Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox 3.6: Image & Crashing Problems


  • This topic is locked This topic is locked
6 replies to this topic

#1 Teagan

Teagan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 March 2010 - 02:10 PM

Hi everyone,

Yesterday I started having problems while using Firefox.
Images (on all sites) disappear, re-appear and sometimes fade away slowly.
Even the buttons on my toolbar disappear/re-appear and at times fade away when I mouse over. Have a screen shot of a tool bar buttons half faded away. Odd also URL in address box is not complete either (It shows in screenshot)
It is freaky.

Today I am also experiencing more crashes than usual.

I cleared cache several times, doesn't help
I also have disabled all add-ons (with the exception of Forecast Fox it's icons in system tray do the same thing as others, fade in fade out disappear re-appear) and some plugins, hasn't helped.
I use Firefox's default theme (3.6)
Anti-virus AVG free 8.5
Spyware Guard v2.2
Spybot
Spyware Blaster 4.2
a-Squared free 4.5
Hitman Pro 3.5
Malwarebytes' Anti-Malware
Hijack This 2.0.0
Zone Alarm firewall 8.0
Windows XP
Firefox 3.6

Most recent program installed: Golf Buddy Manager (It is a program that allows golf courses to be uploaded to the Golf Buddy GPS golf accessory)
I was going to list the nasty things Malwarebytes' found last night but I received an error when trying to open it. Error code: 703 (0,7) I'll search for any logs I may have saved.

Any help would be much appreciated.

PS I may post more info in a bit. Wanted to get this posted before Firefox crashes again. Please have patience with me. lol
Thanks :flowers:

Edit: Here is the portion (listing the infections) of my Malwarebytes' log dated: 2/8/2010. I scanned then because I was experiencing google re-directs.
I can't find the one from last night, it was late and I must not of saved it. And since I can not open I am unable to post last nights results. Sigh...I guess I have to uninstall and reinstall it. Arrgh!
Edit: Malwarebytes' opened just now If you all need a log from last night let me know.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf81c78b-3d5b-447f-bfb6-d9170bc08e7a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cae4ce40-483d-43af-851e-57708966996c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cae4ce40-483d-43af-851e-57708966996c}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\COMPLINC.DLL (Spyware.OnlineGames) -> No action taken.
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\hYl8LU33.exe.a_a (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00001b17.tmp (Trojan.FakeAlert) -> No action taken.

AVG scan results 2/08/10
Trojan Horse Rootkit-Patkes.U

Here are the results from the Hitman Pro 3.5 scan last night:
GBProxyps.dll (Rootkit)- C:\WINDOWS\system32
atapi.sys (Rootkit) - C:\WINDOWS\system32\Drivers

Again please forgive multiple postings. Firefox is constantly crashing. 4-5 crashes in last three hours. :thumbsup:

************************************************************

Edit: I have just installed latest version of Highjack This (Uploaded exe to desktop, but it was not there. So I went into my download box and opened and installed it from there.) Ran it and I have a log saved. Something is going on I couldn't get AVG to begin a scan, so I closed it and reopened it then it closed instantly. Also I had just moved desktop icons around some and they went back to where they originally were. At first I thought my Firefox was corrupt but now I think there is something more sinister going on.

Edited by Teagan, 03 March 2010 - 06:41 PM.


BC AdBot (Login to Remove)

 


#2 Teagan

Teagan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 05 March 2010 - 10:51 AM

[quote name='Teagan' date='Mar 3 2010, 01:10 PM' post='1656660']
Hi everyone,

Yesterday I started having problems while using Firefox.
Images (on all sites) disappear, re-appear and sometimes fade away slowly.
Even the buttons on my toolbar disappear/re-appear and at times fade away when I mouse over. Have a screen shot of a tool bar buttons half faded away. Odd also URL in address box is not complete either (It shows in screenshot)
It is freaky.

Today I am also experiencing more crashes than usual.

