# Possible Virus?

Hi Experts,

It seems to only be happening in Firefox.  I'll open a website and will automatically get pop-up windows to other URL's.  For example, I'll click on a link from say a Google search, I'll click on that link and some bogus website appears.  I know I have a trojan, virus, mal-ware or something going on.  I've scanned with two different AV's i.e. Avast and Panda Cloud as well as 2 different Malware scanners i.e. Malwarebytes and SuperAntiSpyWare.  I'm also running a full system, including register clean with CCleaner.   I can't seem to shake this issue, no matter what I do.  As mentioned, I'm only seeing this in Firefox 3.16.15.  I even installed Security Task Manager which shows the underlying programs running not just the service level ones...It did not detect anything.  I'm at a loss here.  Any suggestions as to why it's behaving this way?
###### Who is Participating?

Commented:

Try GooredFix first:
http://jpshortstuff.247fixes.com/GooredFix.exe
Double-click GooredFix.exe on your Desktop to run it.

Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.

GooredLog.txt).

Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications

Please also allow any registry changes that may be prompted by any of your security programs.

Then if the problem persists we can try TDSSKiller and RougeKiller:
0

Commented:

http://www.experts-exchange.com/A_3299.html
0

Commented:
Here's also an article on RogueKiller, you can try:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

TDSSKiller:
0

IT ManagerCommented:
Try creating a new user profile on the machine, log onto it and see if the problem is still there
0

Commented:
@sgsm81,
I don't understand that recommendation.
What is it you are hoping to accomplish?
0

Author Commented:
I'll look into everyone's suggestions and let you know.  Will try this evening.
0

Author Commented:
Hi rpggamergirl ran GooredFix, below is the log.
GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:25 on 22/03/2011 (Owner)
Firefox version 3.6.15 (en-US)

========== GooredScan ==========

Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files\MyWebSearch\bar\1.bin" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:35 16/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:59 05/03/2010]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fcjxqxkd.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [07:15 16/03/2011]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [00:54 17/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:52 05/03/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:53 05/03/2010]
"widgetruntime@surfsecret.com"="C:\Program Files\Panda Security\Panda ID Protect\Firefox" [00:54 17/03/2011]

-=E.O.F=-

0

Author Commented:
hi rpggamergirl...wow, after running GooredFix and TDSSKiller both which appear to have found and cleaned what it was they detected, I rebooted and my system hasn't booted up this quick since it came out of the box (so to speak).  Perhaps this fixed it.  I'm gonna do some test to see if perhaps it decides it's going to resolve to other URL's.  Will leave this open for a few days while testing then will award points if everything is solid.
0

Commented:
Looks like "MyWebSearch" spyware/Trojan was the culprit - comes with lots of "optional" payloads...

@itsmevic: you should close the question now, I think :)
0

Commented:
Good to know the issue seems to be fixed.

What GooredFix had removed was just an orphan reg entry, so maybe TDSSKiller got it. What did the TDSSKiller log show?

Just keep an eye on it for a day or so and if it comes back we can suggest running a diagnostic tool.
0

Author Commented:
Awesome input!  Suggestions that were solid and worked.  Thank you to everyone.  Wish I had more points to give...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.