Results 1 to 16 of 16
  1. #1
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    Virus Trojan Issue With Just Firefox Browser
    This virus/trojan does not affect Opera or IE, just Firefox.

    Behavior:

    Sometimes when I try to load a site in FF, it hangs and then goes to "Not Responding"
    Sometimes when I load a site in FF, the entire browser window closes
    Sometimes when I load a site in FF, I get a a popup crapware that says I am infected, which leads to a phony detection page (can't think of the url now)

    I ran Hijack and got a log, but I really don't know if there is anything suspicious.

    It's odd that it only affect Firefox browser.

    I ran Ad-Aware but it didn't find any problems.

    I tried to run Spybot Search & Destroy, but it doesn't actually start.

    Any ideas?

  2. #2
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Try SuperAntiSpyware

    Alternatively, use MozBackup/ to save your settings (assuming you can get it to run on a hosed installation), deinstall Firefox and then nuke the "Mozilla" folders in C:\Documents and Settings\username\Application Data\Mozilla and C:\Documents and Settings\username\Local Settings\Application Data\Mozilla (the location is a bit different if you're using Vista I think). Then download and reinstall Firefox, test, and then reimport your settings with MozBackup.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  3. #3
    ABW Ambassador beachcom's Avatar
    Join Date
    May 11th, 2006
    Location
    Myrtle Beach SC
    Posts
    723
    If you haven't, try running your scans in SAFE MODE. Just thought of this too, try Restore.

  4. #4
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    Quote Originally Posted by Dynamoo
    Try SuperAntiSpyware

    Alternatively, use MozBackup/ to save your settings (assuming you can get it to run on a hosed installation), deinstall Firefox and then nuke the "Mozilla" folders in C:\Documents and Settings\username\Application Data\Mozilla and C:\Documents and Settings\username\Local Settings\Application Data\Mozilla (the location is a bit different if you're using Vista I think). Then download and reinstall Firefox, test, and then reimport your settings with MozBackup.
    When I try and install SuperAntiSpyware, I get an error:

    SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience.

  5. #5
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    If you're computer is infected, that could be the reason SuperAntiSpyware won't install. I use SuperAntiSpyware Pro and have a lot of confidence in it. I purchased the pro version for realtime monitoring. It's disabled in the free version.



    X

  6. #6
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    I did what Dynamoo said and that did seem to fix that problem. I do have a new or different version of the same problem.

    When I do a google search and then click on any of the results, it opens a new tab to some other location that has nothing to do with what I clicked on.

  7. #7
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Could be a couple things. The most likely is that there's still adware running on your computer. Another is that your hosts file has been modified. Hosts is a text file that resides in the C:\Windows\system32\drivers\etc directory. Open it in notepad to check for entries that don't belong. When your browser looks for an IP address associated with a domain name entered in your browser, it looks in hosts first, then checks DNS.



    X

  8. #8
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    Thumbs up
    The hosts looks ok I think. There are a ton of entries inserted by Spybot for different URL's all set to 127.0.0.1.


    127.0.0.1 localhost
    # Start of entries inserted by Spybot - Search & Destroy
    127.0.0.1
    ...
    ...
    ...
    127.0.0.1
    # This list is Copyright 2000-2008 Safer Networking Limited
    # End of entries inserted by Spybot - Search & Destroy

  9. #9
    ABW Ambassador Boom or Bust's Avatar
    Join Date
    February 3rd, 2008
    Posts
    3,955
    Yep, hosts looks ok. A quick and dirty method to determine if you have malware running is to inspect a couple different directories, system32 and temp in your profile under documents and settings. Sort the list by date and look for recent executables and dll's that have cryptic names. Particularly pay attention to files that have dates/times around the time you noticed the problems beginning. It usually does no good to delete these. You'll find that either they're in use and you can't delete, or they suddenly appear again within seconds of deleting. There will usually be a program running in memory that watches these files and immediately replaces them again if they disappear. My experience with the really persistent ones is that you have do a combination of things. If antivirus/antispyware programs don't remove them, you have to play with the registry, safe mode, removing/renaming suspicious files, or even booting to the Windows repair console to remove nasty files. It can get pretty hairy...

