Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your firefox browser is out of date window popup malware


  • Please log in to reply
17 replies to this topic

#1 MJ9

MJ9

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 07:06 AM

Hey guys, I've been getting this popup for a while now once per day or once every couple of days. This is what it looks like:

wia3ch.png

 

Sometimes, I'll also get a reported web forgery popup opening by itself in a new window while I'm on firefox.

 

There must be a malware somewhere installed on my browser or something. Is it easy to get rid of? could anyone help me please? I have malwarebytes but it doesn't find anything.



BC AdBot (Login to Remove)

 


#2 M. de Jager

M. de Jager

  • Banned
  • 434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 02 November 2014 - 07:17 AM

It says that you're Firefox is outdated. Try to update it, it will help to remove that alert. ;)



#3 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 07:21 AM

My firefox is very much up to date....Thats clearly not an alert from Mozilla Firefox, even the name is screwed up, it says "Firfox"



#4 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 02 November 2014 - 07:39 AM

Welcome to BC!

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 08:15 AM

Thank you for your help buddy215, I have a question tho, so adw found this program and I don't know if it's essential to the system and I should uncheck it or if I should just clean everything. What do i do?
2udx92s.png



#6 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 02 November 2014 - 08:35 AM

Delete/ clean it. Be sure to reboot when directed to.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 10:28 AM

Here are the results:

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 15:45:14
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Sony - SONY-PC
# Running from : C:\Users\Sony\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Sony\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dziobas-rar-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dziobas-rar-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Uniblue
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wdsrzeg9.default-1414927826264\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2317 octets] - [02/11/2014 13:33:25]
AdwCleaner[R1].txt - [2371 octets] - [02/11/2014 15:03:24]
AdwCleaner[R2].txt - [2431 octets] - [02/11/2014 15:42:21]
AdwCleaner[S0].txt - [2294 octets] - [02/11/2014 15:45:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2354 octets] ##########
 

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Ultimate x64
Ran by Sony on Sun 11/02/2014 at 15:52:36.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/02/2014 at 15:58:50.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

C:\Users\All Users\Optimizer\program\newver_11_1.6.1.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_15_1.6.1.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_18_1.6.3.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_1_1.6.4.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_4469785_1.5.9.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_48_1.6.4.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_54_1.6.2.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_59_1.6.2.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\newver_7008512_1.5.8.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Users\All Users\Optimizer\program\new_ver_1.5.7.0.exe    a variant of Win32/Agent.WMC trojan    
C:\Program Files (x86)\Windows Optimizer\avasts.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\optimizer.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\powermgr.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\system_shell.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\vmnet.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v1\optimizer.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v1\powermgr.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v1\vmnet.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v2\optimizer.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v2\powermgr.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Optimizer\v2\vmnet.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\YouTube Downloader Services\v7\powermgr.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\YouTube Downloader Services\v7\vmnet.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\YouTube Downloader Services\v7\youtubeserv.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_11_1.6.1.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_15_1.6.1.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_18_1.6.3.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_1_1.6.4.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_4469785_1.5.9.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_48_1.6.4.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_54_1.6.2.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_59_1.6.2.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\newver_7008512_1.5.8.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
C:\ProgramData\Optimizer\program\new_ver_1.5.7.0.exe    a variant of Win32/Agent.WMC trojan    cleaned by deleting - quarantined
D:\cv programe\SoftonicDownloader_for_dziobas-rar-player.exe    Win32/SoftonicDownloader.E potentially unwanted application    deleted - quarantined
D:\hdd\d\PROGRAME\some programs\AROTrial.exe    a variant of Win32/Systweak potentially unwanted application    deleted - quarantined
D:\hdd\d\programe1\Daemon 4.00\daemon-tools v4.00.exe    Win32/Adware.WhenU.SaveNow potentially unwanted application    deleted - quarantined
D:\hdd\e\@KITURI NU STERGE !!!\Daemon Tools\daemon4091-x86.exe    Win32/Adware.WhenU.SaveNow potentially unwanted application    deleted - quarantined
D:\hdd\e\Master\logos\Sam work\New folder (2)\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe    a variant of Win32/InstallCore.IO potentially unwanted application    deleted - quarantined
 



#8 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 02 November 2014 - 11:26 AM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars...especially Yahoo.

CCleaner - PC Optimization and Cleaning - Free Download

 

After using CCleaner to scan and clean, open again and click on Tools, click on uninstall. At the bottom right of that page you will

see a button when clicked will allow you to copy and paste the list of programs installed on your computer back here. Please do that.

 

Are you still seeing the popup?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 12:00 PM

No popup so far, but then again it doesn't show up that often, only like once every day, and it already showed up hours ago before I decided to post here  so I'm not sure if it's gone yet.

