IE Pop ups when launching Firefox

Status
Not open for further replies.

Akai

Posts: 116   +0
Lately every single time I launch Firefox, and Internet Explorer ad comes up. Every single time. It never used to do that, and I have no idea why it's doing this. I reinstalled Firefix and no fix.

Anyone have any idea what's causing this? I've ran all my scanners and everything is fine.
 
Please post a HJT log as per the instructions HERE. Also, please provide details of the ad that pops up.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here is my HJT log, I'm sorry I forgot to post this in the first place. By the way, its IE "ads" that pop up when I use Firefox.
 
You`re using an outdated version of HJT. The current version is 1.99.1. Please uninstall the old version and install the latest version. Post a fresh HJT log.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I'm extremely sorry for not posting this sooner, I've been gone. I now have an updated version of HJT and here is the log.
 
It appears your computer is infected with the lop trojan.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

Then go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, the C:\nolop and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you for the fast response, I ran NoLop and it told me "No infection files have been found". So I'm not sure what to do then if it hasn't detected the Lop virus.

Here is the log:
 
That`s ok, just follow the rest of the instructions. If the lop infection is still there after doing that, I`ll try and remove it manually.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, I'll do the Virus removal guide. I'll post back once I've finished. Thank you Howard for the fast responses, I appreciate it.
 
Well, after 23 hours of scanning in safe mode, it's finally complete! Though I'm sad to say I believe I still have the virus, since IE ad's keep popping up when I launch Firefox. My anti-virus program NOD32 found two viruses, and deleted them. AVG Antispyware found two "Trojan." and something else and quarentened those three. I also did all the other scans.

Here is my AVG antispyware log and HJT log.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

NounMpeg.exe
Debug 2.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [BEEPBODYDEADTHUNK] C:\Documents and Settings\All Users\Application Data\Filmreadmebeepbody\Debug 2.exe

O4 - HKCU\..\Run: [Bolt Link] C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1\NounMpeg.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Owner\APPLIC~1\BIKESE~1<Delete the entire folder.
C:\Documents and Settings\All Users\Application Data\Filmreadmebeepbody<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I followed the steps exactly and I believe it's fixed! I opened Firefox and no IE Pop up ad come up! Thank you so much Howard, I appreciate your hep so much.

Here is a HJT just incase. Thank you so much!

Edit: By the way, would you happen to know how I got the virus (Where it came from maybe)?
 
Your HJT log is now clean.

I have no idea where you picked up the infection.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Possible [Trojan-Dropper.VB.1]

I want to know if it's possible to check to see if I have this virus named "Trojan-Dropper.VB.1". I scanned a file with http://virustotal.com and one of them found this:

VBA32 3.11.2 02.23.2007 suspected of Trojan-Dropper.VB.1 (paranoid heuristics)

So I deleted the file, and was curious if there was a way to see if I have the virus. Here is my HJT log. Thank you.
 
Have HJT fix this entry.

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

Other than the above nasty entry, your HJT looks clean.

However, I can find no info for this file.

FlashToVideo.exe

Unless you know for a fact that it`s safe, do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\Program Files\GeoVid\Flash to Video Encoder\FlashToVideo.exe

Kind

* Click Open
* Please let me know the results.

Regards Howard :)
 
87.117.202.117 nprotect.roseonlinegame.com

^ That is a game called Rose Online. Should I still delete it?

And Geovid is a program to convert .flv files to .avi, only good one I could find. Downloaded it today. Here are the results:

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
 
You should certainly delete the nprotect.roseonlinegame.com from your hosts file. So yes, have HJt fix that entry.

Geovid programme looks fine, so no worries there.

It is possible the file suspected as being a trojan dropper was a false positive.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you howard, I will fix the nprotect.roseonlinegame.com with HJT.

Thank you for helping me once again!
 
Computer unbelievably slow

Since last night my computer has been unbelievably slow, I'm not sure what is going on. Right now as a I type the words don't show up untill about 10 seconds after I type them.

So I thought it could be a virus (reason why I didn't post it in Windows OS). I'm sorry that I've posted three times already in here in the last week. But this is kind of out of hand. I tried uninstalling all the programs I installed last night, rebooted computer twice and it's still extremely slow. So again, maybe it's a virus/spyware or something (ran scans with spybot, and ad-aware and found nothing).

Here is my HJT log, hope this can be fixed.
 
Please have HJT fix the following entries (if there):

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [http]www.acclaim.com/cabs/acclaim_v5.cab


Do you know anything about set3C8.tmp? If not, please go to C:\Documents and Settings\Owner\Local Settings\Temp and delete set3C8.tmp. If it doesn't delete, you'll probably have to go into Task Manager, go to the processes tab, and end the process for set3C8.tmp, then delete the file.

Please read the Viruses/spyware/malware, preliminary removal instructions, follow all the instructions exactly, and post fresh HJT and AVG Antispyware logs as attachments into this thread.

Regards :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
 
I have merged all your virus problem threads into this one. This will alow us to see a history of your virus/malware problems more easily.

Your HJT log is clean. It is still advisable to post an AVG Antispyware log.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well, it speeded up for about a day. I even defraged, but I'm still going extremely slow/sluggish. So I'm not sure what to do now.

HJT log:
 
Your HJT log is still clean.

Post an AVG Antispyware log.

Regards Howard :)

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back