Avast WEBforum
Other => Viruses and worms => Topic started by: Hakimati on August 10, 2013, 10:45:16 AM
-
Hello Everyone,
Suject: Infected with Win32:malware.gen
About 2 weeks ago I was infected by a google adware which redirected all of my searches in which an ad would appear in the the result I did full scan with MSE but nothing appeared while WOT showed that its harmful link by googling I was able to solve that problem but I left me unsatisfied with MSE & hence I switched to avast but now I am getting a malware infection warning from avast from time to time but the full scan shows nothing.
When ever I start my pc & start firefox I get a alert from avast that firefox.exe in infected by Win32:malware.gen. it also quarantine 2 files DC5DCd01 & Windowsliveupdate.exe this as been happening for some time but due to thing was shown in full scan I did not bother much until I Goggled for Win32:malware.gen. I have taken screen shots to provide my clam. On 10/aug/13 it shows that it have quarantine 2 files but the full scan on 10/8/2013 shows nothing.
I did when though the tread Logs to assist in cleaning malware And I have gone though all except OTLPENet.exe & Farbar Recovery Scan Tool since dvd drvie is not working n I can not boot from cd … Also there is no problem for me in logging in
-
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
-
Also attaching more files & scan logs I did not when ahead with removal of any scan though b/c do not know if it o.k or not .......
-
All Log files ...........
-
More Log file from Hitmanpro. & combofix ............. Hope this Provide eunf help ........ Ask anything more required
Thanks
-
Rerun AdwCleaner, click "Delete" and post the new log.
-
Hello Asyn,
Thanks you your help there is the log you asked Rerun AdwCleaner, click "Delete" and post the new log.
-
You're welcome, now you've to wait a bit...
-
Malwarebytes log is not Attached......
-
As you appear to have run CF and HMP after the OTL run could you run me a fresh OTL scan please so that I can see what remains
-
Hello Guys,
CF and HMP where runed yesterday i had run OLT today. Here am posting the results of new OLT scan ...... also attaching Malwarebytes log ...
-
Once this has run could you let me know what problems you are experiencing
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vvplhsxg.sys -- (vvplhsxg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vlcncveg.sys -- (vlcncveg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vjmdupwr.sys -- (vjmdupwr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vggewfof.sys -- (vggewfof)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vflacxul.sys -- (vflacxul)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uuyyukwu.sys -- (uuyyukwu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uomivjgn.sys -- (uomivjgn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\suzchxxe.sys -- (suzchxxe)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\seingrgs.sys -- (seingrgs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qclrqyob.sys -- (qclrqyob)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nugohzgp.sys -- (nugohzgp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nnjhgqzk.sys -- (nnjhgqzk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncrvesfk.sys -- (ncrvesfk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ncbjltpk.sys -- (ncbjltpk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kigtvwhw.sys -- (kigtvwhw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jqgkttlb.sys -- (jqgkttlb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jjfyotxo.sys -- (jjfyotxo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ipanliom.sys -- (ipanliom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ialzctay.sys -- (ialzctay)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxnoxvpj.sys -- (hxnoxvpj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hwqvpurh.sys -- (hwqvpurh)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\grydpqbc.sys -- (grydpqbc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\erivyaea.sys -- (erivyaea)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\epidkuvx.sys -- (epidkuvx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\enenxtty.sys -- (enenxtty)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KINGJO~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cfcaehds.sys -- (cfcaehds)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a99adoy9)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001..\Run: [AutoShutdown] "D:\Program" File not found
[2013-08-10 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\KING JOHN\Desktop\RK_Quarantine
[2010-12-07 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\KING JOHN\AppData\Roaming\AVG10
@Alternate Data Stream - 1256 bytes -> C:\ProgramData\Microsoft:9r3Xj8dK8iEgpCbxhml0vGgXO
@Alternate Data Stream - 1242 bytes -> C:\Program Files\Common Files\System:IaCdUaCTTZaaf5AJ2DmJX0
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:PpCyaffQLYPwMYFPjlef
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Thanks essexboy for helping ....... Just before i run the scan can you tell me what did you find ....... that was wrong .........
