Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Poups


  • Please log in to reply
5 replies to this topic

#1 Markwell

Markwell

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 September 2013 - 06:48 AM

Hi

 

About 1 month ago I bought a new laptop.  Already I am getting random popups, how this happened so quickly I just don't know.  Some have Browsefoxads written beside the window that pops up and tonight I noted that one had an URL of gzs.jspre.net.  I am running AVG Free.

 

Please help

 

Thanks



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:56 PM

Posted 24 September 2013 - 08:48 AM

You picked up the adware from free programs you installed...most likely. It is best to assume that ALL free

programs and browser add-ons come with some type of adware. Some installers allow you to UNcheck/ deny

the install of the adware and some don't...foist ware. Best to always choose custom install when offered.

 

Use the programs listed below to find and remove the adware. Look in your browser(s) for unknown add-ons and

disable if possible. Be sure to close all programs and disable real time security scanners before running the programs

listed below.

 

Malwarebytes.org

AdwCleaner Download

 

Post the scan logs back here and tell us if you are still getting popups or not.

 

EDIT: BrowseFox may be the extension/ add-on listed in your browser(s) that is the source of those popups.


Edited by buddy215, 24 September 2013 - 09:02 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Markwell

Markwell
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 September 2013 - 07:22 PM

I have disabled Browsfox - but is this able to be removed as well ?  Some popups are still happening.  I have not deleted anything at this stage.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.24.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Rob :: MARKWELLKENNELS [administrator]

25/09/2013 11:12:16 a.m.
MBAM-log-2013-09-25 (12-14-55).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418100
Time elapsed: 1 hour(s), 59 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> 2760 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKCR\CLSID\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440444154452} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550455155552} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\CrossriderApp0041552.BHO.1 (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151152} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\CLSID\{b9507101-e464-4b3b-a4cb-291aaedd94f2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\TypeLib\{006232f7-dbd6-4631-84e8-66ea161b43c4} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\Interface\{BB9817CA-9B43-41EB-8706-44847957338D} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseFox (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CrossriderApp0041552.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041552.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041552.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\Software\InstalledBrowserExtensions\Lyrics (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\Software\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\BrowseFox (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1 (PUP.Optional.LyricsSay.A) -> No action taken.

Files Detected: 29
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFoxBHO.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bg.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-updater.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UXALPIL\Setup[1].exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Users\Rob\Downloads\Microsoft Office Outlook 2007.exe (PUP.Optional.FirSeriaInstaller) -> No action taken.
C:\Users\Rob\Downloads\SoftonicDownloader_for_birdie-eml-to-pst-converter.exe (PUP.Optional.Softonic) -> No action taken.
C:\Program Files (x86)\BrowseFox\updateBrowseFox.InstallState (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFox.Common.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFox.ico (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\BrowseFoxUninstall.exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Program Files (x86)\BrowseFox\updateBrowseFox.exe (PUP.Optional.BrowseFox.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-codedownloader.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-enabler.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Windows\Tasks\LyricsSay-1-updater.job (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\background.html (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\Installer.log (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.dll (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.dll (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-helper.exe (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\LyricsSay-1.ico (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\Uninstall.exe (PUP.Optional.LyricsSay.A) -> No action taken.
C:\Program Files (x86)\LyricsSay-1\utils.exe (PUP.Optional.LyricsSay.A) -> No action taken.

(end)

 

 

# AdwCleaner v3.005 - Report created 25/09/2013 at 12:18:27
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Rob - MARKWELLKENNELS
# Running from : C:\Mike\Popup Scanners\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update BrowseFox

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\LyricsSay-1-codedownloader
File Found : C:\Windows\System32\Tasks\LyricsSay-1-enabler
File Found : C:\Windows\System32\Tasks\LyricsSay-1-updater
File Found : C:\Windows\Tasks\LyricsSay-1-codedownloader.job
File Found : C:\Windows\Tasks\LyricsSay-1-enabler.job
File Found : C:\Windows\Tasks\LyricsSay-1-updater.job
Folder Found C:\Program Files (x86)\BrowseFox
Folder Found C:\Program Files (x86)\LyricsSay-1
Folder Found C:\Users\Rob\AppData\Roaming\PerformerSoft

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\LyricsSay-1
Key Found : HKCU\Software\BrowseFox
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151152}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151152}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\BrowseFox
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411151152}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0041552.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0041552.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0041552.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0041552.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{006232F7-DBD6-4631-84E8-66EA161B43C4}
Key Found : HKLM\Software\LyricsSay-1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151152}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsSay-1
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411151152}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151152}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseFox

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688

*************************

AdwCleaner[R0].txt - [3390 octets] - [25/09/2013 12:16:43]
AdwCleaner[R1].txt - [3286 octets] - [25/09/2013 12:18:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3346 octets] ##########



#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:56 PM

Posted 24 September 2013 - 08:49 PM

Definitely allow the programs to delete what they found.

Post back to let us know if the ads are gone or not.

 

Cleanup the temporary files, logs, etc using Ccleaner. No need to use the Registry cleaning tool as it may cause another problem.

Use the default settings for now. During install you will be offered the Yahoo Toolbar or other. Be sure to UNcheck if not wanted.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Markwell

Markwell
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 27 September 2013 - 05:38 AM

Thank you for your help with this.  Everything seems to be back to normal.

 

Cheers

Robert

New Zealand



#6 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:56 PM

Posted 27 September 2013 - 07:38 AM

You are welcome...

 

You can get many of the programs that users often download from the link below. They are adware/ crapware free.

You can either download just the programs offered without installing their updating program or you can choose to

install the updating program. You decide.

Ninite - Install or Update Multiple Apps at Once


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users