Major Popups Lately

Bman

OSNN Veteran Original
#1
I have NEVER had problems with popups or ads, been using Firefox for years without problems. Even though I don't need to I install all those extensions, adblock and such.

Untill about 3 days ago it was all fine, now I am getting random popups (new tabs) of spam crap stuff. I didn't change anything, I scanned my whole system with NOD32 and Defender and there is nothing there.

What and how is it doing this? Firefox has not changed either...
 

Bman

OSNN Veteran Original
#4
Yea i was just going to use Spybot, and no it's not the websites, same old websites i go too, and its not even when i click on something on a site, they just pop up randomly.
 

Bman

OSNN Veteran Original
#6
Just use Opera. It seems that the coders have become much more pernicious with the popups lately.
Please don't come in here talking about another browser, I can't stand that. I clearly stated I have never over years of using firefox had problems, firefox is just as good or better then opera with popups. This is some random weird thing.

I just found a bunch of crap with Spybot, we will see if this helps.
 

Dark Atheist

OSNN Veteran Addict
Staff member
Political User
#7
if its in red then yes you have a load of crap on your pc - if its green will just be your usual logs and stuff, makes you wonder what sites you been going to :D
 

gonaads

Beware the G-Man
Political User
#8
If you are using FF3 RC1 check to see if your ad blocker plug-in is compatible with RC1 and/or check for any updates to them.
 

Bman

OSNN Veteran Original
#9
I am using 2.0... still, and everything is in place. I have yet to see any problems since running Spybot but it has not been that long. If it was those files that Spybot found, that is rare that anything got on my system.

Edit just happened again.

It's weird, it just pops up when it wants to, I could even be changing tabs and it happens. It's not like the normal kind where its when you load a page or click on something, it just happens?
 

gonaads

Beware the G-Man
Political User
#11
Check to see if under "Tools" - "Options" - "Content" that the "Block Pop-up Windows" box is checked.

Or try downloading FF3 RC1 and installing it as a completely different instance of FF. With new directory and everything. Also if when installing RC1 it asks to import your bookmarks, don't let it. Open the browser fresh and clean with nothing. Set the pop-up blocker options in it (as I mentioned above) or install an ad block plug-in (like Adblock Plus) and then go to a site that has caused the pop-ups before and see if it does it with RC1. Couldn't hurt.
 

Bman

OSNN Veteran Original
#14
Some things that pop up

Adult Friend Finder, $1000 Free Casino Cash....

The only websites that I have up regulary are

Facebook, Digg, Twitter, OSNN, Neowin, Deviantart, Revision3, Wegame....

again, this is a weird new problem....
 

LeeJend

OSNN Veteran Addict
#17
I'm on most of those sites frequently with FF V2 with no pop ups. It sure sounds like you've picked up some malware.

Run hijackthis and post the results log.
 

Bman

OSNN Veteran Original
#18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:11 AM, on 5/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot SD\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\My Install Files\Programs & Games\HiJackThis Install.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\Windows\system32\geBUOIXr.dll
O2 - BHO: (no name) - {6714DE85-4886-460F-9539-79A999BF7E5C} - C:\Windows\system32\rqRLfcyw.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBUOIXr.dll,#1
O4 - HKLM\..\Run: [a6472761] rundll32.exe "C:\Windows\system32\rphklrrm.dll",b
O4 - HKLM\..\Run: [BMa57414fd] Rundll32.exe "C:\Windows\system32\xmuswwaq.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 4140 bytes

Yes Lee, I usually have no problems just like you, it must be malware or something not related to Firefox.

&EDIT

Just re-ran Spybot and it found Virtumonde for a second time, I read up on what it is and what it does and it sounds like it's exactly what is going wrong. I removed it last time, so is there a proper way to get rid of it?
 

Bman

OSNN Veteran Original
#20
I did that, also ran another NOD32 scan,

found a related Virtumonde entry, removed it. Hopefully all this will do something. How would I have gotten it in the first place, all files I download are scanned before opening, I don't download much crap, and I know my stuff..
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,970
Messages
673,297
Members
89,016
Latest member
Poseeut