CEIDPageLock

What is CEIDPageLock?

CEIDPageLock falls both under the rootkit and browser hijacker classifications. Currently, it is spread among users from China, but it is possible users from other countries could receive it too. According to our specialists at Anti-spyware-101.com the threat might keep redirecting its victims to a malicious website pretending to be 2345.com, which is a legitimate website. If the user ends up searching the Internet through the fake malware’s site, he could come across potentially dangerous advertising content. Also, it is possible the site may track users and collect information like websites the user visits, purchased goods, etc. The malicious application itself might use such data or it could be sold to other interested parties. Needless to say, the safest option would be to erase CEIDPageLock before anything goes wrong. Slightly below the article, you will find instructions explaining how to remove the malware manually, although if you wish to know this threat better, you should read the article first.

Where does CEIDPageLock come from?

It seems CEIDPageLock infects the system with the help of exploit kits. Therefore, what we recommend is being extra careful when interacting with questionable content found on the Internet. For instance, it would be smart to avoid email attachments if they come from unknown senders or carry files you did not expect to receive. Same goes for pop-ups or other ads that may promote doubtful web pages or programs. Besides, users should try to strengthen their systems to make sure the malicious software would not find any weaknesses to exploit. To start with, it would be a good idea to update all tools that have newer versions, because doing so might remove weaknesses they could have. Next, users should update weak or compromised passwords. It may not be a pleasant task, but it is incredibly vital for increasing the computer’s security. Lastly, we recommend installing a legitimate antimalware tool. Just make sure it comes from reputable developers and can be trusted.

How does CEIDPageLock work?

After entering the system, CEIDPageLock should create a file named either ceid.sys or with a similar title in the %WINDIR%\Temp location. To be able to launch with each restart automatically the malicious application should also create a registry entry in the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services path. Once it completes these tasks, the user’s default browser should start loading 588.gychina.org every time it is launched. In other words, the rootkit hijacks the user’s browser.

The problem is the malware’s displayed site is malicious, and it should be an identical copy of a legitimate website known as 2345.com. In fact, it seems 588.gychina.org might be loaded whenever victims visit other popular Chinese websites like soho.com, maxhton.com, and so on. The reason it could be dangerous to interact with the malicious application’s website or use its search engine is it could contain harmful content or might show advertisements offering dangerous material. More than that there is a chance the malware could gather information about the user, and it might be able to disable some antivirus tools. Knowing this, we would advise removing CEIDPageLock as soon as you notice it on your system.

How to get rid of CEIDPageLock?

The rootkit can be erased in two ways. First of all, users could try to delete it manually by following the instructions available at the end of this paragraph. They will show how to boot into Safe Mode with Networking and how to get rid of files belonging to the threat. In case you do not think you can handle the task, you could download a legitimate antimalware tool instead and use it to eliminate CEIDPageLock.

Restart the system in Safe Mode with Networking

Windows 8/Windows 10

1. Tap the Power button after pressing Windows key+I.
2. Click and hold the Shift key; then pick Restart.
3. Pick Troubleshoot from the Advanced Options menu.
4. Select Startup Settings, tap Restart, then click the F5 key and restart the computer.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start and select the Shutdown options.
2. Select Restart, then tap and hold the F8 key as soon as the computer begins restarting.
3. Choose from Safe Mode or Safe Mode with Networking in the Advanced Boot Options window.
4. Press Enter and log on.

Remove CEIDPageLock

1. Tap Windows key+E.
2. Find this path: %WINDIR%\Temp
3. Locate a .sys file called ceid.sys or with a similar title; right-click it and choose Delete.
4. Leave File Explorer.
5. Click Windows key+R.
6. Insert Regedit and tap Enter.
7. Find this path: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services
8. Locate a key that has the same or a similar title to the mentioned .sys fine (ceid.sys); right-click it and tap Delete.
9. Exit Registry Editor.
10. Empty your Recycle bin.
11. Restart the computer again. Download Removal Tool100% FREE spyware scan and
    tested removal of CEIDPageLock*

Stop these CEIDPageLock Processes: