Mozilla Firefox redirects to junk site

By jniccum
Mar 25, 2008
Topic Status:
Not open for further replies.
  1. problem is: Firefox loads then redirects me to fp.pc-on-internet.com or occasionally other sites. I have scanned with various programs, no indication of virus or other problems. I have blocked scrips and used adblock to stop problems. If I block the site firefox will not load. says it has been partially blocked. Have deleted firefox, done deep scan with norton and reloaded firefox, still same. Getting extremely annoying. Any assistance would be appreciated.
  2. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
  3. jniccum

    jniccum Newcomer, in training Topic Starter

    hj file attachment

    here is the hj file - thanks for quick response

    Attached Files:

  4. jobeard

    jobeard TS Ambassador Posts: 13,278   +280

    BTW: This is a Vista System

    these are infections

    O21 - SSODL: altvxvm - altvxvm.dll
    O21 - SSODL: bokpkov - bokpkov.dll

    Vista Only browser hijacker

    Unknown Local Program
    C:\Users\Jim\AppData\Local\jizzoads.exe
    and it gets autostarted!!!
    O4 - HKCU\..\Run: [jizzoads] c:\users\jim\appdata\local\jizzoads.exe jizzoads

    cpu pig

    C:\Windows\system32\Dwm.exe

    I don't have the removal instructions so await further feedback .....
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    fp.pc-on-internet.com is a Russian site. They say their " Our core business: to optimize your traffic and raise your revenue" There is actually an uninstall for this, with the message: "You have decided to uninstall the Favorite contextual advertising component that you downloaded jointly with the software on your computer. :> then click on the uninstall:
    http://www01.pc-on-internet.com/uninstall.php?lg=EN

    It's actually a pretty clean site with only per session First Party Cookies.

    Take ALL of the HP processes off of Startup. NONE of them need to start when you boot and run in the background. I counted 8 in Programs alone!

    Do you realize what this version of Office Is?
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    Microsoft Office Groove 2007:
    Work together and share information with team members — anywhere, anytime, with anyone. Get started with the new Groove. Download a trial or buy it today.
    http://office.microsoft.com/en-us/groove/default.aspx

    Free Download Manager: What is Free Download Manager? It is a powerful, easy-to-use and absolutely free download accelerator and manager.
    http://www.freedownloadmanager.org/
    Do you need these>>BHO/CLSID/Toolbar Deep Dive:
    iefdmcks.dll, iefdm2.dll

    Take these off of Startup:
    Adobe Reader Speed Launcher
    Windows Media Player
    Microsoft Office Groove.lnk and OneNote
    Stop all background processes for Free Download Manager: - Download selected, Download video, Download web site.
    Srop all startup and background processes for QuickPlay Media
  6. jniccum

    jniccum Newcomer, in training Topic Starter

    I really appreciate your assistance. Norton blew over this and I'm low tech. Read post on virus programs, I'll get at least 2 progs. Will wait to hear back from you. Thanks
  7. jniccum

    jniccum Newcomer, in training Topic Starter

    Thanks for assistance, I was stuck...maybe I can learn something on this site.
  8. kritius

    kritius TechSpot Guru Posts: 2,087

    You should have those three checked out,

    Do this for the three files in the quote box, one at a time

    Upload a File to Virustotal
    Please visit Virustotal

    Copy/paste this file and path into the white box at the top:
    Press Submit - this will submit the file for testing.
    Please wait for all the scanners to finish then attach the results in your next response.
  9. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    First lets get some more info on this file

    Upload a File to Virustotal
    Please visit Virustotal found HERE
    • Click the Browse... button
    • Navigate to the file c:\users\jim\appdata\local\jizzoads.exe
    • Click the Open button
    • Click the Send button
    • Copy and paste the results back here please.

    Edit: That was good timing kritius

    Also go to start -> control panel -> Programs and Features

    Highlight and uninstall if there:
    Wild Tangent
    MyGeek
    CPVFeed

    ---------------------------------------------------------------------------------------------

    Looks like you guys have this one under control - most those entries are from Mygeek infection
  10. kritius

    kritius TechSpot Guru Posts: 2,087

    Just got there ahead of you Blind!
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    "Read post on virus programs, I'll get at least 2 progs."

