Mozilla Firefox redirects to junk site

Status
Not open for further replies.

jniccum

Posts: 11   +0
problem is: Firefox loads then redirects me to fp.pc-on-internet.com or occasionally other sites. I have scanned with various programs, no indication of virus or other problems. I have blocked scrips and used adblock to stop problems. If I block the site firefox will not load. says it has been partially blocked. Have deleted firefox, done deep scan with norton and reloaded firefox, still same. Getting extremely annoying. Any assistance would be appreciated.
 
Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
hj file attachment

here is the hj file - thanks for quick response
 

Attachments

  • hijackthis.log
    12.1 KB · Views: 5
BTW: This is a Vista System

these are infections

O21 - SSODL: altvxvm - altvxvm.dll
O21 - SSODL: bokpkov - bokpkov.dll

Vista Only browser hijacker

Unknown Local Program
C:\Users\Jim\AppData\Local\jizzoads.exe
and it gets autostarted!!!
O4 - HKCU\..\Run: [jizzoads] c:\users\jim\appdata\local\jizzoads.exe jizzoads

cpu pig

C:\Windows\system32\Dwm.exe

I don't have the removal instructions so await further feedback .....
 
fp.pc-on-internet.com is a Russian site. They say their " Our core business: to optimize your traffic and raise your revenue" There is actually an uninstall for this, with the message: "You have decided to uninstall the Favorite contextual advertising component that you downloaded jointly with the software on your computer. :> then click on the uninstall:
http://www01.pc-on-internet.com/uninstall.php?lg=EN

It's actually a pretty clean site with only per session First Party Cookies.

Take ALL of the HP processes off of Startup. NONE of them need to start when you boot and run in the background. I counted 8 in Programs alone!

Do you realize what this version of Office Is?
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
Microsoft Office Groove 2007:
Work together and share information with team members — anywhere, anytime, with anyone. Get started with the new Groove. Download a trial or buy it today.
http://office.microsoft.com/en-us/groove/default.aspx

Free Download Manager: What is Free Download Manager? It is a powerful, easy-to-use and absolutely free download accelerator and manager.
http://www.freedownloadmanager.org/
Do you need these>>BHO/CLSID/Toolbar Deep Dive:
iefdmcks.dll, iefdm2.dll

Take these off of Startup:
Adobe Reader Speed Launcher
Windows Media Player
Microsoft Office Groove.lnk and OneNote
Stop all background processes for Free Download Manager: - Download selected, Download video, Download web site.
Srop all startup and background processes for QuickPlay Media
 
I really appreciate your assistance. Norton blew over this and I'm low tech. Read post on virus programs, I'll get at least 2 progs. Will wait to hear back from you. Thanks
 
You should have those three checked out,

Do this for the three files in the quote box, one at a time

Upload a File to Virustotal
Please visit Virustotal

Copy/paste this file and path into the white box at the top:
C:\Users\Jim\AppData\Local\jizzoads.exe
C:\Windows\altvxvm.dll
C:\Windows\bokpkov.dll
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then attach the results in your next response.
 
First lets get some more info on this file

Upload a File to Virustotal
Please visit Virustotal found HERE
  • Click the Browse... button
  • Navigate to the file c:\users\jim\appdata\local\jizzoads.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.

Edit: That was good timing kritius

Also go to start -> control panel -> Programs and Features

Highlight and uninstall if there:
Wild Tangent
MyGeek
CPVFeed

---------------------------------------------------------------------------------------------

Looks like you guys have this one under control - most those entries are from Mygeek infection
 
"Read post on virus programs, I'll get at least 2 progs."

No! Only one anti-virus program that is kept up to date and scanned with often. Two do NOT protect you more- in fact, the conflict may allow more malware to gt in!
 
U guys got it together, would've taken me months to even get started on this. I'll take your advise on virus program but don't think i will stay with norton... thanks again
 
The 2 files altvxvm.dll and bokpkov.dll came from Prevx, software I bought to control spyware Ha! The jizzoads.exe came off easy with the site uninstall program (thanks for the link) and couldn't find the geek files on my installed programs. Thanks all
 
Actually prevx says those are both infections

http://www.prevx.com/filenames/X1584884776423109902-X1/ALTVXVM.DLL.html

http://www.prevx.com/filenames/X1062332390935913983-X1/BOKPKOV.DLL.html

and both are part of the program that i suggested
http://research.sunbelt-software.com/threatdisplay.aspx?threatid=123565


This would be my recommendation

Download and Install SDFix
  • Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here
 
FYI: looks like those files cam from the same place:

Command: C:\WINDOWS\bokpkov.dll
Description: Added by a variant of the MyGeek/CPVFeed adware.
File Location: %WinDir%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
CLSID: <Random CLSID>

Command: C:\Windows\altvxvm.dll
Description: Added by a variant of the MyGeek/CPVFeed adware.
File Location: %WinDir%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
CLSID: <Random CLSID>

Removing it:
http://www.spywareremove.com/removeMyGeekCPVFeed.html

Blind dragon, we may be doubling up here, but I went ahead in case it is helpful.
 
Alright...from now on I will do as I'm told and listen to those who know (it hurts to display ones ignorance so publicly).....downloading sdfix..will post after running. Thanks.
 
your system is infected with a trojan horse/ virus. Please post this in the security forum.
 
Re-direct post?

I think I got everything right this time. sdfix worked..I'm not sure how to move this post to the security forum, i checked help file but could not find instructions. Can you give directions?
 
hj file update

after reboot hj log showed a groove entry?? sdfix ran but can't get my laptop to access internet in safe mode booted with internet access but using usbconnect 881 att and wont load internet. hj seemed to fix other entries but not sure.
 
Indeed it does appear to have worked

I suggest you run 1 Anti-virus program/ 1 Firewall/ and a combo of anti-spyware (spybot and adaware 2007) I will list some link below for you to try stuff out.

Firewalls
Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm

If you decide to ditch norton run this to uninstall it http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Anti-Virus
the free AVG or Avast antivirus programs

Anti-Spyware

Then you can get Spybot S&D from HERE and Adaware 2007 from HERE
 
For what it's worth, I have stopped recommending AdAware 2007. Frequent update and install problems have been reported. I used the paid version on 2 systems for years. When I could no longer get updates, I removed it and installed AdAware 2007- a total of 3 times. I got multiple error messages & failure for updates to go through.

Maybe Lavasoft has worked it out by now but I got tired of fooling with it.
 
I haven't had a single problem in years with it. Adaware SE quit auto updating, but that was when 2007 came out. Been fine since.
 
Blind Dragon, I don't auto-update anything except my AV program. I updated AdAware SE right before each scan. I didn't set 2007 to auto-update either, but got update errors whenever I tried to update.

It's kind of like the old AOL days- at least when it was AOL v5. Some people had no problems, never got cut off and so on. Others, like myself, heard that "Goodbye" too many times in the middle of doing something!

So I wouldn't have recommended AOL then and I do not recommend AdAware 2007 now. IF you have a slow day sometime, check for the ongoing problems users are having with AdAware 2007.
 
Status
Not open for further replies.
Back