Tech Support Forum - View Single Post - Pop-ups when starting IE or firefox

**amateur** · 01-18-2008, 07:13 AM

Hi,

Nothing in the logs suggests the cause of the popups so far. We'll have a deeper look.

First, I would like to warn you about p2p file sharing which is one of the main sources of infection. I see that you are using Varez and uTorrent. The nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove them from your system via Add/Remove Programs in Control Panel.

================================

Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath:

c:\windows\system32\drivers\lhidkee.sys

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

=================================

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**

Link 1
Link 2
Link 3

--------------------------------------------------------------------

1. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

2. Disable all anti virus and anti malware programs and disconnect from the internet.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

01-18-2008, 07:13 AM	#4 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,290 OS: XP SP3	Re: Pop-ups when starting IE or firefox Hi, Nothing in the logs suggests the cause of the popups so far. We'll have a deeper look. First, I would like to warn you about p2p file sharing which is one of the main sources of infection. I see that you are using Varez and uTorrent. The nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. I recommend very strongly that you remove them from your system via Add/Remove Programs in Control Panel. ================================ Submit a file to Jotti Please go here : http://virusscan.jotti.org/ On top of the page there is a field to add the filepath, copy and paste this filepath: c:\windows\system32\drivers\lhidkee.sys Then hit Submit The scan will take a while before the result comes up so please be patient. Then copy the result and post it here in this thread. If Jotti's service load is too high, you can use the following scanner instead: http://www.virustotal.com/xhtml/index_en.html ================================= Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop Link 1 Link 2 Link 3 -------------------------------------------------------------------- 1. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. 2. Disable all anti virus and anti malware programs and disconnect from the internet. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006