CEIDPageLock Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 587
Category: Browser Hijackers

If you ever notice that your web browser has started opening 588.gychina.org when you launch your browser, it means that CEIDPageLock has affected your computer. You will get redirected directly to this page if you open such popular websites as soho.com and maxhton.com as well. Some users do not consider these redirections a huge problem, but it is, believe us. The website promoted by CEIDPageLock is nothing else than a malicious page that might promote malicious software or redirect you further to other untrustworthy websites. Unfortunately, it is not that easy to get rid of 588.gychina.org. Resetting the web browser to its default settings will not have a desirable effect, we can promise you that, because this page is, technically, not set as a user’s default homepage. Instead, CEIDPageLock opens it automatically when the browser is launched. This means that you will experience redirections to this website every day until you delete this threat fully. Unfortunately, it is not that easy to erase it. Malware researchers have observed that this infection does not allow the system to reach antivirus software. Additionally, it uses deceptive tactics in order not to be removed from the computer by the user.

CEIDPageLock has both rootkit and browser hijacker features. It is not one of those malicious applications that ruin the operating system and make it impossible to use the computer. It only hijacks victims’ browsers to force them to open 588.gychina.org, which, at first glance, looks like a harmless website. Researchers say that this website mimics 2345.com, which is a completely legitimate page. Unfortunately, we cannot say the same about 588.gychina.org, as you have probably already understood. This website is known to be malicious, so frequent redirections to it might result in security-related problems. It is one of the reasons to remove CEIDPageLock ASAP. You should get rid of it also because it might automatically record browsing data and then sell it to third parties. Generally speaking, you will only push yourself into danger by keeping CEIDPageLock active on your computer.

Specialists say that CEIDPageLock targets Chinese users primarily. According to them, it does not mean that other users are safe – anyone can get infected with this malicious application. Its entrance is illegal, but it is hard not to notice its successful entrance – it opens a page it promotes automatically, as you should already know. This threat is mainly distributed via exploit kits, but other methods of distribution might be adopted to promote it as well. Users might download this infection from the web as well. Once executed, it places a file in the %WINDIR%\Temp folder. It also creates a Service for this file – it works as a point of execution. It seems that the file’s name might differ, but it should come in the .sys format, specialists say. Speaking about the Service the malicious application creates, it should have the same name as the file dropped. CEIDPageLock has one file and one Service, but it does not mean that it is an easy task to delete this infection from the system. The file is extremely hard to erase because it is nothing else than a kernel-mode driver. As a consequence, you will have to boot into Safe Mode or Safe Mode with Networking to get rid of CEIDPageLock. It will not be easy, but it is worth erasing this infection from the system, believe us.

You will continue seeing the malicious page 588.gychina.org when you open your browser if you ignore the fact that CEIDPageLock is installed on your computer. Without a doubt, this is not what we expect users to do. We highly recommend deleting this infection ASAP because its presence might result in security-related problems and even have a negative impact on your privacy. As mentioned, you will have to boot into Safe Mode/Safe Mode with Networking first to be able to erase CEIDPageLock. Once your PC is running in Safe Mode, you could decide whether to erase it manually or acquire an antimalware tool to take care of it automatically. The ordinary Safe Mode has no Internet connection, so to download an antimalware tool from the web you will have to choose Safe Mode with Networking.

Delete CEIDPageLock

Boot into Safe Mode or Safe Mode with Networking

Windows 10

  1. Click the Start button and click Power.
  2. Press and hold the Shift key and click Restart.
  3. Click Troubleshoot.
  4. Click Advanced options.
  5. Click Startup Settings.
  6. Under Startup Settings, click the Restart button.
  7. Tap F4 or F5 on your keyboard.

Windows 8/8.1

  1. Press and hold Shift and then click Power.
  2. Click Restart.
  3. Under Choose an option, click Troubleshoot.
  4. Click Advanced options.
  5. Click Startup Settings.
  6. Click the Restart button.
  7. Tap F4 or F5 when asked to “choose from the options below.”

Windows XP/Vista/7

  1. Start tapping F8 immediately after you restart or turn on your PC.
  2. When the Advanced Boot Options menu appears, select Safe Mode or Safe Mode with Networking.
  3. Tap Enter after your choice.

Remove the malicious application

  1. Tap Win+E.
  2. Access %WINDIR%\Temp.
  3. Locate the malicious file representing CEIDPageLock (it will be in the .sys format, e.g. houzi.sys and ceid.sys).
  4. Delete it.
  5. Tap Ctrl+Shift+Esc and open Services.
  6. Find the Service linked to that file (it will have the same name).
  7. Stop the malicious Service.
Download Remover for CEIDPageLock *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

CEIDPageLock Screenshots:


CEIDPageLock technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1houzi.sys293112 bytesMD5: d3b1d963468f0b4c6e7db26996a85a4b
2dropper.exe942080 bytesMD5: c7a5241567b504f2df18d085a4dde559

Memory Processes Created:

# Process Name Process Filename Main module size
1dropper.exedropper.exe942080 bytes

Comments are closed.