Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Course Of The Month
11 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Possible Virus?
Posted on 2011-03-21
Hi Experts,
It seems to only be happening in Firefox. I'll open a website and will automatically get pop-up windows to other URL's. For example, I'll click on a link from say a Google search, I'll click on that link and some bogus website appears. I know I have a trojan, virus, mal-ware or something going on. I've scanned with two different AV's i.e. Avast and Panda Cloud as well as 2 different Malware scanners i.e. Malwarebytes and SuperAntiSpyWare. I'm also running a full system, including register clean with CCleaner. I can't seem to shake this issue, no matter what I do. As mentioned, I'm only seeing this in Firefox 3.16.15. I even installed Security Task Manager which shows the underlying programs running not just the service level ones...It did not detect anything. I'm at a loss here. Any suggestions as to why it's behaving this way?
It seems to only be happening in Firefox. I'll open a website and will automatically get pop-up windows to other URL's. For example, I'll click on a link from say a Google search, I'll click on that link and some bogus website appears. I know I have a trojan, virus, mal-ware or something going on. I've scanned with two different AV's i.e. Avast and Panda Cloud as well as 2 different Malware scanners i.e. Malwarebytes and SuperAntiSpyWare. I'm also running a full system, including register clean with CCleaner. I can't seem to shake this issue, no matter what I do. As mentioned, I'm only seeing this in Firefox 3.16.15. I even installed Security Task Manager which shows the underlying programs running not just the service level ones...It did not detect anything. I'm at a loss here. Any suggestions as to why it's behaving this way?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
3
2- +2
11 Comments
Try GooredFix first:
Please download GooredFix and save it to your Desktop.
http://jpshortstuff.247fixes.com/GooredFix.exe
Double-click GooredFix.exe on your Desktop to run it.
Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called
GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications
and reboot your system.
Please also allow any registry changes that may be prompted by any of your security programs.
Then if the problem persists we can try TDSSKiller and RougeKiller:
This Article from 'rpggamergirl' might be what you're looking for:
"Google Hijack" - Google Search Gets Redirected:
http://www.experts-exchange.com/A_3299.html
"Google Hijack" - Google Search Gets Redirected:
http://www.experts-exchange.com/A_3299.html
Here's also an article on RogueKiller, you can try:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
TDSSKiller:
Download, extract and run TDSSkiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
TDSSKiller:
Download, extract and run TDSSkiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Active today
Hi rpggamergirl ran GooredFix, below is the log.
GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:25 on 22/03/2011 (Owner)
Firefox version 3.6.15 (en-US)
========== GooredScan ==========
Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files\MyWebSearch\bar\1.bin" -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:35 16/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:59 05/03/2010]
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fcjxqxkd.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [07:15 16/03/2011]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [00:54 17/03/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:52 05/03/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:53 05/03/2010]
"widgetruntime@surfsecret.com"="C:\Program Files\Panda Security\Panda ID Protect\Firefox" [00:54 17/03/2011]
-=E.O.F=-
Active today
hi rpggamergirl...wow, after running GooredFix and TDSSKiller both which appear to have found and cleaned what it was they detected, I rebooted and my system hasn't booted up this quick since it came out of the box (so to speak). Perhaps this fixed it. I'm gonna do some test to see if perhaps it decides it's going to resolve to other URL's. Will leave this open for a few days while testing then will award points if everything is solid.
Looks like "MyWebSearch" spyware/Trojan was the culprit - comes with lots of "optional" payloads...
@itsmevic: you should close the question now, I think :)
@itsmevic: you should close the question now, I think :)
Featured Post
With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
- Anti-Virus Apps
- Ransomware
- The Email Laundry
- Email Servers
- Cybersecurity
- Microsoft Access, *malware
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email
Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month11 days, 1 hour left to enroll
628 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.