-
You have what look like old malware drivers (file not found ones) Also and probably the cause of your problem were the ADS files attached to your program data folders
-
O.k ......... Before i run OTL i would like to thank everyone who helped me on this tread directly & indirectly ..... You guyz have been really help full Keep up the good work ............ I would come back if any thing else connected this tread appers ...........
THANKS :D .......
-
Do you wish me to remove the tools prior to you going ?
-
Here is the Result of the OTL scan with fix ......... I will remove all tools when you say its over i just require 1 av and have comodo firewall i do keep Malwarebytes just as a backup ...... it freeware :D
-
If there are no further problems
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
(https://dl.dropbox.com/u/73555776/disc%20clean.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
:D Very nice walk thought thanks ....... about Trusteer http://www.wilderssecurity.com/showthread.php?t=320410 (http://www.wilderssecurity.com/showthread.php?t=320410) This do not seems to be very encouraging ....... As for java i think i can live without it ...........
-
recomended if you use removable media http://www.mcshield.net/ it is install and forget ;)
-
Hello ..... Despite all of your good effort am still getting the alert !! ........ Please help ........
sometime till remains ........
-
Do you get the same alert when you use IE ?
Could you run a fresh OTL scan please
-
Hello,
there is the new OTL scan log + avast warning when i visited a tech site for a review on sony walkman ... Just thought to include it also if it connected .......
-
That indicates that free download manager is trying to download something, do you have anything in the download queue ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
[2011-12-17 02:44:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Run the fix uploading with the reply .... No i do not have any thing in FDM download list waiting for download ... I can use IE to see if this is just firefox for a weeks for soo ....... Please also included whats going on my system ...
-
Are you still getting the alerts, does it happen on a specific website
-
Not specific time & interval but it happens ..... after i run the custom otl fix restarted & lunched firefox avast has not alerted me for now .... but i am not certain about it ........ as if you can see the avast virus chest snap shot i attached earlier although i use fire fox every day but there have been gaps for the alert .......... Not specific website it come just when i lunch firefox & the only website set as homepage is google.co.in
-
Till getting it ....... :( . I have cleared very thing in firefox from history to caches to very thing ........ I think will use IE for a week to see what happens ..........
-
OK that shows me exactly what it is Mcommon a hard bit of stuff to remove
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a3uvy1lf)
[2013-03-20 03:19:10 | 000,000,871 | ---- | M] () -- C:\Users\KING JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\klc9xlvr.default\searchplugins\freemake.xml
[2013-07-30 18:56:15 | 000,001,135 | ---- | M] () -- C:\Users\KING JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\klc9xlvr.default\searchplugins\webwebweb.xml
[2011-12-17 02:44:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2011-04-01 10:37:00 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2013-03-20 03:19:10 | 000,000,871 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\freemake.xml
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Thanks for the extra effect :) .... I will run the fix & put the log file in reply as soon as i get home.... Just wanted to know what it is Mcommon I tried to google it but did not find any thing. Please Enlighten me what is this malware & possible sources of infect so that i may avoid it in future.
-
Here is one I did earlier http://forum.avast.com/index.php?topic=125321.msg949304#msg949304
-
Thanks for the link ......... going though it ..... Here is OTL log after runing costume Fix ............
-
Have the alerts ceased ?
-
Just started system ....... on alerts yet ......... will update accordingly ........
