Major Popups Lately

N

Not Bman

Guest
I have NEVER had problems with popups or ads, been using Firefox for years without problems. Even though I don't need to I install all those extensions, adblock and such.

Untill about 3 days ago it was all fine, now I am getting random popups (new tabs) of spam crap stuff. I didn't change anything, I scanned my whole system with NOD32 and Defender and there is nothing there.

What and how is it doing this? Firefox has not changed either...
 
Probably the sites you visit.. For some reason, I always get popups using FF on some sites, but not if I use IE7.
 
Yea i was just going to use Spybot, and no it's not the websites, same old websites i go too, and its not even when i click on something on a site, they just pop up randomly.
 
Just use Opera. It seems that the coders have become much more pernicious with the popups lately.
 
Just use Opera. It seems that the coders have become much more pernicious with the popups lately.

Please don't come in here talking about another browser, I can't stand that. I clearly stated I have never over years of using firefox had problems, firefox is just as good or better then opera with popups. This is some random weird thing.

I just found a bunch of crap with Spybot, we will see if this helps.
 
if its in red then yes you have a load of crap on your pc - if its green will just be your usual logs and stuff, makes you wonder what sites you been going to :D
 
If you are using FF3 RC1 check to see if your ad blocker plug-in is compatible with RC1 and/or check for any updates to them.
 
I am using 2.0... still, and everything is in place. I have yet to see any problems since running Spybot but it has not been that long. If it was those files that Spybot found, that is rare that anything got on my system.

Edit just happened again.

It's weird, it just pops up when it wants to, I could even be changing tabs and it happens. It's not like the normal kind where its when you load a page or click on something, it just happens?
 
Check to see if under "Tools" - "Options" - "Content" that the "Block Pop-up Windows" box is checked.

Or try downloading FF3 RC1 and installing it as a completely different instance of FF. With new directory and everything. Also if when installing RC1 it asks to import your bookmarks, don't let it. Open the browser fresh and clean with nothing. Set the pop-up blocker options in it (as I mentioned above) or install an ad block plug-in (like Adblock Plus) and then go to a site that has caused the pop-ups before and see if it does it with RC1. Couldn't hurt.
 
Drop some site links and I'll see if my FF V2.0.0.14 acts up on them. If it doesn't it sounds like you've picked up some malware.
 
Some things that pop up

Adult Friend Finder, $1000 Free Casino Cash....

The only websites that I have up regulary are

Facebook, Digg, Twitter, OSNN, Neowin, Deviantart, Revision3, Wegame....

again, this is a weird new problem....
 
I see the problem already, it's OSNN. Damn EP and all that pr0n he has on the frickin server.

*runs* :p
 
wonder why its in your folder?

edit: also check for an update for NoScript
 
Last edited:
I'm on most of those sites frequently with FF V2 with no pop ups. It sure sounds like you've picked up some malware.

Run hijackthis and post the results log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:11 AM, on 5/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot SD\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\My Install Files\Programs & Games\HiJackThis Install.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\Windows\system32\geBUOIXr.dll
O2 - BHO: (no name) - {6714DE85-4886-460F-9539-79A999BF7E5C} - C:\Windows\system32\rqRLfcyw.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBUOIXr.dll,#1
O4 - HKLM\..\Run: [a6472761] rundll32.exe "C:\Windows\system32\rphklrrm.dll",b
O4 - HKLM\..\Run: [BMa57414fd] Rundll32.exe "C:\Windows\system32\xmuswwaq.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 4140 bytes

Yes Lee, I usually have no problems just like you, it must be malware or something not related to Firefox.

&EDIT

Just re-ran Spybot and it found Virtumonde for a second time, I read up on what it is and what it does and it sounds like it's exactly what is going wrong. I removed it last time, so is there a proper way to get rid of it?
 
remove this line

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBUOIXr.dll,#1
 
I did that, also ran another NOD32 scan,

found a related Virtumonde entry, removed it. Hopefully all this will do something. How would I have gotten it in the first place, all files I download are scanned before opening, I don't download much crap, and I know my stuff..
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back