Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Ad Redirect Issues


  • Please log in to reply
3 replies to this topic

#1 Kruma

Kruma

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 30 June 2012 - 12:44 PM

Hello,

Main Issue:
Recently I have noticed that when clicking on Google search results, arbitrarily, a link I open is redirected to various advertisement websites, if I go back one page, and click the result again, generally I will go to the result properly, again, this only happens randomly.

This is quite annoying, and worrying because I'm probably infected with something and do not know the extent of the harm. I did run ComboFix, it removed some files, but I'm using Firefox now, and still upon clicking a Google search result, I am randomly directed to an advertisement website. I also ran MalwareBytes, full scan, and was told that my PC was clean, 0 problems found.

Also, one of these redirect advertisements was especially annoying, because I was redirected to an ad, but the entire page was dimmed out besides this text alert saying "blahblahlabh continue with this survey to win x" and the only option was to press the "OK" on the dialog box. I could not exit the tab, so I pressed "OK," hoping I would be able to after it was undimmed. Instead, a survey appeared awaiting for me to start it by clicking this big "START" button. Obviously I did not start the survey, I tried exiting the tab many times, disabling Javascript, and crashing my Flash. I still could not exit the tab. So ultimately I had to crash firefox.exe, and then untick the ad website in my Session Restore. This is very annoying in general, I would appreciate any help!


Possible Issue:
I also would like to mention an off-topic "issue." Not sure if this is a result of an infection, but a week ago, I was accustomed to using CTRL+T or CTRL+SHIFT+T, just various shortcuts to make browsing easier. And usually if I was on Youtube, or on a Flash component in general, I could not use these shortcuts. Obviously, the fix to this was to click somewhere off of where the Flash screen was (or Youtube video, etc) and then I could execute the shortcut no problem. But recently, while browsing Youtube, I would attempt to click somewhere else, but still cannot use the shortcuts, the only way I can use the shortcut now is to click on the search textbox, not a huge deal, but very annoying when it's become habitual to just click anywhere besides the Flash video to make shortcuts work. I should also mention that prior to this issue, my Flash just began to operate rather faulty. I ended up uninstalling Flash, and reinstalling it because of this. And after the reinstallation these shortcut errors have been occurring. Also, after the reinstallation I noticed in Task Manager that Firefox is no longer putting all of the memory on "plugin-container.exe*32" but instead now I have noticed two new processes running whenever I use Flash related things, FlashPlayerPlugin_11_3_300_262.exe*32, again, there is two of these running at the same time, one uses significantly more memory than the other, the other typically stays under 10,000K.

Again, not sure if that issue is even worth mentioning, but it is something that is completely different from what I usual do/expect, so I decided to mention it.


Thanks.

Edited by Kruma, 30 June 2012 - 12:50 PM.


BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:41 PM

Posted 30 June 2012 - 12:50 PM

================================== Eset Scanner ==================================

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic


#3 Kruma

Kruma
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 30 June 2012 - 08:35 PM

Hello, thank you for your reply, sorry it took so long, the scan was six hours.

C:\Program Files (x86)\iEvony\AutoUpdate.exe	probably a variant of Win32/TrojanDownloader.Agent.FDXKZAL trojan
C:\Qoobox\Quarantine\C\Users\Radwam\AppData\Local\Temp\bicth.dll.vir	a variant of Win32/Medfos.R trojan
C:\Users\Radwam\AppData\Local\{B7A2E568-81DC-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul	JS/Redirector.NIQ trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7cdbdc4d-6b227b68	multiple threats
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\39acf28e-45d23524	multiple threats
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\3f3af9d7-6c981a8c	multiple threats
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\44978a2e-1289343c	Java/TrojanDownloader.Agent.AF trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\759fac34-2a4b7bd9	Java/Agent.BV trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5e185af5-19979e90	a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\640c67b5-5d475f76	Java/TrojanDownloader.Agent.NBM trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\445d036-5f094fb3	multiple threats
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3ace5fb7-5f10866f	a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Radwam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5380c53a-4ff219ea	Java/Agent.BV trojan
C:\Users\Radwam\Desktop\5-12-12\system.zip	Win32/Packed.Themida.F trojan
C:\Users\Radwam\Desktop\Documents\Lineage 2\G+\szCrk.dll	probably a variant of Win32/Agent.IBQZKDE trojan
C:\Users\Radwam\Desktop\Unused Desktop\CP_-_v3.42.ZIP	a variant of Win32/Keygen.AD application
C:\Users\Radwam\Desktop\Unused Desktop\G+.rar	probably a variant of Win32/Agent.IBQZKDE trojan
C:\Users\Radwam\Desktop\Unused Desktop\iEvonyClient.exe	probably a variant of Win32/TrojanDownloader.Agent.FDXKZAL trojan
C:\Users\Radwam\Desktop\Unused Desktop\L2Walker10.9.7.rar	probably a variant of Win32/Agent.IBQZKDE trojan
C:\Users\Radwam\Desktop\Unused Desktop\max9keygen.exe	probably a variant of Win32/Keygen.BT application
C:\Users\Radwam\Desktop\Unused Desktop\walker10.9.5.ZIP	probably a variant of Win32/Agent.IBQZKDE trojan
C:\Users\Radwam\Desktop\Unused Desktop\xXST0RMXx's Surprise [Quest].rar	Win32/PSW.FireThief.PB trojan
C:\Users\Radwam\Documents\LimeWire\Saved\dari tanto wale.wma	a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Radwam\Documents\LimeWire\Saved\rf online - best track ever.mp3	a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Radwam\Documents\LimeWire\Saved\the flowerpot men beat city - greatest hits.mp3	a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Windows\System32\mqsv32.exe	probably a variant of Win32/Agent.IQGDUNZ trojan
C:\Windows\SysWOW64\mqsv32.exe	probably a variant of Win32/Agent.IQGDUNZ trojan


#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:41 PM

Posted 01 July 2012 - 01:25 AM

Note: Before using TFC, please close all Windows because, TFC will close them all. So you maybe loss some temporary files were you are working on, if you don't close all...

Download Temp File Cleaner (TFC) to your desktop.
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

Note: If your antivirus give an alert about TFC, this is a false positive.

After that, rerun the Eset scan. Make sure that the option Remove found threats is ticked and the Scan Archives option is ticked.

Edited by ElFasso, 01 July 2012 - 01:27 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users