-
Just got it again .......... & firefox did crushed 2 times yesterday ..... I have the crush log of firefox if this helps ......... Am stating to think If there is some thing else in my system that's infecting again n again or avast is declaring a false Alert ... I thought to include the firefox crush report b/c if someone or thing is tempering with it this may revival
Fire Fox Crush Report
AdapterDeviceID: 0x683f
AdapterVendorID: 0x1002
Add-ons: testpilot%40labs.mozilla.com:1.2.2,%7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119,autofillForms%40blueimp.net:0.9.9.0,%7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515,fdm_ffext%40freedownloadmanager.org:1.5.8,vdpure%40link64:1.97.5,wrc%40avast.com:8.0.1489,hotfix%40mozilla.org:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.3.2
AvailablePageFile: 4093247488
AvailablePhysicalMemory: 1617731584
AvailableVirtualMemory: 1218826240
BuildID: 20130618035212
CrashTime: 1376452151
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1372887549
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x683f, AdapterSubsysID: 25511458, AdapterDriverVersion: 12.104.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 939053
StartupTime: 1376451566
SystemMemoryUsePercentage: 49
Theme: classic/1.0
Throttleable: 1
TotalVirtualMemory: 2147352576
URL: http://freemusicarchive.org/
Vendor: Mozilla
Version: 22.0
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] : 2 : 2 :
MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP TCP Service Provider : 2 : 1 :
RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
RSVP UDP Service Provider : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] DATAGRAM 4 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] DATAGRAM 6 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] DATAGRAM 1 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] DATAGRAM 5 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] DATAGRAM 7 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CFA7D5E0-5B1E-46F5-BCD2-9AE97C43E4F7}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CFA7D5E0-5B1E-46F5-BCD2-9AE97C43E4F7}] DATAGRAM 3 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AD848BFC-163B-47FC-A91F-AA34873887DA}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AD848BFC-163B-47FC-A91F-AA34873887DA}] DATAGRAM 0 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] DATAGRAM 2 : 2 : 2 :
This report also contains technical information about the state of the application when it crashed.
-
It is either a site you are visiting with Firefox or a programme you have recently downloaded
Lets remove those folders
Please download OTM (http://oldtimer.geekstogo.com/OTM.exe)
- Save it to your desktop.
- Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
c:\users\kingjohn\appdata\roaming\mcommon
c:\users\kingjohn\appdata\local\mozilla\firefox\profiles\klc9xlvr.default\cache\9
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start
-
What is this OTM Avast is warning about rear file type & saying to avoid
-
O.k the alert always pop's up when i lunch firefox & the home page is set to google.co.in .. So now i have changed it to www.yahoo.co.in ... if the previous was fake site & i was getting redirected ... :( ..
Anyway there is the OTM report
-
Do you get the same alert when you launch Internet explorer
-
Just got the alert again .... I was at https://www.slimwareutilities.com/slimdrivers.php trying to download slim drivers free version ....I have not worked with IE for a long time Firefox i have only used . It like 3-4 years now . If you want i can switch to IE n see what happens ... Which version should i use Also should i use it without any plugin ... Please give directions
-
Yes if you could try IE, I believe it is an addon within firefox but as of yet I am not 100% sure
-
Funny you mentioned that it might be a firefox addon i started this tread saying that there was an infection on firefox addon which showed an add of a company in all of my google searches. There am shearing a link where i have warmed other about it on another forum. Also It was the same time when i made the switch from MSE to avast.
http://www.thinkdigit.com/forum/internet-www/175983-fake-link-appers-google.html
Think this might shead some light.
-
Run Firefox in safe mode https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode let me know if that stops it, then we will start looking for the bad boy
-
o.k i have read the Make permanent changes to Firefox in the Safe Mode window n will disable all add-ons,Reset toolbars and controls:,Reset all user preferences to Firefox defaults,Restore default search engines, execpt bookamrks. o.k will work for a week to see if any thing comes n report back
-
Ta, the reason I think it is an addon is that the files are transient and not permanently visible
-
It seems i am not able to make permanent changes to Firefox in the Safe Mode window for a better study & shift + starting firefox is not always reliable ... I was following this guide http://www.sevenforums.com/tutorials/210670-firefox-start-firefox-safe-mode.html but after step 3 the diagonal box where you can select the opions never opens firefox starts without it. & so i can not select user profile. Please if there is any other way to do this.