Adobe AIR    Adobe Systems Incorporated    10/21/2014        15.0.0.293
Adobe Community Help    Adobe Systems Incorporated    2/1/2014        3.0.0.400
Adobe Flash Player 15 ActiveX    Adobe Systems Incorporated    10/18/2014    6.00 MB    15.0.0.189
Adobe Flash Player 15 Plugin    Adobe Systems Incorporated    10/18/2014    6.00 MB    15.0.0.189
Adobe Illustrator CS5    Adobe Systems Incorporated    9/9/2014    1.78 GB    15.0
Adobe Media Player    Adobe Systems Incorporated    2/1/2014        1.8
Adobe Photoshop CS3    Adobe Systems Incorporated    2/1/2014    1.10 GB    10.0
Adobe Photoshop CS5    Adobe Systems Incorporated    2/1/2014    2.53 GB    12.0
Adobe Reader X (10.1.12)    Adobe Systems Incorporated    9/29/2014    202 MB    10.1.12
Alien Skin Eye Candy 5 Impact        2/1/2014        
Apple Application Support    Apple Inc.    3/21/2012    61.0 MB    2.1.7
Apple Mobile Device Support    Apple Inc.    3/21/2012    24.9 MB    5.1.1.4
Apple Software Update    Apple Inc.    3/21/2012    2.38 MB    2.1.3.127
Atheros WiFi Driver Installation    Atheros    3/2/2012        3.0
avast! Free Antivirus    AVAST Software    7/28/2014        9.0.2021
Bluetooth Win7 Suite (64)    Atheros Communications    3/2/2012    74.2 MB    7.3.0.95
Bonjour    Apple Inc.    3/21/2012    2.00 MB    3.0.0.10
BS.Player FREE    Webteh, d.o.o.    3/2/2012        2.57.1051
CCleaner    Piriform    3/28/2014        4.12
Corel Graphics - Windows Shell Extension    Corel Corporation    3/2/2012    2.93 MB    15.2.0.686
CorelDRAW® Graphics Suite X5    Corel Corporation    3/2/2012    1.46 GB    15.2.0.686
Dziobas Rar Player 0.009.51    Kamil Dzióbek    12/25/2012        
ESET Online Scanner v3        11/2/2014        
Google Chrome    Google Inc.    5/28/2014        38.0.2125.111
iTunes    Apple Inc.    3/21/2012    156 MB    10.6.0.40
K-Lite Codec Pack 8.2.0 (Full)        3/2/2012    55.2 MB    8.2.0
Logitech Webcam Software    Logitech Inc.    8/14/2013        2.0
Malwarebytes Anti-Malware version 2.0.3.1025    Malwarebytes Corporation    10/14/2014    56.6 MB    2.0.3.1025
McAfee Security Scan Plus    McAfee, Inc.    6/1/2014    10.2 MB    3.8.150.1
Microsoft .NET Framework 4.5.1    Microsoft Corporation    8/2/2014    38.8 MB    4.5.50938
Microsoft Office Enterprise 2007    Microsoft Corporation    8/2/2014        12.0.6612.1000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    3/2/2012    300 KB    8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    3/2/2012    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    4/21/2012    1.41 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    3/2/2012    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    10/4/2012    232 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    5/4/2012    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    8/2/2014    15.0 MB    10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU    Microsoft Corporation    8/2/2014    211 MB    9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Runtime    Microsoft Corporation    3/2/2012    158 KB    9.0.30729
Mozilla Firefox 33.0.2 (x86 en-US)    Mozilla    10/30/2014    77.4 MB    33.0.2
Mozilla Maintenance Service    Mozilla    8/6/2014    225 KB    31.0
music2pc 2.18    MP3 Download    5/18/2014    7.89 MB    
Nero 7 Ultra Edition    Nero AG    3/2/2012    186 MB    7.02.2631
NVIDIA 3D Vision Driver 295.73    NVIDIA Corporation    3/2/2012        295.73
NVIDIA Graphics Driver 295.73    NVIDIA Corporation    3/2/2012        295.73
NVIDIA HD Audio Driver 1.3.12.0    NVIDIA Corporation    3/2/2012        1.3.12.0
NVIDIA PhysX System Software 9.12.0209    NVIDIA Corporation    3/2/2012        9.12.0209
oDC (remove only)        3/2/2012        
Skype™ 6.21    Skype Technologies S.A.    10/9/2014    27.0 MB    6.21.104
SopCast Plugin V6 - www.cool-tv.ro    www.cool-tv.ro    12/25/2013        00.60.00.00
Spider Player 2.5.3    VIT Software, LLC    12/25/2012    12.8 MB    2.5.3.0
Total Commander (Remove or Repair)    Ghisler Software GmbH    3/2/2012        7.56a
TreeSize Free V2.7    JAM Software    3/2/2012    3.62 MB    2.7
Trust WB-3400T Webcam    PC Camera    5/14/2012        1.0.2.13
TuneUp Utilities    TuneUp Software    3/2/2012        9.0.6020.6
Visual Studio 2012 x64 Redistributables    AVG Technologies    9/28/2014    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    9/28/2014    10.5 MB    14.0.0.1
VLC media player    VideoLAN    8/4/2014        2.1.5
VSO EVE Network Driver version 1.0.0.26    VSO Software    5/19/2014    2.81 MB    1.0.0.26
Widevine Media Optimizer Chrome 6.0.0    Widevine Technologies    6/8/2014        6.0.0.12442
Winamp (remove only)        3/2/2012        
Windows Mobile Device Center    Microsoft Corporation    3/2/2012    27.4 MB    6.1.6965.0
WinPcap 4.1.2    CACE Technologies    5/19/2014        4.1.0.2001
WinRAR 5.01 (64-bit)    win.rar GmbH    8/4/2014        5.01.0
 


