TechSpot

Virus problems.

By Shoupie080
Oct 6, 2006
  1. I've had firefox for sometime now with no problems. Recently while browsing certain sites (i.e. Hotmail, citizensbank, and myspace) firefox will just close by itself. No warning, nothing. So in order to access these sites I have to use IE and I prefer never to open that browser.

    I've checked my settings in firefox against my gf's laptop to see if there was something different applied but they're both identical and her firefox works on these sites. This is mindboggling. It's not a huge problem but it is annoying having to use IE and all of it's adware that comes with it.


    any help would be awesome

    thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try uninstalling Firefox. Then download and install the latest version from HERE. See if that helps.

    Regards Howard :)
     
  3. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    Hey howard,

    I tried doing that before with no luck and I just tried it again and it's doing it still. Is there some kind of log file I can send you so maybe you can see what's happening? I have AVG, ad-aware, spybot, ewido, and spyblaster all up-to-date working on my computer so I doubt it could be a trojan or anything...

    any suggestions???

    thanks again
     
  4. detrunks

    detrunks TS Enthusiast Posts: 153

    Firefox has an extension called IE Tab to open sites using IE WITHIN firefox - very useful!
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just in case you have a malware problem, go and read this thread HERE. Post a HJT log as an attachment into this thread and I`ll take a look for you.

    Regards Howard :)

    This thread is for the use of Shoupie080 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. smore9648

    smore9648 TS Rookie Posts: 697

    It could be possible that the site is only compatible for IE, even though that is a huge mistake by the webmaster if thats the case.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hi guys.

    As you can see from the above, it`s not a problem with the sites themselves.

    It`s either something in Firefox/settings/malware or some other problem we`ve not thought of yet.

    Regards Howard :)
     
  8. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    hijackthis log

    Howard,


    here's the log file. Firefox is still unexpectantly closing. Happy hunting!


    thanks again
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    PartyGaming\PartyPoker

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Secure HTTP

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    csrvs.exe
    RunApp.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

    O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)

    O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)

    O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\csrvs.exe
    C:\Program Files\PartyGaming Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Shoupie080 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    Reply to howard_hopkinso

    Hello Howard:

    Ok I followed all those instructions you gave me and the good news is that my system seems to be screaming fast now which is awesome. The bad news is firefox is still messed up. It works fine with every site except the ones mentioned earlier. I have posted a new hjt log for you to review and see if I missed anything.

    Thanks again you've been very helpful
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The good news is your HJT log is now clean.

    The bad news is I don`t know why you`re Firefox problem is happening.

    Now we`ve got rid of the nasties, try uninstalling and reinstalling Firefox. If that doesn`t help, backup your bookmarks etc and completely get rid of Firefox, befor reinstalling it.

    That means, once you`ve uninstalled Firefox, do a search of your system and delete all traces of it, before reinstalling.

    Do you use the addblock extension? If you do, try getting rid of it and see if that helps.

    Other than the above, I have no further ideas.

    Regards Howard :)

    This thread is for the use of Shoupie080 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    Howard,

    You were right! I guess everytime i've uninstalled firefox I didn't get rid of it entirely. This time after I reinstalled it it finally works! So I just wanted to extend a big thanks for all the help.

    cheers!
     
  13. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    HJT log for Howard_Hopkinso

    Howard,

    My girlfriends laptop is going crazy. Firefox has stopped working completely and IE is not allowing certain sites anymore. I have ran ad-aware, spybot, spyblaster, ewido, and avg anti-virus. No viruses just some simple tracking cookies. I have attached my HJT log (after running all the programs) for you to spec. There's probably lots of nasties I just don't want to delete anything I shouldn't.

    Also, thank you in advance you've helped me with a lot of problems already and hopefully your mad skills will prevail once again.

    Jason
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Mad skills eh lol.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint
    Viewpoint Toolbar

    Close control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD3RW7BXlKjvc7x op5d9I78PUKJrK3FhPpSTP9H7wnaKG4bJhUYrMFKa0P90C5oEQ7IQ4N7oVhVtf/bZfdY5MSyFPvkn/Ne XXoNk8LqdJLgiZdixHMldljzotaMfYJCplMPS1749Ri+ez790p3yvhj2ZROuNPkBiXi

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwIjsqjZBnROG85 /+iZ0ygDxfZBjZZ4gQRbt98UnVYN4AmV2uaaKkA3RLPMVLeyBybrDgWfTynDVTWijrc5zUeZhFiFacsL ued

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://158.83.152.2:8080/registration/CAT/CNICAT.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how the system is running.

    Regards Howard :)

    This thread is for the use of Shoupie080 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    HJT Log for Howard

    Howard,

    Here's the new HJT log


    thanks again
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread and your old thread into this one.

    Your HJT log is now clean.

    If you need help with any further virus/spyware problems, please post in this thread. Thanks.

    Regards Howard :)

    This thread is for the use of Shoupie080 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. Shoupie080

    Shoupie080 TS Rookie Topic Starter Posts: 67

    Alright thanks much Howard!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...