Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Virus/Malware forcing random Firefox Pop-ups

This is a discussion on Virus/Malware forcing random Firefox Pop-ups within the Resolved HJT Threads forums, part of the Tech Support Forum category. This Virus/Malware "reads" what I'm currently watching or viewing on a webpage and will randomly open another Firefox window of


 
 
Thread Tools Search this Thread
Old 03-18-2009, 05:30 PM   #1
Guest
 
Join Date: Mar 2009
Posts: 4
OS:



This Virus/Malware "reads" what I'm currently watching or viewing on a webpage and will randomly open another Firefox window of an advertisement with the same sort of information in it.

Well, I guess this is the part where I post the DDS and GMER logs, however, I can't do that. Whenever I double click onto DDS I get a command prompt to come up that says, "This tool does not support your Operating System". I use Windows XP Pro (64bit) with SP 2 as you can see below in the GMER log.

So, what do I need to do to get DDS to work?



GMER 1.0.15.14939 - https://www.gmer.net
Rootkit scan 2009-03-18 20:08:06
Windows 5.2.3790 Service Pack 2


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xE8 0xAD 0x06 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xCE 0x58 0x80 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x22 0x6D 0x05 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xE8 0xAD 0x06 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xCE 0x58 0x80 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x22 0x6D 0x05 0x65 ...

---- EOF - GMER 1.0.15 ----
Durhai is offline  
Sponsored Links
Advertisement
 
Old 03-19-2009, 02:29 PM   #2
Guest
 
Join Date: Mar 2009
Posts: 4
OS:



Sorry to bump but I still need help getting DDS to run on my OS. I've been trying to search to find out why it won't work but all I find are posts saying that DDS is supposed to work with Windows XP 64 bit.

I'm still getting random pop-ups in both Firefox and IE. I have NoScript installed on Firefox before this even happened and somehow this thing was installed on my PC while surfing the Internet.
Durhai is offline  
Old 03-19-2009, 03:19 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Contrary to what you have read, and as you have found out for yourself, DDS is not presently compatible with a 64-bit OS, and neither are most of our tools.

I, along with most helpers here, don't have 64-bit machines and aren't trained to remove malware on that particular OS.

Unless another helper offers to help you, I would recommend a Safe Mode scan with a good, 64-bit compatible antivirus.

Most malware cannot hook into a 64-bit machine, so a Safe Mode scan should be able to remove most malware.

I don't know what antivirus you are using, but I would recommend ESET's NOD32.

Sorry, but that is the best I can do at this time. Let me know how it goes.

Maybe someone else with 64-bit experience will chime in, and best of luck with your issues.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 03-19-2009, 03:26 PM   #4
Guest
 
Join Date: Mar 2009
Posts: 4
OS:



Thanks for giving me an answer.

So far from what I could figure out I am infected with 3 different trojans: vundo, Vundo.H, and BHO.H

I'll try the antivirus you suggested. To be perfectly honest I haven't been using any antivirus as of late. As you can guess most AV isn't compatible with a 64-bit OS.
Durhai is offline  
Old 03-19-2009, 03:35 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Actually, a lot of them are now. I still recommend NOD32:

https://www.eset.com/download/business-64bit.php

Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-19-2009, 08:07 PM   #6
Guest
 
Join Date: Mar 2009
Posts: 4
OS:



Thanks for the suggestion on the anti-virus. As you can tell I was infected with the Virtumonde virus. I was able to FINALLY get completely rid of it using Malwarebyte's Anti-Malware and NOD32 by running both one after the other in safe mode. I had to do this several times in a row to finally get it all although I'm not sure why it took several attempts to wipe everything out.

No more Firefox/IE hijacking.
Durhai is offline  
Old 03-20-2009, 04:22 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Good job! Glad you got it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:39 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts