TechSpot

Pop-ups Galore in Firefox

By Eslavs
Dec 28, 2008
  1. Earlier today I was struck with numerous pop-ups coming from both Firefox and IE. I ran my AVG and detected a few trojans, as I suspected. Afterwards, I ran through the 8 steps listed on the forum, and have my logs attached. Since running the cleaners, I haven't noticed any pop-ups, and am hopeful all is well again.......

    I used my updated AVG A/S, Malaware, and HJT.....

    Can anyone review my logs and confirm? As I mentioned, I have had no further pop-ups, but I want to make sure all is well before I write this one off....

    Thanks in advance!

    As I'm sure everyone is busy - it seems a lot of folks are having similar problems - I just wanted to renew my request to have someone look over my logs......your help is much appreciated.

    Thanks again
     

    Attached Files:

  2. woodsy011

    woodsy011 TS Rookie

  3. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Thanks woodsy - I got all that. I've followed the standard directions and am just looking for someone to check my HJT log to make sure it's clean....
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) a new HJT log
     
  5. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    New logs for your review.......

    Last time, I think I saved before and after I removed all the baddies. Don't know why, and don't know why I sent that particular one.....
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please un-install AVG Anti-Spyware 7.5 (and any other AVG installed on your computer
    Install Avira instead, and run a full scan
     
  7. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Done.

    As it turns out, I got hit again in the meantime. Gotta love it.

    Thanks in advance!
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Of the many issues in your HJT log, please run it again, tick this entry and then fix it
    Un-install Window Washer (CCleaner is much better ;) )

    Un-install SuperAntiSpyware

    Run CCleaner again

    Restart

    Run the Norton Removal tool

    Start up Malwarebytes again
    Update it <= notice how this gets its own line ;)
    Then run another full scan
    You need to run this multiple times, until all hidden Malwares are uncovered and removed
     
  9. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    1. Fixed the last HJT issue
    2. Uninstalled Window Washer and SAS
    3. Ran Norton Removal Tool
    4. Ran CCleaner until no issues found
    5. Updated Malawarebytes and ran until no bad guys found (2x)

    Latest logs attached.

    Thanks!
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well done :approve:

    But sadly still issues :(

    Please re-run HJT and place a tick next to the following, then select Fix:
    Before restarting run: the McAfee Removal Tool
    Then restart ;)
     
  11. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Done.

    Fixed all issues and used mcafee removal tool.....
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry still issues!

    Run HJT, tick and Fix:

    Download Combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Save it to somewhere, where you can easily find ie C drive

    Restart your computer to Safe Mode (pressing F8 before Windows starts)
    Once in Safe Mode, locate and double click on ComboFix.exe
    This may take up to 10 mins to finish, ther are some prompts to agree to, and your Desktop may reset a couple of times (all normal)

    When finished, restart back to normal mode
    Create yet another HJT log, and this time supply a Combofix log too

    Edit:

    Doh!

    Locate C:\Program Files\Vongo folder and delete it
     
  13. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Done and Done. Logs attached.

    Thanks!
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Daaamn!
    Did you also remove the folder C:\Program Files\Vongo as stated above, from Safe mode?
     
  15. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Yep, got rid of it in safe mode. Still showing up on the latest HJT log.

    Vongo came installed with the laptop when I got it. One of those packaged software programs.....
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I found this reply from HP Support from someone else who wanted to get rid of Vongo:
    If this does not resolve the issue, you may have to manually delete the files.
    To do that:
    Now, run the Windows Installation Cleanup Utility, this will remove the registry entries for the Software.

    You can download the Utility here: http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

    The Windows Installer CleanUp Utility does:

    • Provide a dialog box where you can select one or more programs that were installed by Windows Installer. You select the programs on the Installed Products list in the Windows Installer CleanUp dialog box. After you make this selection, the utility removes only the Windows Installer configuration information that is related to those programs.

    • Remove the files and registry settings that make up the Windows Installer configuration information for programs that you select.
    [/QUOTE]
    I notice the AskBar is still loading:
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    Have HijackThis remove the entry, the click on FlxChecked and boot into Safe More:
    Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK any Ask bar processes> Apply> OK.

    Control Panel> Add/Remove Programs> UNINSTALL any Ask related entries.

    I suggest you also check and have HijackThis remove the following:
    When rebooting into Normal mode, ignore the nag message, check 'don't show this message again.' Stay in Selective Startup.

    Update Java:
    Update Adobe:
    The following will help the Cookie and pop-up problem in Firefox:
    1. Open Firefox> Tools> Options> Privacy section> Cookies> UNCHECK 'allow third party Cookies'.
    2. Put the following add-ons on Firefox:
    AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
    Easy List: http://easylist.adblockplus.org/
    (get all three)
     
  17. Eslavs

    Eslavs TS Rookie Topic Starter Posts: 28

    Alright. Updated Java and Adobe Reader (couldn't get 9, still w/ 8.1.5 or something like that. Firefox crashes when I try to download 9.

    Fixed all that was mentioned in HJT. I had already deleted the Program Files/Vongo folder before, uninstalled over a year ago, and still can't find any trace of anything related other than what keeps popping up on FF....

    Otherwise, I am having no problems with pop ups. I installed Comodo, so hopefully that'll help keep me from getting hit a third time.

    Thanks for all your help,

    Eric
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, we're making progress, but Vongo is still around- we've both had you remove this in HijackThis, but it is still loading:
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

    Did you run the Windows Installer CleanUp Utility? That should allow you to remove the process from the Registry.

    This McAfee entry remains:
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab>>McAfee Security Download Control

    Since it's an Active X entry, try this:
    Open IE> Tools> Manage add-ons> look for any McAfee entry and highlight> disable.

    IF the pop-ups return, consider removing the Weather Channel.

    Remove the clean up tools:
    Clear your existing System Restore points and establish a new clean restore point:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...