    One other way that works pretty well, if you're running XP, do a system restore from a date previous to when the problems began.



    X

  10. #10
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    I Finally got it fixed. I used a tool called Trojan Remover and it found the problem and removed it.

  11. #11
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    TR worked for me too!!! Got that crap off my old computer. Can now do searches without redirection.

    Thanks Seymour!
    Last edited by Cheesehead; January 21st, 2009 at 09:14 PM.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  12. #12
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    I confess that I don't know that one - have you a link for Trojan Remover?
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  13. #13
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    Quote Originally Posted by Dynamoo
    I confess that I don't know that one - have you a link for Trojan Remover?
    I got the fully functional evaluation version from the link below.

    www (dot) simplysup (dot) com/tremover/download (dot) html

    "You can download a free fully-working evaluation copy of Trojan Remover by clicking on one of the download links below. The program will work for a full 30 days, after which it will expire"

  14. #14
    Full Member TerriFalcone's Avatar
    Join Date
    August 5th, 2008
    Posts
    328
    I feel your pain. Last week 3 out of 4 browsers that I use were all under attack and it took removing the browsers and reinstalling them AFTER I had used a variety of services to scour and buff ye olde C drive. These trojans/worms/viruses are getting worse with each passing day so I finally got a service to back up all my data should I meet one that scales the barricades and infects everything and can't undo the damage.

    Glad you got through this bout and have landed on your feet.
    <a href="http://www.buzzymultimedia.com/afpr.html"><font color="#FF0000">Buzzy Multimedia Publishing Affiliate Program</font></a>--<a href="http://www.shareasale.com/shareasale.cfm?merchantID=13023"><font color="#FF0000">SAS Sign-Up</font></a>
    7-15% Commision, 180 Cookies, Bonuses
    <a href="http://www.buzzymultimedia.com">Earn Buzzy Bucks Promoting Sci-Fi & Fantasy Audio Books and Wicked Cool T-Shirts</a>

  15. #15
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Quote Originally Posted by Dynamoo
    I confess that I don't know that one - have you a link for Trojan Remover?
    I am guessing that is why I was able to access the site, download, and install. Could not do that with any well known program. This one got in under the radar screen.

    Trojan Remover looks, by appearances a bit "bottom shelf". Cheap looking banner and they run adsense on their site. But they sure saved me a lot of grief!
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  16. #16
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    The two most common ways of getting a drive-by download at the moment seem to be "malvertisements" and javascript inserted through a SQL injection attack.

    In most cases, a combination of Firefox + NoScript should prevent any nasties from installing. NoScipt blocks javascript and some iframes unless you tell it that you trust them. It's a bit of a pain at first, but once it knows which sites you trust it is usually invisible.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  17. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Is there a new Firefox Virus
    By Billy Kay in forum Midnight Cafe'
    Replies: 18
    Last Post: May 25th, 2010, 03:07 PM
  2. Is your FireFox browser really, really slow?
    By Cav in forum Programming / Datafeeds / Tools
    Replies: 27
    Last Post: October 22nd, 2009, 08:42 AM
  3. My Experience in a PC Trojan Virus Hell!
    By Craig Mattice in forum Midnight Cafe'
    Replies: 1
    Last Post: July 17th, 2009, 06:10 PM
  4. Is it just me? Firefox issue
    By kutnkudly in forum ShareASale - SAS
    Replies: 4
    Last Post: August 26th, 2008, 01:29 PM
  5. trojan horse virus
    By eMerchantConsulting in forum Midnight Cafe'
    Replies: 4
    Last Post: June 25th, 2004, 10:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •