Firefox tab pops

sdfix and smitfraud is not present in my desktop where i downloaded it to. i think it's gone.

Ok please check C:\program files\ERUNT or C:\program files\ERDNT

let me know if you see either of those

its not there

Let's have a look at the suggested registry key from NirCmd

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\swearware"
type peek1.txt >> look.txt
del peek*.txt
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.

It should look like this on your desktop:

Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.

That is just out of curiosity, I think it is a false positive.

I also want to know if you have a current subscription with Norton

I need you to manually delete the following folders
C:\qoobox
C:\ComboFix

ok im gonna email the loox.txt to you again, coz its large

i do have a current subscription in norton. my norton is licensed and original, not cracked.

i do not find the folders in C:\

I think we should uninstall/re-install norton then.

I am 99% sure that is a false positive by spyware doctor

Do you still have the original problem with the popup in firefox?

i'm already sending the email with look.txt
i also found a file named Bug.txt in C:\, it might be nothing but i sent it in the email too.

i will reinstall norton. and will update you when it's done.

in spyware doctor, it said that:

Application.NirCmd is a legitimate application,
the threat level is Info_PUAs,
description: A legitimate application.Under certain circumstances,howver,some people might find it undesirable.

but i don't experience the firefox popups anymore... =D

does this mean that everything went well? and how can i protect my comp from further infections etc.?

thanx for everything

I will post back in a little while with how we can tighten up security a bit.

Just wanted to check a few more things in the logs

i've successfully reinstalled norton. internet phising protection seems to be working fine.

Application.NirCmd is still detected by spywaredoctor.
i was wondering if deleting the detected files would solve this, i won't do it yet unless instructed.

what about the windows update files, is it ok to update now or wait?

another thing i noticed after all the procedures we've done is that auto-run doesn't work anymore. when i insert a cd or dvd, and connect my external HDD there's no autorun anymore

Good, I thought that would work

What files is it detecting, can you show me the log. Or copy and paste what exactly it is finding.

Go ahead and update as soon as possible. These may include some security updates that you have not been receiving because of the infection.

We can try to change some settings in the registry, but before doing that it is a good idea to backup the registry. So please do these instructions in order, reboot then test the autorun.


Backup your regsitry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

• regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


Making a .reg file
Open notepad and copy and paste the text in the quotebox below in it:

Code:

[b]REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
“AutoRun”=dword:0000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“allocatecdroms”=”0″

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoDriveTypeAutoRun”=dword:00000091[/b]

Name the file as Fix.reg

Change the "Save As" type to "All Files" and save it on the desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

i attached a file enumerating what the spyware doctor detects.

the reg solution seemed to not work. autoplay still doesnt function when i insert a new cd and connect my external HDD

im having new problems with my mouse pointer in firefox. this problem doesn't occur in IE.

the mouse pointer returns back to the previous point when i move the mouse. it sort of snaps back in place when i move the mouse. i use the laptop's touchpad and also a usb mouse. the problem is the same so its not hardware related.

also, in the menu dropdowns the selection moves by itself.

it also doesn't occur everytime, sometimes i chance upon good functionality like now. when it acts up i just close firefox.

this problem appeared after the windows update i was talking about.

Let spyware doctor fix those as we uninstalled combofix already, it was a false positive.

----------------------------
Enable CD-ROM autoplay

# Open Windows Explorer by pressing the Windows + "e" key.

# Right-click the desired CD-ROM and select Properties from the menu.

# Select the AutoPlay tab.

# Select each item from the pulldown list and for the Action to perform

-----------------------------

Enable autorun for other media types

Start -> Run -> type regedit

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
"NoDriveTypeAutoRun"

What is the value of "NoDriveTypeAutoRun"

In hex it should appear 95 0 0 0

it's 91 0 0 0 instead of 95

i modified it

95 is the default - disabled

91 is enabled, I just wanted to see if the reg file worked properly. Please leave it as 91

---------------------------------------------------

Select each device from windows explorer and select properties, there should be an auto play tab.

i've tried it with the cd drive and the external HDD. it's still not working. i changed it back to 91.

I am going to ask somebody else to have a look at the autoplay and firefox issues, but I will still be here.