TechSpot

IE Pop ups when launching Firefox

By Akai
Jan 30, 2007
  1. Lately every single time I launch Firefox, and Internet Explorer ad comes up. Every single time. It never used to do that, and I have no idea why it's doing this. I reinstalled Firefix and no fix.

    Anyone have any idea what's causing this? I've ran all my scanners and everything is fine.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a HJT log as per the instructions HERE. Also, please provide details of the ad that pops up.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Here is my HJT log, I'm sorry I forgot to post this in the first place. By the way, its IE "ads" that pop up when I use Firefox.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re using an outdated version of HJT. The current version is 1.99.1. Please uninstall the old version and install the latest version. Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Akai

    Akai TS Rookie Topic Starter Posts: 119

    I'm extremely sorry for not posting this sooner, I've been gone. I now have an updated version of HJT and here is the log.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It appears your computer is infected with the lop trojan.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log.

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Then go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, the C:\nolop and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Thank you for the fast response, I ran NoLop and it told me "No infection files have been found". So I'm not sure what to do then if it hasn't detected the Lop virus.

    Here is the log:
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s ok, just follow the rest of the instructions. If the lop infection is still there after doing that, I`ll try and remove it manually.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Ok, I'll do the Virus removal guide. I'll post back once I've finished. Thank you Howard for the fast responses, I appreciate it.
     
  10. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Well, after 23 hours of scanning in safe mode, it's finally complete! Though I'm sad to say I believe I still have the virus, since IE ad's keep popping up when I launch Firefox. My anti-virus program NOD32 found two viruses, and deleted them. AVG Antispyware found two "Trojan." and something else and quarentened those three. I also did all the other scans.

    Here is my AVG antispyware log and HJT log.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    NounMpeg.exe
    Debug 2.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [BEEPBODYDEADTHUNK] C:\Documents and Settings\All Users\Application Data\Filmreadmebeepbody\Debug 2.exe

    O4 - HKCU\..\Run: [Bolt Link] C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1\NounMpeg.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1<Delete the entire folder.
    C:\Documents and Settings\All Users\Application Data\Filmreadmebeepbody<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Akai

    Akai TS Rookie Topic Starter Posts: 119

    I followed the steps exactly and I believe it's fixed! I opened Firefox and no IE Pop up ad come up! Thank you so much Howard, I appreciate your hep so much.

    Here is a HJT just incase. Thank you so much!

    Edit: By the way, would you happen to know how I got the virus (Where it came from maybe)?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    I have no idea where you picked up the infection.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Thank you so much Howard! I really appreciate it. Thanks.
     
  15. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Possible [Trojan-Dropper.VB.1]

    I want to know if it's possible to check to see if I have this virus named "Trojan-Dropper.VB.1". I scanned a file with http://virustotal.com and one of them found this:

    So I deleted the file, and was curious if there was a way to see if I have the virus. Here is my HJT log. Thank you.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix this entry.

    O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

    Other than the above nasty entry, your HJT looks clean.

    However, I can find no info for this file.

    FlashToVideo.exe

    Unless you know for a fact that it`s safe, do the following.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\Program Files\GeoVid\Flash to Video Encoder\FlashToVideo.exe

    Kind

    * Click Open
    * Please let me know the results.

    Regards Howard :)
     
  17. Akai

    Akai TS Rookie Topic Starter Posts: 119

    87.117.202.117 nprotect.roseonlinegame.com

    ^ That is a game called Rose Online. Should I still delete it?

    And Geovid is a program to convert .flv files to .avi, only good one I could find. Downloaded it today. Here are the results:

     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should certainly delete the nprotect.roseonlinegame.com from your hosts file. So yes, have HJt fix that entry.

    Geovid programme looks fine, so no worries there.

    It is possible the file suspected as being a trojan dropper was a false positive.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Thank you howard, I will fix the nprotect.roseonlinegame.com with HJT.

    Thank you for helping me once again!
     
  20. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Computer unbelievably slow

    Since last night my computer has been unbelievably slow, I'm not sure what is going on. Right now as a I type the words don't show up untill about 10 seconds after I type them.

    So I thought it could be a virus (reason why I didn't post it in Windows OS). I'm sorry that I've posted three times already in here in the last week. But this is kind of out of hand. I tried uninstalling all the programs I installed last night, rebooted computer twice and it's still extremely slow. So again, maybe it's a virus/spyware or something (ran scans with spybot, and ad-aware and found nothing).

    Here is my HJT log, hope this can be fixed.
     
  21. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please have HJT fix the following entries (if there):

    O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [http]www.acclaim.com/cabs/acclaim_v5.cab


    Do you know anything about set3C8.tmp? If not, please go to C:\Documents and Settings\Owner\Local Settings\Temp and delete set3C8.tmp. If it doesn't delete, you'll probably have to go into Task Manager, go to the processes tab, and end the process for set3C8.tmp, then delete the file.

    Please read the Viruses/spyware/malware, preliminary removal instructions, follow all the instructions exactly, and post fresh HJT and AVG Antispyware logs as attachments into this thread.

    Regards :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  22. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Completed. Here is my HJT log.
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged all your virus problem threads into this one. This will alow us to see a history of your virus/malware problems more easily.

    Your HJT log is clean. It is still advisable to post an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. Akai

    Akai TS Rookie Topic Starter Posts: 119

    Well, it speeded up for about a day. I even defraged, but I'm still going extremely slow/sluggish. So I'm not sure what to do now.

    HJT log:
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is still clean.

    Post an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...