Major Popups Lately

N

Not Bman

Guest
I have NEVER had problems with popups or ads, been using Firefox for years without problems. Even though I don't need to I install all those extensions, adblock and such.

Untill about 3 days ago it was all fine, now I am getting random popups (new tabs) of spam crap stuff. I didn't change anything, I scanned my whole system with NOD32 and Defender and there is nothing there.

What and how is it doing this? Firefox has not changed either...
 

ming

OSNN Advanced
Joined
17 Jun 2003
Messages
4,252
Probably the sites you visit.. For some reason, I always get popups using FF on some sites, but not if I use IE7.
 
N

Not Bman

Guest
Yea i was just going to use Spybot, and no it's not the websites, same old websites i go too, and its not even when i click on something on a site, they just pop up randomly.
 

falconguard

Carbon based lifeform
Political Access
Joined
11 Feb 2004
Messages
3,406
Just use Opera. It seems that the coders have become much more pernicious with the popups lately.
 
N

Not Bman

Guest
Just use Opera. It seems that the coders have become much more pernicious with the popups lately.

Please don't come in here talking about another browser, I can't stand that. I clearly stated I have never over years of using firefox had problems, firefox is just as good or better then opera with popups. This is some random weird thing.

I just found a bunch of crap with Spybot, we will see if this helps.
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
if its in red then yes you have a load of crap on your pc - if its green will just be your usual logs and stuff, makes you wonder what sites you been going to :D
 

gonaads

Beware the G-Man
Political Access
Joined
31 Mar 2002
Messages
18,474
If you are using FF3 RC1 check to see if your ad blocker plug-in is compatible with RC1 and/or check for any updates to them.
 
N

Not Bman

Guest
I am using 2.0... still, and everything is in place. I have yet to see any problems since running Spybot but it has not been that long. If it was those files that Spybot found, that is rare that anything got on my system.

Edit just happened again.

It's weird, it just pops up when it wants to, I could even be changing tabs and it happens. It's not like the normal kind where its when you load a page or click on something, it just happens?
 

gonaads

Beware the G-Man
Political Access
Joined
31 Mar 2002
Messages
18,474
Check to see if under "Tools" - "Options" - "Content" that the "Block Pop-up Windows" box is checked.

Or try downloading FF3 RC1 and installing it as a completely different instance of FF. With new directory and everything. Also if when installing RC1 it asks to import your bookmarks, don't let it. Open the browser fresh and clean with nothing. Set the pop-up blocker options in it (as I mentioned above) or install an ad block plug-in (like Adblock Plus) and then go to a site that has caused the pop-ups before and see if it does it with RC1. Couldn't hurt.
 

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
Drop some site links and I'll see if my FF V2.0.0.14 acts up on them. If it doesn't it sounds like you've picked up some malware.
 
N

Not Bman

Guest
Some things that pop up

Adult Friend Finder, $1000 Free Casino Cash....

The only websites that I have up regulary are

Facebook, Digg, Twitter, OSNN, Neowin, Deviantart, Revision3, Wegame....

again, this is a weird new problem....
 

gonaads

Beware the G-Man
Political Access
Joined
31 Mar 2002
Messages
18,474
I see the problem already, it's OSNN. Damn EP and all that pr0n he has on the frickin server.

*runs* :p
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
wonder why its in your folder?

edit: also check for an update for NoScript
 
Last edited:

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
I'm on most of those sites frequently with FF V2 with no pop ups. It sure sounds like you've picked up some malware.

Run hijackthis and post the results log.
 
N

Not Bman

Guest
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:11 AM, on 5/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot SD\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\My Install Files\Programs & Games\HiJackThis Install.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\Windows\system32\geBUOIXr.dll
O2 - BHO: (no name) - {6714DE85-4886-460F-9539-79A999BF7E5C} - C:\Windows\system32\rqRLfcyw.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBUOIXr.dll,#1
O4 - HKLM\..\Run: [a6472761] rundll32.exe "C:\Windows\system32\rphklrrm.dll",b
O4 - HKLM\..\Run: [BMa57414fd] Rundll32.exe "C:\Windows\system32\xmuswwaq.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 4140 bytes

Yes Lee, I usually have no problems just like you, it must be malware or something not related to Firefox.

&EDIT

Just re-ran Spybot and it found Virtumonde for a second time, I read up on what it is and what it does and it sounds like it's exactly what is going wrong. I removed it last time, so is there a proper way to get rid of it?
 

tdinc

OSNN Veteran Addict
Political Access
Joined
6 Dec 2003
Messages
3,508
remove this line

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBUOIXr.dll,#1
 
N

Not Bman

Guest
I did that, also ran another NOD32 scan,

found a related Virtumonde entry, removed it. Hopefully all this will do something. How would I have gotten it in the first place, all files I download are scanned before opening, I don't download much crap, and I know my stuff..
 

Members online

No members online now.

Latest profile posts

hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!

Forum statistics

Threads
61,999
Messages
673,424
Members
5,593
Latest member
moussa021