TechSpot

Extra Windows opening without cause in Firefox

By Eddie_42
Dec 23, 2008
  1. Hello,

    I am having some issues with a spyware/virus/malware something. The program doesn't spam pop-up continually, but if i open a new Firefox page or on occasion when loading a new page, a new window will open. The content of the windows varies, sometimes its a verizon page, or a dexonline page, some are for 'the best spyware available - click here now', sometimes its just blank.

    I am using AVG 7.5 Pro for antivirus, it is updated daily. I have downloaded an run Ad-Aware 2008, spywareblaster, and MBAM, but have still to find the cause.

    The AVG will occasionally find a trojan, named either generic8 or generic12. These are being found in the sys32 folder attached to a .dll. When i click heal, my computer restarts, its fun.

    Logs are attached
     
  2. rf6647

    rf6647 TS Maniac Posts: 931

    Good description. Did ths SAS scan come back clean?

    Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.

    This tool performs a good cleaning & gives diagnostic information. Always restart the computer preceding HJT scan.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Rick, you might want to make note of this. The Castlecop elves seem to have deserted us for the North Pole- the site is down. So I found this to use when Teatimer is running:

    To Disable Spybot's TeaTimer
    You might want to have Eddie remove this:
    O20 - AppInit_DLLs: ldplcs.dll
     
  4. Eddie_42

    Eddie_42 TS Rookie Topic Starter Posts: 213

    Hello,

    I ran SAS yesterday. It found 8 things, but in the ad-aware program. On the 24th my AVG scan found 4 trojans and was able to clean them all. Since then i have not had a pop-up.

    I do still have the O20 Appinit_DLL in my HJT log, if that is something to address. But i think for now, some combination of all the spyware/virus scans did their job.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Eddie, rj may be out with the elves, so in his absence:
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    This is not a legitimate process and is loaded from memory.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode.

    Right click on Start> explore> Windows> System 32> right click on ldplcs.dllfound on the right screen> delete.

    Run one more HijackThis scan and attach log. If it's gone, good, if not, we'll do a regedit.
     
  6. Eddie_42

    Eddie_42 TS Rookie Topic Starter Posts: 213

    I 'fixed' that process and now it no longer shows up. I did not however find the DLL in the sys32. I dont know where it is, but its not there.

    New HJT attached
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, two things you need to be concerned with:

    1. You are still using AVG v7. Have you been getting updates manually for this? I ask because the next version, v7.5 is losing support as of 12/31 and users will need to upgrade to v8. I think v7 already lost support but am not sure. If it did and you aren't manually updating, you are unprotected.

    2. There are new, unidentifiable entries in the HijackThis log:

    They will be malware, both from System 32 folder. This concerns me due to the large amount of malware your original Malwarebytes found.

    Please run SDFix according to these instructions:
    http://www.bleepingcomputer.com/forums/topic131299.html

    Scroll down to this section: SDFix Instructions: There are screen shots to assist you. When you have finished, follow by new scan with HijackThis and attach both logs.

    FYI, the new malware entries in the current log are:
    We will see if SDFix can get at the source. You can check these two entries in a HijackThis scan and then close all Windows except HijackThis and click on Fix Checked, reboot the computer..

    My guess is that other entries may present if we can't find the source. As you will note, it says 'file missing', which may or may not actually be the case.
     
  8. Eddie_42

    Eddie_42 TS Rookie Topic Starter Posts: 213

    Hi,

    Im at work currently so it will be a few before i can follow up.

    I am using AVG 7.5 Pro. I get daily updates when the computer boots. I was unaware that they were stopping support, no emails or other notifications. I also bought a 2 year license in June.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    After leaving Computer Associates eTrust antivirus, I subscribed to the AVG v7.5 paid program. When it was time to renew, I went to the site-but when I got on the site, there was a notice on the right side, stating that although the renewal could be done, v7.5 would not be supported after 12/31/08 and I would need to upgrade to v8 before or by that time. You CAN resubscribe, but will be forced into the new version.

    I did not renew because I didn't want v8. I went with Nod32 instead. So check that out. v8 has had a lot of problems, particularly with the updating. It also has a spyware/adware program bundled with the AV. I don't use 'bundles'- only free-standing
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.