Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up opening IE&FF (globalroot...)


  • This topic is locked This topic is locked
4 replies to this topic

#1 Iwant2dropkickMWmake

Iwant2dropkickMWmake

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 01 July 2009 - 09:27 PM

First I want to thank you guys in advance for looking at my post, I know you guys a probably dealing with a lot of issues. I give you as much info as I can.
When opening IE7 or Firefox I get a pop-up.

"Iexplore.exe Bad Image: globalroot\systemroot\system32\MSIVXocfpujrvrosxnmrbqhbpfukbcgymvtnw.dll is either not designed to run on windows or it contains as error. Try installing the program again using the original installation media or contact you system administrator or the software vendor for support."

When I hit o.k. it open IE or FF when I first got the pop-up it open within a few seconds now it takes about a minute. The computer is also running a bit slow, but barely noticeable. Issues with online video play, flash player, some will play and some wont even load. (don't know if this is related)

I Googled the error and did the reset_fp10 and subinacl fix as recommended but no change. The 2nd Google search got me here so hopefully someone can help me.

Download Hijackthis from Cnet and when trying to install computer crashed, changed name it installed and the app crashed had to change that name as well to get the log file. File is attached, if you need more info please let me know. Please Help and Thank you!

MY PC info: Vista Home Premium, no upgrade as it came. With Service Pack 1, HP pavilion entertainment pc (dv6000). I have both SpyDoctor and Norton 360 running and they don't find anything more then the normal stuff, cookies, trackers, ect...

Attached Files


Edited by Iwant2dropkickMWmake, 01 July 2009 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:40 AM

Posted 03 July 2009 - 02:57 AM

Hello Iwant2dropkickMWmake,

Posted Image

You have a rootkit causing all these problems.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Iwant2dropkickMWmake

Iwant2dropkickMWmake
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 06 July 2009 - 06:59 PM

Thank you Tea for helping me out. Sorry for the late reply. It run combofix it looked like it fixed the problem as I the stupid pop did not come when I open FF. As you requested the combofix and hjthis scan after running combofix is attached.

Note* I was running 360 and I disabled it before running combofix but combofix pop said it was running I even uninstalled 360 and it still said it was running. I hit OK on the prompt to run anyway. Combofix did find 3 ...sys32\MSIVXfdajfk... files and wanted to restart.

Thank you!

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:40 AM

Posted 07 July 2009 - 12:43 AM

Hello,

No need to be sorry! :thumbup2:

Glad to know it's better, and you're welcome. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Great tips and info-----> http://mvps.org/winhelp2002/unwanted.htm

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:40 AM

Posted 14 July 2009 - 11:48 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users