CIA Removal: Remove CIA Forever
Let our support team solve your problem with CIA and repair CIA right now!
Leave the detailed description of your CIA problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix CIA problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete CIA problem removal solution.
Describe your problem here and we'll contact you in several minutes:
Warning:
1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you CIA removal solution.
2) All fields of this form are obligatory.
Threat's profile
|
Name of the threat: CIA |
| Command or file name: 0895ee42.exe |
| Threat type: Rat |
| Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista) |
CIA intrusion method
CIA copies its file(s) to your hard disk. Its typical file name is 0895ee42.exe. Then it creates new startup key with name CIA and value 0895ee42.exe. You can also find it in your processes list with name 0895ee42.exe or CIA.
If you have further questions about CIA, please fill in the form above and we'll contact you shortly.
» Download program to remove CIA (CIA Removal Tool)
Recommended Solution
If you are not sure what to delete, use our award winning program - CIA Removal Tool.
CIA Removal Tool will find and fully remove CIA and all problems associated with CIA virus.
Fast, easy, and handy, CIA Removal Tool protects your computer against CIA that does harm to your computer and breaks your privacy. CIA Removal Tool scans your hard disks and registry and destroys any manifestation of CIA. Standard anti-virus software can do nothing against malicious programs like CIA. Remove CIA straight away!
» Download CIA Removal Tool now for free
How to fix CIA
This problem can be solved manually by deleting all registry keys and files connected with CIA, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by CIA.
To get rid of CIA, you should:
1. Kill the following processes and delete the appropriate files:
• 3ec8d1fb.exe
• 45534355.exe
• 462ac4c3.exe
• about skins.txt
• add.php
• anonying shit.txt
• apple mac.skn
• c..i.a 1.2 tutorial.doc
• c.i.a blue.skn
• c0mmand.com
• cia 1.22 tutorial.doc
• ciaadvanced.skn
• cjpg.dll
• ckl009.dat
• copy of webcam pic.exe
• cpass.dll
• Cruel-Intentionz.exe
• default.ssd
• dial32.com
• editor.ini
• huge kill list.txt
• icq2003decrypt.dll
• list.cgi
• log.cgi
• matrix.skn
• msn6.cip
• notice.txt
• okl.okl
• okl445.dat
• passdevil.skn
• plugins notice.txt
• pspv.cip
• pspv.dll
• q1mo912twd.ini
• ri.ocx
• server builder.exe
• server_unpacked.exe
• server_upx.exe
• stop.bat
• stub notice.txt
• stub.stb
• the matrix.skn
• tz's pager.skn
• vbwudlhp+b}f
• windows utilities.txt
• winiogon.exe
• wsock32.sys
• yah5.cip
• ~df91ab.tmp
• ~dfd3b2.tmp
Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use CIA Removal Tool for safe problem solution.
2. Delete the following malicious folders:
• C:\Documents and Settings\User\Desktop\cia_crack\stub\
• C:\Documents and Settings\User\Desktop\cia_crack\
3. Delete the following malicious registry entries and\or values:
• Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0
• Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\FLAGS
• Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\0\win32
• Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\HELPDIR
• Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}
• Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid
• Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid32
• Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\TypeLib Value: Version
• Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}
• Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\ProgID
• Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\InprocServer32 Value: ThreadingModel
• Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\TypeLib
• Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\VERSION
• Key: N.Cs4
• Key: N.Cs4\Clsid
• Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0
• Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\FLAGS
• Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\0\win32
• Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\HELPDIR
• Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}
• Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\ProxyStubClsid
• Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\ProxyStubClsid32
• Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\TypeLib Value: Version
• Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}
• Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\ProgID
• Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\InprocServer32
• Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\TypeLib
• Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\VERSION
• Key: CIAPASS.Class1
• Key: CIAPASS.Class1\Clsid
• Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0
• Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\FLAGS
• Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\0\win32
• Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\HELPDIR
• Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}
• Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid
• Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid32
• Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\TypeLib Value: Version
• Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}
• Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid
• Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid32
• Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\TypeLib Value: Version
• Key: CLSID\{68F45446-3569-11D7-90A8-00E0297F0885}
• Key: CLSID\{68F45446-3569-11D7-90A8-00E0297F0885}\InprocServer32
• Key: REPLACEICONX.ReplaceIconCtrl.1
• Key: REPLACEICONX.ReplaceIconCtrl.1\CLSID
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\ProgID
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\InprocServer32 Value: ThreadingModel
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\ToolboxBitmap32
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\MiscStatus
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\MiscStatus\1
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\Control
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\TypeLib
• Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\Version
• Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0
• Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\FLAGS
• Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\0\win32
• Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\HELPDIR
• Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}
• Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\ProxyStubClsid
• Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\ProxyStubClsid32
• Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\TypeLib Value: Version
• Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}
• Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\ProgID
• Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\InprocServer32
• Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\TypeLib
• Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\Version
• Key: software\microsoft\windows nt\currentversion\windows\run Value: runtime process
• Key: Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList Value: a
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon Value: shell
Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use CIA Removal Tool for safe problem solution.
Here are the descriptions of problems connected with CIA and 0895ee42.exe we received earlier:
HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid
Problem Summary: HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid
i tried using tuneup 1 click maintainance.. and i cant correct this problem after scanning.. HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid\r\n\r\nwhat is this???
Our support has contacted the author of this message, Michael Salazar, and helped to solve his problem.
HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid
Problem Summary: HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid
i tried using tuneup 1 click maintainance.. and i cant correct this problem after scanning.. HKEY_CLASSES_ROOT\\Interface\\{C0282E26-E060-44c9-B0FF-1AC71180D653}\\ProxyStubClsid\r\n\r\nwhat is this???
Our support has contacted the author of this message, Michael Salazar, and helped to solve his problem.
Next threat: Clandestine »
Learn more about CIA and 0895ee42.exe »
« Back to catalog
Solution: 921
|