Hi, new to the board. Followed the "8-step prelim removal instructions" and that led me here. Lately (like a day ago) i started to notice pop ups really frequently in mozilla when usually I have no issues with it. Not sure what did it but I have an idea. Sagipsul, Brain Quiz and even x-rated pop ups started coming frequently, google search led me here. If anyone can help me out i would greatly appreciate it. Logs are attached.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Sagipsul/other pop ups in Mozilla
- Thread starter AcLegend
- Start date
- Status
- Not open for further replies.
gillianbrown
Posts: 141 +0
My, you have quite a nice collection of malware there.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Words
kernel
Dot1XCfg
Close control panel.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCMTR.EXE
SwingTowns.exe
l?gonui.exe
Words.exe
fiqwm.exe
kernel.exe
Dot1XCfg.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: mymaxisearch browser optimizer - {2d3910eb-b9c9-1ccc-7421-5b12eecc874e} - C:\WINDOWS\system32\{4892F99E-481C-0CA0-F9BE-828059028CB7}.dll (file missing)
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll (file missing)
O2 - BHO: (no name) - {9F6A904E-5114-4B29-B416-3152EEB78CC5} - C:\WINDOWS\system32\fccbCsPj.dll (file missing)
O2 - BHO: (no name) - {D017E63D-228C-2A57-AE49-0CA2EDE819C2} - C:\WINDOWS\system32\marmjgq.dll (file missing)
O2 - BHO: (no name) - {D117E646-22F8-2F50-AE4E-0BA2E59B19B3} - C:\WINDOWS\system32\marmjgq.dll (file missing)
O2 - BHO: (no name) - {EE839544-DDCF-4C18-A535-F3641AD4C5AC} - C:\WINDOWS\AppPatch\bvmig.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SwingTowns] C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5\SwingTowns.exe
O4 - HKCU\..\Run: [Pqmofx] "C:\Documents and Settings\HP_Owner\My Documents\?ystem\l?gonui.exe"
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [fiqw] C:\PROGRA~1\COMMON~1\fiqw\fiqwm.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
Fix all 015 Trusted Zone entries no matter what they are.
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - AppInit_DLLs: nnffat.dll lmkhav.dll abgveb.dll ycwjng.dll xqwprb.dll tbkcea.dll etrugy.dll qjjpll.dll zjhkpa.dll mkzgzg.dll akfeig.dll bdguog.dll scfkaj.dll odzvcb.dll oyvxnu.dll dgbwll.dll
O20 - Winlogon Notify: bvmig - C:\WINDOWS\AppPatch\bvmig.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Dot1XCfg
C:\Program Files\kernel
C:\PROGRA~1\COMMON~1\fiqw
C:\Program Files\Words
C:\Documents and Settings\HP_Owner\My Documents\?ystem
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log and let us know if you're still having problems.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Words
kernel
Dot1XCfg
Close control panel.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCMTR.EXE
SwingTowns.exe
l?gonui.exe
Words.exe
fiqwm.exe
kernel.exe
Dot1XCfg.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: mymaxisearch browser optimizer - {2d3910eb-b9c9-1ccc-7421-5b12eecc874e} - C:\WINDOWS\system32\{4892F99E-481C-0CA0-F9BE-828059028CB7}.dll (file missing)
O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll (file missing)
O2 - BHO: (no name) - {9F6A904E-5114-4B29-B416-3152EEB78CC5} - C:\WINDOWS\system32\fccbCsPj.dll (file missing)
O2 - BHO: (no name) - {D017E63D-228C-2A57-AE49-0CA2EDE819C2} - C:\WINDOWS\system32\marmjgq.dll (file missing)
O2 - BHO: (no name) - {D117E646-22F8-2F50-AE4E-0BA2E59B19B3} - C:\WINDOWS\system32\marmjgq.dll (file missing)
O2 - BHO: (no name) - {EE839544-DDCF-4C18-A535-F3641AD4C5AC} - C:\WINDOWS\AppPatch\bvmig.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SwingTowns] C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5\SwingTowns.exe
O4 - HKCU\..\Run: [Pqmofx] "C:\Documents and Settings\HP_Owner\My Documents\?ystem\l?gonui.exe"
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [fiqw] C:\PROGRA~1\COMMON~1\fiqw\fiqwm.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
Fix all 015 Trusted Zone entries no matter what they are.
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - AppInit_DLLs: nnffat.dll lmkhav.dll abgveb.dll ycwjng.dll xqwprb.dll tbkcea.dll etrugy.dll qjjpll.dll zjhkpa.dll mkzgzg.dll akfeig.dll bdguog.dll scfkaj.dll odzvcb.dll oyvxnu.dll dgbwll.dll
O20 - Winlogon Notify: bvmig - C:\WINDOWS\AppPatch\bvmig.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Dot1XCfg
C:\Program Files\kernel
C:\PROGRA~1\COMMON~1\fiqw
C:\Program Files\Words
C:\Documents and Settings\HP_Owner\My Documents\?ystem
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log and let us know if you're still having problems.
It surprises me how much MBAM & SAS missed. HJT shows the changes were made.
Minor cleanup - HJT scan. Tick & Fix. Restart the computer.
Annoyance - Realtek. Try to option the application to decline running at startup
Realtek finds ways to sneak back onto the startup list.
It's up to you to decide what role Symantec will play with Internet Security on the computer. I did not take the time to check for overlap with Avast.
Establish a new clean restore point and Clear your existing System Restore points:
Minor cleanup - HJT scan. Tick & Fix. Restart the computer.
Code:
Remove from list -
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file) >> hobbledAnnoyance - Realtek. Try to option the application to decline running at startup
Realtek finds ways to sneak back onto the startup list.
Code:
[URL="http://www.systemlookup.com/lists.php?list=2&type=filename&search=ALCMTR.EXE&s="][B]beware – violates privacy[/B][/URL] O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEIt's up to you to decide what role Symantec will play with Internet Security on the computer. I did not take the time to check for overlap with Avast.
Establish a new clean restore point and Clear your existing System Restore points:
- New
- Go to Start > All Programs > Accessories > System Tools > System Restore>
- Select Create a restore point> OK.
- Clear Old
- go to Start > Run > cleanmgr > Select the More options tab >
- Choose the option to clean up System Restore > OK
This will remove all restore points except the new one you just created.
- Status
- Not open for further replies.
Similar threads
- Replies
- 18
- Views
- 569
- Replies
- 0
- Views
- 3K
- Replies
- 30
- Views
- 4K
Latest posts
-
AMD unveils new Ryzen Pro 8000 processors for AI PCs
- Willxx789 replied
-
-
Microsoft rolls out a new way to install Windows Store apps from the web
- MaestroIT replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- gamerk2 replied
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.