Author Topic: Firefox opens Trojan websites in new tabs  (Read 21703 times)

0 Members and 1 Guest are viewing this topic.

smfcomics

  • Guest
Firefox opens Trojan websites in new tabs
« on: April 14, 2010, 12:00:02 AM »
last week my computer was infected with the XP Antimalware 2010.

the computer is running Windows XP service pack 3 version 2002

 I have ran Avast, Malware Bytes - Antimalware, and SpyBot S&D to remove malware and viruses. I just ran the Avast Boot-time scan again and it found one infected file in the Windows folder. I placed that in the chest.

I am still having issues with FireFox opening new tabs with random websites and Avast pops up and says its a Trojan URL.

Any help would be greatly appreciated.

 

Hermite15

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #1 on: April 14, 2010, 12:17:15 AM »
I have no idea how this rogue proceeds nor do I know how much you already removed from it...only tip I can give but that's probably not enough to solve your problem: check if any extension got installed silently in Firefox.

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #2 on: April 14, 2010, 01:25:37 AM »
how do I check if there were any extensions installed?

Jtaylor83

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #3 on: April 14, 2010, 01:38:57 AM »
Go to Tools and click on Add Ons, then click on Extensions.

If there's nothing in your Extensions, then it could be your HostsFile. Follow Essexboy's instructions.
« Last Edit: April 14, 2010, 01:45:46 AM by Jtaylor83 »

laurap414

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #4 on: April 14, 2010, 02:27:28 AM »
I believe this is the same rogue being discussed in another thread called AVE.exe.

Please check out this link and see if the description matches what you are experiencing.

http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html

It explains how to remove the rogue and provides a little utility to do so.

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #5 on: April 14, 2010, 02:45:04 AM »

here are the two OTL logs

Jtaylor83

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #6 on: April 14, 2010, 03:56:59 AM »
I think it's time to make a new hosts file.

Please Download HostsXpert 4.3 by FunkyToad and Extract it out of the zip folder.

Run HostsXpert and then click on Make Hosts File Writable?.

* Click Restore Microsoft's Hosts file  and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



« Last Edit: April 14, 2010, 03:59:06 AM by Jtaylor83 »

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #7 on: April 14, 2010, 06:25:07 AM »
thank you for the help so far. i have done all the things suggested so far and I am still having issues with FireFox loading websites and redirecting to different sites from Google searches.

Jtaylor83

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #8 on: April 14, 2010, 06:09:51 PM »
Okay. Since you now have reset your hosts file, it's time to remove OTL.

Run OTL and click on Cleanup. OTL will remove itself from your computer.


Next, clean up and defrag your disk drive with these programs.

CCleaner(Slim Version)

Defraggler (Slim Version)

Puran Defrag


Hermite15

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #9 on: April 14, 2010, 06:28:18 PM »
thank you for the help so far. i have done all the things suggested so far and I am still having issues with FireFox loading websites and redirecting to different sites from Google searches.

Okay, you should uninstall FF and delete your profile >>> make a backup of your bookmarks and password database if you use it first and then reinstall. Again: it is important that you delete your profile for Firefox completely. If you use the default configuration it's located in \documents and settings\your user name\application data\Mozilla\Firefox (for XP)

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #10 on: April 14, 2010, 09:47:35 PM »
I am running Defraggler and Avast System Shield keeps popping up with a Threat

-C:Windows\System32\Drivers\PCI.sys
-Win 32: Aluron-FZ
-Moved to chest
-PID4

it has come up with 160+ threats while the Degraggler is running. Is this a false positive?

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Firefox opens Trojan websites in new tabs
« Reply #11 on: April 14, 2010, 09:52:43 PM »
Usually not... as the system moves the files, it's accessing them.  Avast checks the files as they are accessed, and is reporting them correctly.

Sounds like a rootkit to me, if "PCI.sys" is infected.

Try this out: "TDS KILLER"

http://cid-f713962e2f5aa06d.skydrive.live.com/self.aspx/.Public/Programs/tdsskiller.zip?lc=1033
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #12 on: April 15, 2010, 03:20:13 AM »
I ran the TDS Killer and it shows the Driver atapi.sys is infected.

memory 1 infected
file 1 infected and 1 cured at reboot

when the computer reboots and I run the TDS Killer again it comes up with the same thing.

smfcomics

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #13 on: April 15, 2010, 04:50:42 PM »
from looking around it seesm that my system may be infected with the atapi.sys rootkit

what should I do next to resolve this?

thanks again for all the help

Jtaylor83

  • Guest
Re: Firefox opens Trojan websites in new tabs
« Reply #14 on: April 15, 2010, 06:57:02 PM »
I suggest you use Hitman Pro (Cloud based Malware Scanner) for TDL3/TDSS removal. Hitman Pro will replace the patched atapi.sys with the original file. If it doesn't work, we'll try ComboFix.