid Download Manager.
It is not visible as installed in the Control Panel.
Do anyone here have a step by step manually removal procedure?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
Hello SuperDave, and thank you for your detailed welcome reply.
The reason that I specifically asked about a manually removal procedure is that I do not want to fill up the computer with a bunch of (unknown) software just to get rid of one. Yes, also; I am digitally paranoid.
There must be experts out there knowing what this software is doing to a system, hence knowing how to manually remove it from the Windows Registry (Windows 7 Pro). My hope is that some of these experts will see the challenge and respond on computerhope.com.
-
I do not want to fill up the computer with a bunch of (unknown) software just to get rid of one. Yes, also; I am digitally paranoid.
We will remove them when we're finished cleaning. All the tools I use are safe to use. If you don't run the scans and post the logs, I can't help you.
-
joda, Trust SuperDave. He really is good at what he does.
-
Finding time to download, install, scan and uninstall is not easy. Both the user and I are very busy. Today I had the chance to dig a little deeper and actually got rid of this message together with the iLivid software. No more annoying messages from iLivid.
I am aware of the risk that there still might be something else in there, related to when iLivid got in there the first time, so we will try to follow that up later on.
Here is how I removed the iLivid software from this Windows 7 computer. (For anyone trying or needing this, be aware that the users name should be exchanged where I have typed N A M E):
- Found the uninstaller file and managed to uninstall the software:
C:\Users\ N A M E \AppData\Local\iLivid\Uninstall.exe
- Searched the C-drive for iLivid and deleted the following found file:
C:\Users\ N A M E \AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile
- I also searched the registry for iLivid and found the following which I deleted:
HKEY_CLASSES_ROOT\.torrent
Name: (Standard)
Name: iLivid.torrent_backup
HKEY_CLASSES_ROOT\iLivid.torrent
HKEY_CLASSES_ROOT\Magnet\DefaultIcon
Name: (Standard)
HKEY_CLASSES_ROOT\Magnet\shell\open\command
Name: (Standard)
HKEY_CURRENT_USER\Software\iLivid\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
Name: (Standard)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice
Name: Progid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Name: iLivid
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\ N A M E \AppData\Local\iLivid
HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\ N A M E \AppData\Local\iLivid
-
Messing around in the Registry is a dangerous practice.