TechSpot

Internet explorer popups

By toneeh
Aug 27, 2007
  1. Hi, this has been occurring for quite some time, whenever i load mozilla i will get internet explorer popups. I've tried running softwares to clean it, but it just doesn't go away. Recently I watched something using real player and it just opened websites non stop :(

    Is there anyway to stop these Internet explorer pop ups?
     
  2. -Have you tried uninstalling Mozilla completely and then reinstalling it?
    ..from Control Panel, then Program files, then registry?

    - Do you have a Firewall protecting your internet connection?

    - Do you have a third-party pop-up blocker? - http://www.stopzilla.com/download/d...POP BLOCKER&gclid=CKaKjbb3lo4CFRrnPgodpzqrXg&

    - Is your Mozilla pop-up blocker on? - http://www.bsu.edu/techtrain/popup/mozpopup/

    - What do you mean by Internet Explorer pop-ups?

    ***Try this and post your results: http://www.popuptest.com/***

    - Oh and by the way, welcome to TechSpot! :)
     
  3. toneeh

    toneeh TS Rookie Topic Starter

    No i haven't, but sometimes i will get popups even though mozilla isn't opened :(

    My system says i have firewall turned on.
    I don't use third party popup blockers, and i have just checked, the inbuilt mozilla popup blocker is checked.

    These popups can be like adds, or links to various sites I've never seen so its very random.

    Thanks for the warm welcome ^_^
     
  4. raybay

    raybay TS Evangelist Posts: 7,241   +9

    There are settings in Internet Explorer 7.0 to opt out of most pop ups.
    I have been using Firefox for years. Popups are almost never a problem, unless your settings allow them.
    See the Help section in Mozilla... There is a section there on "Controlling PopUps."
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and read this thread HERE and post a HJT log as an attachment into this thread.

    Regards Howard :)
     
  6. toneeh

    toneeh TS Rookie Topic Starter

    I have done the HJT scan and here is the .txt file attatched
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just click on where it says HERE.

    Regards Howard :)
     
  8. toneeh

    toneeh TS Rookie Topic Starter

    log posted, do i have a virus ?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is badly infected with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. toneeh

    toneeh TS Rookie Topic Starter

    1 sec following the instructions
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It`ll take you quite a while to follow the instructions. Take your time and don`t skip any of them, unless it states otherwise.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. toneeh

    toneeh TS Rookie Topic Starter

    for step 11 - Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path" Do not fix anything yet. Let me know what is found in your reply and I`ll instruct you on how to proceed. Reconnect to the net.

    i finished the scan but how do i post it ?

    I think i found it in the folder, is it called Results? It is like 10 mbs and i cant upload it
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You don`t post the AVG Antirootkit scan, just the results(location/file path) of what it finds(if anything).

    Example: C:\windows\system32\somefile.exe

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. toneeh

    toneeh TS Rookie Topic Starter

    the rookie scan finds like thousands of things like c:\Documents and Settings\user\Application Data\Microsoft\Msn Messenger.....
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, I think the better option would be to reformat and reinstall from scratch.

    Before doing that, can you post a screen shot of the AVG Antirootkit scan?

    Regards Howard :)
     
  16. toneeh

    toneeh TS Rookie Topic Starter

    This is a print screen of the rootkit scan

    Well i dont know if this matters of not, these are the HJT and AVG scans:

    i also did another AVG scan later on.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m not 100% sure what`s going on here, but would like you to do the following.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Run AVG Antirootkit as per the instructions in step11 of this thread HERE and have it fix everything it finds.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the filepaths you need to enter into Vundofix.

    C:\Program Files\Common Files\goskdl.dll
    C:\WINDOWS\system32\qqxrkx.dll
    C:\program files\internet explorer\nm070809.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    spoolsv.exe
    Update.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll

    O2 - BHO: (no name) - {C9E1A926-69E5-1B4A-BD5A-3676151B0DC4} - C:\WINDOWS\system32\qqxrkx.dll

    O4 - HKCU\..\Run: [Reas] "C:\PROGRA~1\SSEMBL~1\spoolsv.exe" -vt ndrv

    O4 - HKLM\..\Policies\Explorer\Run: [nongmin] rundll32.exe "C:\program files\internet explorer\nm070809.dll" mymain

    O4 - HKCU\..\Policies\Explorer\Run: [{40BAC257-07E3-1033-0423-040502020001}] "C:\Program Files\Common Files\{40BAC257-07E3-1033-0423-040502020001}\Update.exe" mc-110-12-0000904

    O4 - HKCU\..\Policies\Explorer\Run: [{40BAC257-07E4-1033-0423-040502020001}] "C:\Program Files\Common Files\{40BAC257-07E4-1033-0423-040502020001}\Update.exe" mc-110-12-0000904

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\SSEMBL~1<Delete the entire folder.
    C:\Program Files\Common Files\{40BAC257-07E4-1033-0423-040502020001}<Delete the entire folder.
    C:\Program Files\Common Files\{40BAC257-07E3-1033-0423-040502020001}<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Run a fresh AVG Antirootkit scan and let me know if it finds anything.

    Post fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. toneeh

    toneeh TS Rookie Topic Starter

    Sorry, i was just wondering how do i Delete all files in AVG Antispyware quarantine?
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open AVG Antispyware and click on the Infections button, then the qurantine tab. Click select all, then click Remove Finally.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. toneeh

    toneeh TS Rookie Topic Starter

    I have experienced my system crashing at times, like programs will get critical errors after deleting things and stuff.

    The two programs which have crashed are:

    World of warcraft - game
    Ventrilo

    i will post the logs shortly.
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try reinstalling the programmes.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. toneeh

    toneeh TS Rookie Topic Starter

    sorry for the late reply, been caught up in real life ><

    Here are the scans from HJT, however i cannot generate a report for AVG for some reason :(
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, Combofix and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...