Home / Spyware Help / CEIDPageLock Removal Guide

CEIDPageLock Removal Guide

by 0 Comments

Do you know what CEIDPageLock is?

CEIDPageLock is quite an interesting piece of software. According to malware researchers, it can be called both a rootkit and a browser hijacker. It is called a rootkit because it uses deceptive tactics to stay on the affected computer. Speaking about the browser hijacker category, it hijacks users’ browsers soon after the successful entrance. Technically, it does not change browsers’ settings, but it forces them to load a certain page every time users launch them. Surfing the promoted page might result in security-related problems in no time because it is completely malicious even though it looks legitimate at first glance. We are sure experiencing problems is not what you dream about. Therefore, we highly recommend removing CEIDPageLock from the system. The sooner this threat is removed, the sooner you will be safe again. Removing serious malware is not a joke, so you should definitely read this report until the end to find out what you can do to eliminate it.

It seems that CEIDPageLock targets users living in China primarily. Unfortunately, users from other countries are not safe too and can encounter this threat if they keep their PCs unprotected. CEIDPageLock is no doubt one of those malicious applications that slither onto computers secretly. Of course, it does not mean that an ordinary user cannot find out about its successful entrance. One of the first signs showing that the entrance of CEIDPageLock was successful is a new page visible when the default browser is opened. Speaking specifically, you will see 588.gychina.org open automatically every time you launch the web browser you use. The website imitates 2345.com, which is a completely legitimate page, so not all the users hurry to remove it from their web browsers. We are not going to lie to you – doing nothing is the worst decision you can make because 588.gychina.org is far from being a legitimate website. Yes, it might look like an ordinary search provider at first glance, but it is not, believe us. Instead, it is a malicious website that might promote malicious software or contain links redirecting to shady websites.CEIDPageLock Removal GuideCEIDPageLock screenshot
Scroll down for full removal instructions

Specialists say that there are two ways how the developer of CEIDPageLock gets revenue. First, the author earns commissions for the number of users who end up using the search provider CEIDPageLock promotes. Second, specialists say that this malicious application might be used to collect information about users as well. Usually, data malware records is sold to other companies or might be used for advertising campaigns. Needless to say, the use of the collected information might result in privacy-related problems in no time.

What about the CEIDPageLock distribution? As has been observed by researchers, this malicious application is mainly distributed via exploit kits; however, it might be promoted in a different way as well, specialists say. Once the malicious application is executed, it drops a file into the %WINDIR%\Temp folder. Also, a Service for that file is created. The file’s name might differ, as research has shown, but it should come in the .sys format, for example, houzi.sys and Ceid.sys. Since the file is known to be a kernel-mode driver, its removal is quite complicated, but you could still delete it and thus disable CEIDPageLock after you boot into Safe Mode or Safe Mode with Networking. It is not a problem if you have never done that before and do not even know where to start – instructions provided below this article will help you.

It is possible to delete CEIDPageLock manually, but you will have to boot into Safe Mode first. Alternatively, you can boot into Safe Mode with Networking and then download an automated malware remover to delete CEIDPageLock from the system with. It is up to you which one of the two removal methods to employ, but please make sure you remove the malicious application fully.

Delete CEIDPageLock

How to boot into Safe Mode or Safe Mode with Networking

Windows XP/Windows Vista/ and Windows 7

  1. Restart your computer.
  2. Keep tapping F8 in 1-second intervals until the Advanced Boot Options menu shows up.
  3. Choose Safe Mode or Safe Mode with Networking using arrow keys on your keyboard.
  4. Press Enter.
  5. Delete the malicious application.

Windows 8/Windows 8.1

  1. Restart your computer.
  2. Click Power while holding the Shift key at the Windows login screen.
  3. Click Restart.
  4. When you see Choose an option, click Troubleshoot.
  5. Click Advanced options.
  6. Click Startup Settings.
  7. Click the Restart button.
  8. Press F4 (Safe Mode) or F5 (Safe Mode with Networking) on your keyboard.
  9. Go to delete malware from your PC.

Windows 10

  1. Click the Start button in the bottom-left corner and click Power.
  2. Hold the Shift key and click Restart.
  3. Click Troubleshoot.
  4. Select Advanced options.
  5. Click Startup Settings.
  6. Click Restart.
  7. Tap F4 (Safe Mode) or F5 (Safe Mode with Networking) on your keyboard.
  8. Erase CEIDPageLock.

How to delete CEIDPageLock

  1. Open Windows Explorer.
  2. Go to %WINDIR%\Temp.
  3. Locate the malicious .sys file (e.g. houzi.sys and Ceid.sys).
  4. Press Ctrl+Shift+Esc.
  5. Open Services.
  6. Right-click on the malicious Service (it will have the same name as the malicious file) and click Stop Service.
  7. Empty Recycle Bin.
  8. Restart your computer normally.

In non-techie terms:

CEIDPageLock is a new malicious application spotted by researchers quite recently. It does not pose a threat to users’ files or the system itself, but it is still a must to delete it because it will surely not do anything beneficial. It will only open the page it promotes automatically for users. Since that website is malicious, you might experience security and even privacy-related problems if you browse it and do nothing about the presence of malware on your computer.