    No! Only one anti-virus program that is kept up to date and scanned with often. Two do NOT protect you more- in fact, the conflict may allow more malware to gt in!
     
  12. jniccum

    jniccum Newcomer, in training Topic Starter

    U guys got it together, would've taken me months to even get started on this. I'll take your advise on virus program but don't think i will stay with norton... thanks again
  13. jniccum

    jniccum Newcomer, in training Topic Starter

    The 2 files altvxvm.dll and bokpkov.dll came from Prevx, software I bought to control spyware Ha! The jizzoads.exe came off easy with the site uninstall program (thanks for the link) and couldn't find the geek files on my installed programs. Thanks all
  14. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Actually prevx says those are both infections

    http://www.prevx.com/filenames/X1584884776423109902-X1/ALTVXVM.DLL.html

    http://www.prevx.com/filenames/X1062332390935913983-X1/BOKPKOV.DLL.html

    and both are part of the program that i suggested
    http://research.sunbelt-software.com/threatdisplay.aspx?threatid=123565


    This would be my recommendation

    Download and Install SDFix
    • Download SDFix and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

    Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    FYI: looks like those files cam from the same place:

    Command: C:\WINDOWS\bokpkov.dll
    Description: Added by a variant of the MyGeek/CPVFeed adware.
    File Location: %WinDir%
    Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
    CLSID: <Random CLSID>

    Command: C:\Windows\altvxvm.dll
    Description: Added by a variant of the MyGeek/CPVFeed adware.
    File Location: %WinDir%
    Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
    CLSID: <Random CLSID>

    Removing it:
    http://www.spywareremove.com/removeMyGeekCPVFeed.html

    Blind dragon, we may be doubling up here, but I went ahead in case it is helpful.
  16. jniccum

    jniccum Newcomer, in training Topic Starter

    Alright...from now on I will do as I'm told and listen to those who know (it hurts to display ones ignorance so publicly).....downloading sdfix..will post after running. Thanks.
  17. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    your system is infected with a trojan horse/ virus. Please post this in the security forum.
  18. jniccum

    jniccum Newcomer, in training Topic Starter

    Re-direct post?

    I think I got everything right this time. sdfix worked..I'm not sure how to move this post to the security forum, i checked help file but could not find instructions. Can you give directions?
     
  19. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    can you Attach Report.txt back here from the SDfix folder
  20. jniccum

    jniccum Newcomer, in training Topic Starter

    attached hj file

    does this tell you what you need to know?
  21. jniccum

    jniccum Newcomer, in training Topic Starter

    hj file update

    after reboot hj log showed a groove entry?? sdfix ran but can't get my laptop to access internet in safe mode booted with internet access but using usbconnect 881 att and wont load internet. hj seemed to fix other entries but not sure.
  22. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Indeed it does appear to have worked

    I suggest you run 1 Anti-virus program/ 1 Firewall/ and a combo of anti-spyware (spybot and adaware 2007) I will list some link below for you to try stuff out.

    Firewalls
    Here are some firewalls which are free for personal use and most commonly used:
    Comodo
    Kerio
    Online Armor
    Zonealarm

    If you decide to ditch norton run this to uninstall it http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Anti-Virus
    the free AVG or Avast antivirus programs

    Anti-Spyware

    Then you can get Spybot S&D from HERE and Adaware 2007 from HERE
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    For what it's worth, I have stopped recommending AdAware 2007. Frequent update and install problems have been reported. I used the paid version on 2 systems for years. When I could no longer get updates, I removed it and installed AdAware 2007- a total of 3 times. I got multiple error messages & failure for updates to go through.

    Maybe Lavasoft has worked it out by now but I got tired of fooling with it.
  24. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    I haven't had a single problem in years with it. Adaware SE quit auto updating, but that was when 2007 came out. Been fine since.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Blind Dragon, I don't auto-update anything except my AV program. I updated AdAware SE right before each scan. I didn't set 2007 to auto-update either, but got update errors whenever I tried to update.

    It's kind of like the old AOL days- at least when it was AOL v5. Some people had no problems, never got cut off and so on. Others, like myself, heard that "Goodbye" too many times in the middle of doing something!

    So I wouldn't have recommended AOL then and I do not recommend AdAware 2007 now. IF you have a slow day sometime, check for the ongoing problems users are having with AdAware 2007.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.