Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IE popups in Firefox

0 views
Skip to first unread message

P.A.

unread,
Nov 3, 2005, 6:18:12 AM11/3/05
to
Hi, I'm getting IE popups opening when I'm using firefox, I've tried a
slew of many of the most common virus/spyware/malware defense/cleansing
mechanisms and ran each with updated lists, yet they still are
happening, so far I've ran ad-aware, spybot S&D, AVG anti-virus, CW
shredder, Spyware blaster, Hijack this and Bazooka Adware spyware
blaster and have Mozilla's popup blocker enabled with no allowed sites
yet they still seem to be sneaking in, I have a feeling there is some
spyware sending information because the popups appear to be somewhat
targeted to the information I might be reading about, I have yet to be
able to reproduce the popups, i.e. if one opens when i go to a specific
URL, going back to that URL does not cause a popup to re-appear, I'm
trying to everything I possibly can but am running out of ideas and am
holding out a clean install and/or system restore activities as a last
resort, searched the web and the groups but wasn't able to come up with
very much relevant information or anything I haven't already tried,
would appreciate any original advice or solutions/work arounds if
anyone has one, thanks.

Paul

pcbutts1

unread,
Nov 3, 2005, 9:32:32 AM11/3/05
to
Post your hijackthis log.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

"P.A." <pma...@hotmail.com> wrote in message
news:1131016692.9...@g43g2000cwa.googlegroups.com...

Buffalo

unread,
Nov 3, 2005, 10:22:00 AM11/3/05
to

"P.A." <pma...@hotmail.com> wrote in message
news:1131016692.9...@g43g2000cwa.googlegroups.com...
> Hi, I'm getting IE popups opening when I'm using firefox, I've tried a
> slew of many of the most common virus/spyware/malware defense/cleansing
> mechanisms and ran each with updated lists, yet they still are
> happening, so far I've ran ad-aware, spybot S&D, AVG anti-virus, CW
> shredder, Spyware blaster, Hijack this and Bazooka Adware spyware
> blaster and have Mozilla's popup blocker enabled with no allowed sites
> yet they still seem to be sneaking in, I have a feeling there is some
> spyware sending information because the popups appear to be somewhat
> targeted to the information I might be reading about, I have yet to be
> able to reproduce the popups, i.e. if one opens when i go to a specific
> URL, going back to that URL does not cause a popup to re-appear,

Next time, close out of FF and clear the History and Cache and go back to that
same URL and see if the ad pops up again.

Plato

unread,
Nov 3, 2005, 3:46:05 PM11/3/05
to
P.A. wrote:
>
> Hi, I'm getting IE popups opening when I'm using firefox, I've tried a

http://www.bootdisk.com/xptop20.htm#3


P.A.

unread,
Nov 4, 2005, 3:11:15 AM11/4/05
to
>>Post your hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 12:09:20 AM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\paul\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor
5\MBM5.EXE"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1119226876075
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc.
- C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

P.A.

unread,
Nov 4, 2005, 3:45:34 AM11/4/05
to
Interesting, Ewido found 5 infected objects not found by any of the
other apps, I wonder if any of these might have been causing the IE
pop-ups??

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:43:17 AM, 11/4/2005
+ Report-Checksum: 9FA07340

+ Scan result:

HKU\S-1-5-21-1757981266-1060284298-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
-> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1757981266-1060284298-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}
-> Spyware.GameSpyArcade : Cleaned with backup
HKU\S-1-5-21-1757981266-1060284298-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
-> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\paul\Cookies\pa...@ad.yieldmanager[2].txt ->
Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\paul\Cookies\paul@com[2].txt ->
Spyware.Cookie.Com : Cleaned with backup


::Report End

0 new messages