Viruses, Spyware and...

popups in firefox

Thread Solved

« First

•

Join Date: Nov 2008

Posts: 107

Reputation: jazzyjaj is an unknown quantity at this point

Solved Threads: 0

jazzyjaj

Offline

Junior Poster

Re: popups in firefox

#21

Nov 11th, 2008

then another
http://antimalwareguardpro.com/2009/...2&h=10&sub=adw

•

Join Date: Jul 2008

Posts: 3,080

Reputation: jholland1964 is a name known to all

Solved Threads: 175

jholland1964 jholland1964 is offline

Offline

Posting Sensei

Re: popups in firefox

#22

Nov 11th, 2008

Were these pop-ups in Firefox? I still don't know why "C" drive is not being scanned. The latest MBA-M scan shows that "D" drive was scanned, not "C" even though you told it to scan "C" drive.
Can you tell me, what is on "C" drive? Firefox clearly showed it was running from "C" drive.

•

Join Date: Nov 2008

Posts: 107

Reputation: jazzyjaj is an unknown quantity at this point

Solved Threads: 0

jazzyjaj

Offline

Junior Poster

Re: popups in firefox

#23

Nov 11th, 2008

the C drive is scan i watched it i think its all clear from c drive its just that the same vundo trojan keeps coming back.
anyways yesterday i tried superantispysweeper it found many trojans mostly vundo. after whcih i ran MBA-M it found nothing.
i think it could be because of registry and this software detected at least 14 errors from registry

•

Join Date: Jul 2008

Posts: 3,080

Reputation: jholland1964 is a name known to all

Solved Threads: 175

jholland1964 jholland1964 is offline

Offline

Posting Sensei

Re: popups in firefox

#24

Nov 12th, 2008

•

Originally Posted by jazzyjaj

i think it could be because of registry and this software detected at least 14 errors from registry

MBA-M also cleaned the registry of 27 different items.
Really sounds to me like a rootkit is on there but since you say your computer is now totally clean since running superantispysweeper.
You will need to run a new HJT scan and post that log so we can complete the fixes in there before downloading the new Firefox version but go ahead and completely uninstall Firefox. It is running from "C" drive so you are going to have to go in there and uninstall it.

You never answered, exactly what IS on "C" drive other than Firefox?

Last edited by jholland1964; Nov 12th, 2008 at 12:39 am.

•

Join Date: Nov 2008

Posts: 107

Reputation: jazzyjaj is an unknown quantity at this point

Solved Threads: 0

jazzyjaj

Offline

Junior Poster

Re: popups in firefox

#25

Nov 12th, 2008

Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.

•

Join Date: Nov 2008

Posts: 107

Reputation: jazzyjaj is an unknown quantity at this point

Solved Threads: 0

jazzyjaj

Offline

Junior Poster

Re: popups in firefox

#26

Nov 12th, 2008

here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:05, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
d:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {49DC26F5-43C2-4312-B885-AE9080736D93} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A044BCA-7D52-4619-B36C-96FD0A436DD7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A957451F-324E-472A-BE5C-B8B8E68EDA5A} - (no file)
O2 - BHO: (no name) - {EE528997-7B75-45EA-AB8A-0298C5D3F04D} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e0ff4138] rundll32.exe "D:\WINDOWS\system32\mqqcncgr.dll",b
O8 - Extra context menu item: &Download all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4353 bytes

since running the spysweeper i have this problem whenever i start it says this is missing mqqcncgr.dll. I think it was removed.

•

Join Date: Jul 2008

Posts: 3,080

Reputation: jholland1964 is a name known to all

Solved Threads: 175

jholland1964 jholland1964 is offline

Offline

Posting Sensei

Re: popups in firefox

#27

Nov 12th, 2008

•

Originally Posted by jazzyjaj

Onmy C drive i have movies, music videos and counter strike.
I used to have na OS before like one year ago but now i deleted it but still have the Documnets and settings folder.

What do you mean you deleted it? I don't believe that you can really just delete an operating system, the drive would have to be reformatted in order to completely remove it.