Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox suddenly pop-up adsites in a new tab


  • Please log in to reply
5 replies to this topic

#1 Gideon020

Gideon020

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 06 September 2013 - 08:02 PM

I have Firefox running on Windows XP and recently around 10:00 AM without fail for the last three days I have been getting a sudden new tab pop-up that first goes to this 7.rotator.widgetmedia.com site then redirects to an adsite.

 

I think I have the same malware as a lot of other people have been experiencing, what can I do to get rid of it?


Edited by Gideon020, 06 September 2013 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:52 AM

Posted 07 September 2013 - 02:33 AM

wogs.png Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

thisisujrt.gif Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


Edited by TwinHeadedEagle, 07 September 2013 - 02:34 AM.


#3 Gideon020

Gideon020
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 September 2013 - 03:53 AM

I'll post back here if it pops up again, but I think it should have worked.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
AJ :: HEATH-BA761FE42 [administrator]

7/09/2013 5:47:53 PM
mbam-log-2013-09-07 (17-47-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379175
Time elapsed: 47 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Shaun\My Documents\Downloads\videora-iphone-408-setup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\AJ\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)
 

 

# AdwCleaner v3.002 - Report created 07/09/2013 at 13:58:59
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : AJ - HEATH-BA761FE42
# Running from : C:\Documents and Settings\AJ\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Documents and Settings\AJ\Application Data\Mozilla\Firefox\Profiles\fwwbjjsi.default\prefs.js ]


[ File : C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\9d9v6wgt.default\prefs.js ]


[ File : C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\ttngzlvu.default\prefs.js ]

Line Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,en-GB%40dictionaries.addons.mozilla.org:1.19.1,%7BDA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B%7D:1.2.337.1,%7Bef4e370e-d9f0-4e00-b93e[...]

[ File : C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\uxzqbme3.default\prefs.js ]


[ File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6a60ebm0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [11381 octets] - [06/09/2013 11:18:07]
AdwCleaner[R1].txt - [1769 octets] - [07/09/2013 13:57:59]

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Microsoft Windows XP x86
Ran by AJ on Sat 07/09/2013 at 14:09:14.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Emptied folder: C:\Documents and Settings\AJ\Application Data\mozilla\firefox\profiles\fwwbjjsi.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/09/2013 at 14:15:13.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:52 AM

Posted 07 September 2013 - 05:13 AM

How are things now?



#5 Gideon020

Gideon020
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 September 2013 - 08:04 AM

How are things now?

 

Won't be able to tell you until tomorrow morning, but I'm hopeful.



#6 Gideon020

Gideon020
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 September 2013 - 07:52 PM

It's happened again. :( Looks like it didn't work.

 

EDIT: Ran the CCleaner, so maybe it'll be gone this time.


Edited by Gideon020, 07 September 2013 - 08:46 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users