Author Topic: ilivid removal  (Read 4277 times)

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
ilivid removal
« on: November 14, 2012, 12:24:24 PM »
A friend sent a file so I thought it was safe but it asked me to download ilivid and it's a virus or potential virus.  How can I remove this program before it starts doing damage infecting my computer? 

thanks

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: ilivid removal
« Reply #1 on: November 14, 2012, 12:33:53 PM »
where do you have the file?
did anything (avast)  detect it as malware?

if you have saved it to your computer.....upload the file to  www.virustotal.com  and test with 40+ malware scanners

post the link to the scan result here
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2176
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: ilivid removal
« Reply #2 on: November 14, 2012, 12:36:22 PM »
A friend sent a file so I thought it was safe but it asked me to download ilivid and it's a virus or potential virus.  How can I remove this program before it starts doing damage infecting my computer? 

thanks
hi stummies0,

Receiving a file is not the same as opening and running it on your system. 

If Avast! alerted when opened, and you chose quarantine to the virus chest, you should be ok.  Quarantining removes the file from your system and puts it in an isolated area where it can do no harm.

Did you run an on-demand scan by Avast! before you opened it to see if it was clean?  Virus Total dot com is an useful tool for situations such as this one.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #3 on: November 15, 2012, 02:57:10 PM »
The file itself exceeds the 32MB limit so unable to check on virustotal.com.  I'm not as worried about the file itself more the program called ilivid which I downloaded in order to receive/hear the file.  I did some research on ilivid after the fact because I noticed that it already changed my homepage and search engine functions automatically.  So I want to remove that program. 

Here's some research I found on ilivid on some site called 2-viruses.com

What is ILivid?

iLivid is one more browser toolbar that can be installed to most of the browsers. It redirects computer users to iLivid.com despite what website they wanted to visit. Ilivid vimodifies your browser settings, it expands your bookmark list with various unknown websites that you never included to your favorites and changes your homepage to iLivid.com. This is not only annoying but it also leads to more serious problems.

Basically, Ilivid attempts to collect information about your activity on the Internet and send it to various marketing companies that need this data for their personal reasons or straight to computer hackers who can later try to get some profit by using your passwords, data of bank accounts, etc. As you understand, this is violation of your privacy and for this reason iLivid redirect must be removed. Unfortunately, it is not that easy to remove iLivid as you would think first. Most of the toolbars can be removed using uninstall tool that comes provided during the installation. However, the problem is that Ilivid toolbar changes the search provider settings which are not removed through uninstall process. And in some software bundles, the uninstaller does not work properly at all. This causes lots of headaches for PC user.

Downloading the ilivid program hasn't caused any problems YET that I noticed so I'm trying to prevent it from infecting my computer if it hasn't already started to do that.  I've rebooted in safe mode with networking options so far but not sure what to do next. 

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: ilivid removal
« Reply #4 on: November 15, 2012, 03:07:38 PM »
if you are not able to uninstall remove it...

follow this guide and attach the logs.....not copy and paste
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #5 on: November 15, 2012, 04:02:22 PM »
Adw Cleaner and MBAM logs attached.  OTL and aswMBR to follow. 

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: ilivid removal
« Reply #6 on: November 15, 2012, 04:42:09 PM »
you did not update Malwarebytes before you scanned....always click the update button before you start a scan
OBS: no need to attach new log if nothing is detected

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #7 on: November 15, 2012, 05:58:22 PM »
Oh okay I'll make note of that.   Attached is the last MBAM log after I ran the quick scan.  I clicked on the detected items and had them removed and it rebooted the system.  OTL and aswMBR logs attached as well. 

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: ilivid removal
« Reply #8 on: November 15, 2012, 06:19:21 PM »
Let me know if this kills it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
[2012/11/13 12:24:56 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2004/08/04 04:00:00 | 000,004,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\gkvaezkawz@gkvaezkawz.org.xpi
[2012/11/13 12:20:56 | 000,530,679 | ---- | M] () (No name found) -- C:\Documents and Settings\Daryl Lee\Application Data\Mozilla\Firefox\Profiles\020zh7lu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-1580818891-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/11/13 12:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #9 on: November 15, 2012, 07:00:36 PM »
Processes killed report after the reboot attached along with the OTL quick scan report.  I think it killed it but don't know for sure.
 

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: ilivid removal
« Reply #10 on: November 15, 2012, 07:03:15 PM »
I can see no remains at this time, how is the computer behaving ?

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #11 on: November 15, 2012, 07:29:31 PM »
It seems to be running smoothly and the redirect home page/search engine issue is gone now.  Would you advise holding off on accessing personal accounts with passwords for a while though?

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: ilivid removal
« Reply #12 on: November 15, 2012, 09:22:19 PM »
Not really as this type of malware is more interested in getting you redirected to their search engine than anything else

If all is well tomorrow let me know and I will tidy up

Offline stummies0

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: ilivid removal
« Reply #13 on: November 16, 2012, 06:16:06 PM »
Everything is working fine so far thanks so much for all your help :)

Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: ilivid removal
« Reply #14 on: November 16, 2012, 06:20:38 PM »
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    [2012/09/22 12:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daryl Lee\Application Data\blekko
    [2012/11/13 12:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daryl Lee\Application Data\ilividtoolbarguid

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now