My computer was recently infected with a virus, which Avast Antivirus detected and appeared to successfully remove. Now whenever I use the internet, pop-up windows appear with the prefix “CiD”. These advertise a range of items, such as gambling and MP3 players. Running Ad-Aware SE Personal, Spybot Search and Destroy, and Windows Defender do not detect anything wrong with the computer, and they are all up-to-date with the latest definition files. How can I remove the spyware? On a related point, the computer will no longer boot into Safe Mode using the method you have described in previous columns (i.e. when the Windows splash screen appears, tap the F8 key until the computer loads into Safe Mode). Can you advise how I can get the computer to load into Safe Mode, as I would like to attempt to remove the spyware through this mode. The computer is running Windows XP.

The first step in resolving this problem is to conduct the spyware scans through Windows Safe Mode. That said, it is unlikely this will resolve the problem since in most cases the threats will be detected through Normal mode, but can’t be removed (as the files may be in use) necessitating the need for a Safe Mode scan. In your case, the threats are not even being detected through Windows Normal mode, indicating the likelihood that the threats will likely not be detected through Safe Mode either. However, this is still worth a go. You have mentioned that the instructions I provided in previous columns to boot into Safe Mode do not work on your computer. From the description you have provided of the process, it seems you may have the steps out of sequence. To boot into Safe Mode, you need to start tapping the F8 key before the Windows splash screen appears (i.e. in the few seconds between the end of the power-on self-test and the appearance of the Windows splash screen). If you start tapping F8 after the splash screen appears Windows has already commenced booting into Normal mode, so this is too late. Assuming that the computer has caught the F8 key being pressed, a boot menu should appear. In the boot menu, select “Safe Mode” and press ENTER. The computer will then commence booting into Safe Mode. Once in Safe Mode, try scanning the computer with the antispyware tools.

In the likely scenario that the tools do not detect any threats, we could try using a different approach. From researching the CiB spyware, it seems that this is a symptom of the Adware.Lop browser hijacker, which causes pop-up advertisements to appear in the web browser. Adware.Lop is most often installed on computers if the Messenger Plus! Live program has been installed. This program provides additional features to Windows/MSN Messenger, but also comes bundled with this adware. However, you may be interested to hear, that during installation you are prompted as to whether you would like to install this “feature” with the software, therefore making the installation consensual. In any case, you should check whether this software is installed since you can remove the adware component of the software. Go to the “Start” menu > “Control Panel” and open the ?Add/Remove Programs? control panel. In the window that appears, look through the list of installed programs for an item titled “Messenger Plus! Live & Sponsor”. Select this entry and then click the button to open the installation wizard. Within the wizard, you have the option to either uninstall the entire program or just the sponsor component. If you still need to use the main functions of the program, just uninstall the sponsor component. However, if you don’t use the program then you should be able to safely uninstall the entire program.

Should you not have Messenger Plus! Live installed on the computer, it seems that the adware infection came from another source. The next step is to complete a full virus scan of the computer using your preferred virus scanning software. While the Adware.Lop is not strictly a virus, many virus scanning products can detect and remove such adware. If you don’t already have an antivirus program installed, try AVG Anti-Virus Free Edition (free.grisoft.com).

If the antivirus scanner does not detect the adware, or is unable to remove the threat, then this presents a major issue since none of the automated utilities have been able to identify, let alone remove the adware. In this situation, it seems that the adware is deeply integrated into the system and would be difficult to remove. Therefore, as hesitant as I am to suggest this drastic move, it seems the only option which will guarantee the removal of the adware is to attempt a clean reinstallation of Windows from scratch. This will require you to backup all your important data, as you will lose all your data in the process, and then reinstall Windows from the original CD. During this process the hard drive will be formatted (all data deleted) allowing you to complete a fresh installation of Windows which should not suffer from the infection with the adware.