Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FIREFOX KEEPS OPENING NEW TABS/POP-UPS


  • Please log in to reply
7 replies to this topic

#1 jarodlpitt55

jarodlpitt55

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 January 2009 - 12:44 PM

I've seen this posted a lot but i dont want to try anything on my own.....If someone could please help me, i would greatly appreciate it

My computer is infected with a virus, series of trojans that cause IE/Firefox to open new windows/tabs.

I have Windows XP
Spybot Search and Destroy
AVG
Ad-Aware Personal Edition

AVD detected two trojans yesterday but it didn't fix the problem. As someone else posted, most of the time i'm getting a pop-up for the www.sagipsul website. Could someone please help me? I'm a quick learner! Thanks

BC AdBot (Login to Remove)

 


#2 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:12:33 PM

Posted 06 January 2009 - 02:55 PM

Please download MalwareBytes Anti-Malware to your desktop.


Ensure that your computer is connected to the internet and your software firewall is disabled until instructed to re-enable it.
Double click on the mbam-setup.exe to begin the installation process.
When the installation begins, please do not change any of the settings and follow the prompts.
Please make sure that when you finish the installation, these options remain checked;
*Update MalwareBytes' Anti-Malware
*Launch MalwareBytes' Anti-Malware
You may now click finish...
When MBAM launches, you will be prompted to update before running a scan. If an update is found, MBAM will automatically download and apply the updates and you can then click 'OK' button to close the box and continue. You may now re-enable your firewall
Please ensure that while you are on the scanner tab the 'Perform Quick Scan' option is selected, then click the 'Scan' button.
If you are asked which drives to scan, please leave all of them ticked, and click 'Start Scan'.
The scan will now begin and you will see “Scan in progress” at the top; It may take a while to complete so please be patient.
When the scan completes, you will see “The scan completed successfully. Click 'Show Results' to display all objects found”
Click the 'OK' button to close the box and continue with the removal process.
Back on the main scanner screen, click 'Show Results' to see a list of any found Malware.
Ensure that all items are checked and then click the 'Remove Selected' button.
When the removal process is complete, a log will open in notepad; this log will be automatically saved and you can view it in the logs section of the program.
Copy and paste the contents of the log file that is open into your next reply and exit MBAM.


Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the Malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Please PM me if i have been assisting you and do not reply for 24 hours!

#3 jarodlpitt55

jarodlpitt55
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 January 2009 - 04:45 PM

Thank You

Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 2

1/6/2009 4:35:33 PM
mbam-log-2009-01-06 (16-35-33).txt

Scan type: Quick Scan
Objects scanned: 73869
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vtUoMebB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfDwwWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lthwqh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qnjzmo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vhgxbo.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b40bacf-3f2f-4f86-a7d2-d4b5abc2de70} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b40bacf-3f2f-4f86-a7d2-d4b5abc2de70} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdwwwm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84712019-da8a-48da-aa29-58a186731dc6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{889b3632-49f4-4bab-85b8-c47dd3c50cec} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3b9de6b-88dc-45f9-8397-48bb38ce58db} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b40bacf-3f2f-4f86-a7d2-d4b5abc2de70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtuomebb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtuomebb -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vtUoMebB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\BbeMoUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BbeMoUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDwwWm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\frhaoyja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajyoahrf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbyfpysp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psypfybp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lthwqh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qnjzmo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vhgxbo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nhokvwgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdntlrcw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvswitom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsoft.nls (Malware.Trace) -> Quarantined and deleted successfully.

#4 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:12:33 PM

Posted 06 January 2009 - 04:50 PM

Please reboot your computer and see if the problem still exists and then post back.
Please PM me if i have been assisting you and do not reply for 24 hours!

#5 jarodlpitt55

jarodlpitt55
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 January 2009 - 05:41 PM

YOU ARE A SAVIOR! THANK YOU SO MUCH! I'VE BEEN ONLINE FOR 20 MINUTES AND NO POP-UPS YET
I'M GOING TO BRAG UP THIS SITE TO EVERYONE!
THANKS AGAIN

#6 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:12:33 PM

Posted 06 January 2009 - 07:47 PM

It was a pleasure to help you.
be sure to return if you get any more problems :thumbsup:
Please PM me if i have been assisting you and do not reply for 24 hours!

#7 Kaje Ki

Kaje Ki

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 January 2010 - 04:39 AM

Malwarebytes for the WIN! i'm currently running a deep scan to deal with exactly the same problem. If that doesn't work, I'm gonna try Super Anti-Spyware. my girl tried that and it worked for her. Her dad is an engineer and installed the PRO version for her. Been getting some pretty harsh viruses on the web lately. frustrating. I feel like one got by Avast... ;/

Edited by Kaje Ki, 22 January 2010 - 04:39 AM.


#8 Steven42787

Steven42787

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 January 2010 - 04:45 PM

I've been having trouble today with my IE8 browser as well as Firefox. Firefox keeps opening new tabs and whenever I type it tabs or writes a lot of extra letters. I'm also having trouble logging into wordpress. I tried what you suggested for the person above and it found some malware and I removed it, but I'm still having the problem. I'm in the process of a full scan at the moment. Some help would be greatly appreciated. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users