Edited by MJ9, 02 November 2014 - 12:01 PM.


#10 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 02 November 2014 - 12:52 PM

Uninstall:

TuneUp Utilities    TuneUp Software    3/2/2012        9.0.6020.6

McAfee Security Scan Plus    McAfee, Inc.    6/1/2014    10.2 MB    3.8.150.1

 

The popup could of been part of an attempt to exploit a program such as Java....which you don't have..or it could be

that since you didn't click on it that it was unsuccessful in doing whatever its intent was. Let me know if it shows up again.

There was some adware and a trojan removed but I don't know if any was related to the popup.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 November 2014 - 01:01 PM

Is tuneup utilities bad? I've been using this program for years.

 

Anyway, thank you very much for your help buddy215! will let u know if it shows up again.



#12 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 02 November 2014 - 01:42 PM

Depends on what you use it for.  If you use it to clean the registry you might find your

computer unbootable. I think AVG now has taken it over and that means it is an adware purveyor. Though yours is an earlier version.

 

 

You now have CCleaner installed. Part of what tuneup could do is cleanup. CCleaner tools will display startups and allow you to disable or

enable programs in startup. You can uninstall programs using CCleaner, too. Windows has its own defragmenter and it works just fine. You

can set it to defragment automatically which I think is the default in Win 7.


Edited by buddy215, 02 November 2014 - 01:43 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 05 November 2014 - 02:24 PM

Looks like it's still showing up :(



#14 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:12 AM

Posted 05 November 2014 - 03:11 PM

Bummer....Finding the culprit will require the use of tools not allowed in this forum. Along with the expertise to use the tools.

 

Start a new topic after creating a DDS log by following instruction #6 found here: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs

 

Post the DDS log along with a description of the problem in the Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com

 

Do not bump your topic once it is posted. Wait for a response. It could be a few days.

 

EDIT: Try one other thing....open CCleaner and click on Startups. At the top of that page you will see a button titled Tasks. Click on that and

post the lists of tasks by clicking on the button at the bottom of the same page with the task list open. Clicking on the button at the bottom

of the page will allow you to copy and paste the list of Tasks back here. Please do that.

 

You can safely disable any of those tasks especially one that you think might be causing the ad to appear. Or wait until I review them.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 MJ9

MJ9
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 05 November 2014 - 03:46 PM

Hmm I think my ccleaner looks different? So I went to ccleaner - tools - startup- scheduled tasks. Hope I'm posting the right thing.

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    Adobe Reader and Acrobat Manager    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    AdobeAAMUpdater-1.0-Sony-PC-Sony    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HP online update program    Hewlett-Packard    C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe
Yes    Task    TuneUpUtilities_Task_BkGndMaintenance    TuneUp Software    C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe $(Arg0)
Yes    Task    {2399D219-8518-469F-B0A6-FDC5D8848824}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Sony\Downloads\wlsetup-web.exe -d C:\Users\Sony\Downloads
Yes    Task    {41F35FA7-0E74-4188-8ED3-E38A2B680F8C}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Xilisoft\Video Editor 2\Uninstall.exe"
Yes    Task    {7504BDD3-37D6-4E40-9126-44715A561E5E}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a D:\hdd\d\LGUSBModemDriver_WHQL_ML_Ver_4[1].9.6_All_0911051\FlashUSB\Setup.exe -d D:\hdd\d\LGUSBModemDriver_WHQL_ML_Ver_4[1].9.6_All_0911051\FlashUSB
Yes    Task    {AE628245-7D29-4934-A35F-9A90F48EA541}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsBing
Yes    Task    {F7401E65-45AF-4116-953A-8081BF88BE5C}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Sony\Downloads\14383-02_02(1).exe -d C:\Users\Sony\Downloads
Yes    Task    {FC4BBF48-8827-46CD-8536-5BDFC6E914E4}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users