I cleared cache several times, doesn't help
I also have disabled all add-ons (with the exception of Forecast Fox it's icons in system tray do the same thing as others, fade in fade out disappear re-appear) and some plugins, hasn't helped.
I use Firefox's default theme (3.6)
Anti-virus AVG free 8.5
Spyware Guard v2.2
Spybot
Spyware Blaster 4.2
a-Squared free 4.5
Hitman Pro 3.5
Malwarebytes' Anti-Malware
Hijack This 2.0.0
Zone Alarm firewall 8.0
Windows XP
Firefox 3.6

Most recent program installed: Golf Buddy Manager (It is a program that allows golf courses to be uploaded to the Golf Buddy GPS golf accessory)
I was going to list the nasty things Malwarebytes' found last night but I received an error when trying to open it. Error code: 703 (0,7) I'll search for any logs I may have saved.

Any help would be much appreciated.

PS I may post more info in a bit. Wanted to get this posted before Firefox crashes again. Please have patience with me. lol
Thanks :flowers:

Edit: Here is the portion (listing the infections) of my Malwarebytes' log dated: 2/8/2010. I scanned then because I was experiencing google re-directs.
I can't find the one from last night, it was late and I must not of saved it. And since I can not open I am unable to post last nights results. Sigh...I guess I have to uninstall and reinstall it. Arrgh!
Edit: Malwarebytes' opened just now If you all need a log from last night let me know.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf81c78b-3d5b-447f-bfb6-d9170bc08e7a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cae4ce40-483d-43af-851e-57708966996c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cae4ce40-483d-43af-851e-57708966996c}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.39,93.188.161.101 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\COMPLINC.DLL (Spyware.OnlineGames) -> No action taken.
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\hYl8LU33.exe.a_a (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00001b17.tmp (Trojan.FakeAlert) -> No action taken.

AVG scan results 2/08/10
Trojan Horse Rootkit-Patkes.U

Here are the results from the Hitman Pro 3.5 scan last night:
GBProxyps.dll (Rootkit)- C:\WINDOWS\system32
atapi.sys (Rootkit) - C:\WINDOWS\system32\Drivers

Again please forgive multiple postings. Firefox is constantly crashing. 4-5 crashes in last three hours. :thumbsup:

************************************************************

Edit Wednesday March 3: I have just installed latest version of Highjack This (Uploaded exe to desktop, but it was not there. So I went into my download box and opened and installed it from there.) Ran it and I have a log saved. Something is going on I couldn't get AVG to begin a scan, so I closed it and reopened it then it closed instantly. Also I had just moved desktop icons around some and they went back to where they originally were. At first I thought my Firefox was corrupt but now I think there is something more sinister going on.


Edit Friday March 5: Wednesday night I ran Malwarebytes' in safe mode. And that dang Trojan PWS appeared again (first appearance was in a Monday Mar 1 scan in regular mode) . Removed it and yesterday (Thurs March 4) everything was great. Online all day and night til 11:30 pm and not one sign of trouble. Today (Fri March 5) I logged on at 8:00 am and boom images start disappearing again.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:43 PM

Posted 05 March 2010 - 10:54 AM

Hello what we have here is a serious rootkit infection. It will require specialized tools and one of our malware removal team's assisstance..
You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Teagan

Teagan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 05 March 2010 - 11:54 AM

Thanks so much! Running GMER scan now.
PS It looks like I screwed up again. lol
I could of swore I was on edit button but images disappeared and I guess I hit the quote button and posted a reply. :thumbsup:

It is so tough to do anything when images keep popping in and out.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:43 PM

Posted 05 March 2010 - 12:24 PM

If it is too difficult try just posting the DDS log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Teagan

Teagan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 05 March 2010 - 02:21 PM

Boopme

Success! :flowers: New post is up: Rootkit infection: Trojan.PWS userinit.exe

Thanks for all your help!
Wish me luck. :thumbsup:

#7 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 PM

Posted 05 March 2010 - 02:27 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/300541/rootkit-infection-trojanpws-userinitexe/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Pandy~
Forum Moderator

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users