Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox runs amoc, if I click this button


  • Please log in to reply
2 replies to this topic

#1 snaffle

snaffle

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 12 August 2012 - 01:20 AM

So here's my issue & it's fairly weird. Firefox, new download & previous versions. Windows 7 on an HP 8 quad. I can surf normal & do all functions...except on some sites (not Andalusian porn), when I click on the "contact us" button, firefox goes nuts. The program starts opening web pages over & over. In some instances 300 or more pages will open before I can get the software to respond to a "close". Sometimes I'm forced to shut off power to the cpu, to get it to stop. All functions lock up, it will not even respond to control,alt,delete. This is a consistent problem, I get the same response if I try it later on the same site. It's non-specific, I've had it happen on totally different sites. The only consistency is the trigger, if I trigger, a button that tries to send me to an e-mail location, it starts. Does not occur on IE8, or chrome. Anyone got any ideas? I think it may be related to some kind of Java script glitch, I get pop ups fairly regularly saying that a java script has failed or that the script has locked up. Who Knows?........... snaffle

The wiz's over at HP told me "It's an infection or malware, you need to wipe your drive & reload", I don't think so. That "cure" is worse than the disease.

Edited by hamluis, 12 August 2012 - 09:24 AM.
Moved from Web Browsing/Email to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 August 2012 - 01:43 AM

Download SecurityCheck.exe from Here

. Run SecurityCheck and follow the instruction from inside the code box.
. When the scan is finished, a notepad will automatically open as check.txt
Please copy and paste the contents here on your next reply.

Download and install free malwarebytes from this Link along with a complete tutorial. Download link is on step 2 of "How To use Malwarebytes Antimalware" and when in step 12 an mbam log will open. Copy-paste the result found and post on your next reply.

Tekken
 


#3 snaffle

snaffle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 13 August 2012 - 12:41 PM

jhayz, these are the logs you asked for. I already had MBytes installed. It goes south in about 5 days. I've also included an "Admin warning" report that may indicate one of the faults. Just so you know I've run Norton & Trend House Call, they too say clean.

Log Name: Application


Source: VSS
Date: 1/1/2012 11:34:09 AM
Event ID: 12348
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Lee-HP
Description:
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{ab409cba-2228-11e1-8824-c1524f8492be}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">12348</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-01T19:34:09.000000000Z" />
<EventRecordID>5290</EventRecordID>
<Channel>Application</Channel>
<Computer>Lee-HP</Computer>
<Security />
</System>
<EventData>
<Data>\\?\Volume{ab409cba-2228-11e1-8824-c1524f8492be}\</Data>
<Data>

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider</Data>
<Binary>2D20436F64653A2053505250524F564330303030323333312D2043616C6C3A2053505250524F564330303030323237332D205049443A202030303030343930302D205449443A202030303030373034342D20434D443A2020433A5C57696E646F77735C53797374656D33325C737663686F73742E657865202D6B2073777072762D20557365723A204E616D653A204E5420415554484F524954595C53595354454D2C205349443A532D312D352D313820</Binary>
</EventData>
</Event>


Results of screen317's Security Check version 0.99.43


Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


MBAM log

2012/08/12 09:32:25 -0700 LEE-HP Snaffle MESSAGE Starting protection
2012/08/12 09:32:27 -0700 LEE-HP Snaffle MESSAGE Protection started successfully
2012/08/12 09:32:30 -0700 LEE-HP Snaffle MESSAGE Starting IP protection
2012/08/12 09:32:30 -0700 LEE-HP Snaffle MESSAGE IP Protection started successfully
2012/08/12 10:59:41 -0700 LEE-HP Snaffle MESSAGE Executing scheduled update: Daily
2012/08/12 11:00:15 -0700 LEE-HP Snaffle MESSAGE Scheduled update executed successfully: database updated from version v2012.08.11.03 to version v2012.08.12.05
2012/08/12 11:00:15 -0700 LEE-HP Snaffle MESSAGE Starting database refresh
2012/08/12 11:00:15 -0700 LEE-HP Snaffle MESSAGE Stopping IP protection
2012/08/12 11:00:54 -0700 LEE-HP Snaffle MESSAGE IP Protection stopped
2012/08/12 11:00:55 -0700 LEE-HP Snaffle MESSAGE Database refreshed successfully
2012/08/12 11:00:55 -0700 LEE-HP Snaffle MESSAGE Starting IP protection
2012/08/12 11:00:56 -0700 LEE-HP Snaffle MESSAGE IP Protection started successfully

I ran Malwarebytes & came up clean. I run SuperAntiSpyware daily, also clean, it seems to find & remove more than MBam, back to back scans. What tools are current for root checking?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users