Author Topic: this popup drops what im doing and opens webpage everyday  (Read 4644 times)

Offline RaginNoob

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
this popup drops what im doing and opens webpage everyday
« on: August 11, 2013, 07:56:30 PM »
DO NOT CLICK!!!http://web.tofushopnews.com/g/?ilmernzkvtazn=BCAEC5119C316547&pu=&s=D-firefox&nm=ilmernzkvtazn&t=(Not a link!!!!!)
This site engages my web browser every day. I suspect its a virus down load. But cant find a way to make it stop from opening my browser. No matter what im doing this happens. Can someone tell me how to block them? I have Malwarebytes as well as avast. I scanned after it happened a few times to make sure I was clean. And nothing showed up in scans.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29066
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #1 on: August 11, 2013, 08:08:59 PM »
Could you follow the steps here http://forum.avast.com/index.php?topic=53253.0
And attach the generated logs in this thread

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21780
  • Gender: Male
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #2 on: August 11, 2013, 08:11:29 PM »
report on that link.... click Picture in top right corner    http://urlquery.net/report.php?id=4500793
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1860
  • Gender: Male
    • Personal Message (Online)
Re: this popup drops what im doing and opens webpage everyday
« Reply #3 on: August 11, 2013, 08:36:24 PM »
It has javascript malware on it: http://sitecheck.sucuri.net/results/web.tofushopnews.com/g/

The Hacker is detecting this on the downloaded file in Virustotal: JS/Feebs.gen@MM

Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2018, Malwarebytes 2.0.2 Public Beta PRO, MCShield

Online Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1860
  • Gender: Male
    • Personal Message (Online)
Re: this popup drops what im doing and opens webpage everyday
« Reply #4 on: August 11, 2013, 08:47:27 PM »
The Website is downloading two files called SetStretch.exe and SetStretch.cmd.

Virustotal: https://www.virustotal.com/en/file/a84b5e69527a9f91dae964ed40022a2a77c1fe45b7a381a335202ec3927d140b/analysis/1376253695/
                 https://www.virustotal.com/en/file/656912e6b3deb9fd4b6f223e9056350a77253fbda1b66df867aeda08956af342/analysis/

The files can be found in the Program (32-Bit) Folder of Windows.

I will sent them to Avast for analysis.
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2018, Malwarebytes 2.0.2 Public Beta PRO, MCShield

Online Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1860
  • Gender: Male
    • Personal Message (Online)
Re: this popup drops what im doing and opens webpage everyday
« Reply #5 on: August 11, 2013, 09:19:31 PM »
The cmd file opens the exe file (Screenshot)
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2018, Malwarebytes 2.0.2 Public Beta PRO, MCShield

Online Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1860
  • Gender: Male
    • Personal Message (Online)
Re: this popup drops what im doing and opens webpage everyday
« Reply #6 on: August 14, 2013, 05:10:59 PM »
The files look clean. 1/45 is detecting the exe file on Virustotal as Virut-Virus (Jiagnmin).

It was first submitted 2009.

Please follow the Steps from Essexboy until he gives you a clean sheet, or he gives up. ;D
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2018, Malwarebytes 2.0.2 Public Beta PRO, MCShield

Offline kruegerb

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #7 on: August 15, 2013, 05:05:37 AM »
I am also having the exact same problem.  Attached are my log files.  Malwarebytes didn't find anything.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29066
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #8 on: August 15, 2013, 05:45:47 PM »
Does this occur only in firefox or is it in IE as well

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
[2013/05/29 18:34:21 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
O3 - HKU\S-1-5-21-894513301-464839021-2148896484-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline Spacy

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #9 on: August 15, 2013, 06:53:15 PM »
I'm also having the same problem with Google Chrome, it happens every day.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29066
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #10 on: August 15, 2013, 07:47:06 PM »
More to the point does it occur in IE as chrome and firefox share files

Offline kruegerb

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #11 on: August 16, 2013, 02:16:01 AM »
Received Microsoft windows message "OTL Stopped Working" during fix.  Rebooted and ran OTL quick scan.  Results attached.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29066
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #12 on: August 16, 2013, 11:51:47 AM »
Are you still getting the same problem ?

Offline kruegerb

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #13 on: August 16, 2013, 12:10:05 PM »
So far it hasn't come up.  We will wait and see now.  THANKS for your help!

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29066
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: this popup drops what im doing and opens webpage everyday
« Reply #14 on: August 16, 2013, 01:59:42 PM »
Hmm the problem with firefox is that there are so many places for the malware to hide unseen

Could you run firefox in safe mode and see if the alerts restart https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now