-
The other option is to do a full uninstall and then clean install of Firefox, but this means you will lose all your addons
-
I can do that i will write download all the addon n after reinstalling firefox will install them back from firefox addon from settings. The only thing i wanted to keep or to backup is my passwords list & bookmarks ... and Is there any way that i can install them back after reinstalling firefox automatically & do not have to do manual .... if this is a left over from that infection Well uninstalling really fix the issue ......... I have revo uninstaller i can use it to uninstall firefox well that be good euogh or you can do it from OTL some thing same & uninstall ever thing related to it ...
-
Revo would work fine
Backup the two files mentioned here (save them to the desktop)
You can only access passwords stored in signons.sqlite if you have the correct key3.db file that stores the encryption key needed to decrypt the names and passwords. If copying the two files to the current Firefox profile folder doesn't work then you may have a wrong key3.db file.
Make sure that you have copied the two files to the correct location with Firefox closed.
You can use this button to go to the Firefox profile folder:
•Help > Troubleshooting Information > Profile Directory: Show Folder
-
O.k found the two files you specified & backed up them also noted there location just one thing What is the Kic9xlvr.default in the starting of the location .
-
That is firefox's designation for that user
-
Is it important case folder only opens C drive ... Also should delete profile n every thing
-
Aye clear the lot (except the two files you backed up)
-
o.k I did the uninstalling went to firefox website downloaded the latest version v23.0.1 Installed it .... where did appear an error that came when i fired up firefox for the frist time ... Firefox did provided trible shooting guide went thought that i was able to locate the first file mentioned but did not find the second file. As it was specified i renamed it to .old. The reason i did not restart to slove the problem wa that i thought the infection would be intergeted with the new installation also. Am attacheding the snap short which will provide you with better detail. Bookmarks & password along with the addon that where in the last firefox has been installed too. No pomp up for now ...
-
Problem have not been resolved .......... Just got the tread again it still there ........... :( I think will have to use I.E ............. but before it has not reported an alert & there are not any addon on it .... Will try to update it to the latest version advice me how should i strat ...
-
Run this quick OTL fix please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
O4 - HKU\S-1-5-21-2241014270-4267057124-2651974131-1001..\RunOnce: [WindowsLiveUpdate] C:\Users\KING JOHN\AppData\Roaming\MCommon\WindowsLiveUpdate.exe File not found
:Files
C:\Users\KING JOHN\AppData\Roaming\MCommon
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Here i have done with the OTL quick fix. Attaching log .
-
Could you check for alerts now in FF
-
Ya will reply back .... I did wanted to ask a couple of thing but thought to wait for fix to finish ... 1. Should i use comodo secure DNS for internet. 2. I did not visited so many sites after i freshly installed firefox I can make a list of those site & do another fresh installation then check for infection by visiting the sites in the list one by one at an interval of three days to see where i got this infection from so that i avoid that site. 3. If this is not a sites related n the infection is not an addon then what ?... Sorry if this sounds noob to you. I do not under stand much of what is going on n complying just as told to soo wanted to know ....
-
No problem first lets see if the last one killed it :)
-
Except waiting for the pop up what can i do to check if the infection is till there. I do not want to come back to the same tread sometime afterwards.
-
1. Should i use comodo secure DNS for internet.
2. I did not visited so many sites after i freshly installed firefox I can make a list of those site & do another fresh installation then check for infection by visiting the sites in the list one by one at an interval of three days to see where i got this infection from so that i avoid that site.
3. If this is not a sites related n the infection is not an addon then what ?...
1. You can use the DNS if you wish but Avast has that area covered
2. It was probably hidden in FF and left a task behind which I did not see.
3. These usually come from the rubbish bundled with other software
-
Hello,
It seems that the last fix did the Job ;D ..... Have not had any pop up till now. Once again i would like to thanks all of the people who have contributed towards resolving this problem specifically to essexboy for your faithful & continuous effects. Finally i would like to ask since the clean up process began there are many left overs _OTl & _OLG folders & some thother hat have appeared Should i delete them now.
-
When Essexboy is done he will remove all tools used...and then those foldere will also be gone
-
Run OTL and press cleanup, then delete any remaining folders :)