Strange FireFox issue, probably virus/spyware related

SPARTAN VI

SPARTAN VI

[H]F Junkie
Joined
Jun 12, 2004
Messages
8,762
So I'm looking at my coworker's computer which was infested with adware/spyware and a few trojans. Managed to fix most of the issues: task manager was disabled, random IE pop-ups (often lewd), wallpaper changing, DNS redirects, key logger, hijacked everything, etc...

Running into an issue now with Firefox, I cannot start it... well generally. I figured, I'd try renaming the Firefox.exe to "firefo.exe" and for some reason it works now. Guessing whatever's still lingering is specifically targeting firefox.exe.

Also having an issue getting Kaspersky to update, cannot connect to the server. Hoping the two issues are related.

Using SuperAntispyware, spybot, XP TCprep (for tcp/winsock repair), winpatrol, and Kaspersky Internet Security 6 (with outdated definitions).
 
Well, I tried manually connecting to Kaspersky.com from Firefox and cannot. So I tried it in IE 7 and voila, still getting dns redirects. Something's still in there.. dammit.
 
For the continued DNS redirects (and this may sound stupid), but did you check the HOSTS file?
 
I had a problem machine that was similarly infested.
I managed to get rid of most of the problems but a few would not go.
As the machine was using AVG, I installed Avast.
Subsequently Avast found well over 100 files containing malware and restored Firefox back to its normal self.
I would get the definitions for Kaspersky updated or try another updated AV on there.

Also try CrapCleaner, it can help you find nasties that are dug in deep.
If you cannot get normal network function, try a Winsock or LSPfix tool.
 
Oneos said:
For the continued DNS redirects (and this may sound stupid), but did you check the HOSTS file?
Click to expand...

Not stupid, but yes, that was the first place I looked.

Nenu said:
I had a problem machine that was similarly infested.
I managed to get rid of most of the problems but a few would not go.
As the machine was using AVG, I installed Avast.
Subsequently Avast found well over 100 files containing malware and restored Firefox back to its normal self.
I would get the definitions for Kaspersky updated or try another updated AV on there.

Also try CrapCleaner, it can help you find nasties that are dug in deep.
If you cannot get normal network function, try a Winsock or LSPfix tool.
Click to expand...

I'll try that. I'm having issues even doing the manual update with Kaspersky 6. Downloaded the cumulative defintions to a thumb drive, then dump it on the PC, and select that folder as the distribution and it just wont update. I'll try Avast though, maybe switch back to Kaspersky once everything's clean.

Last night I loaded SDfix and used its tools to clean out a few more trojan infections.
 
take a look in the system32 directory for obviously new .dll files. When windows boots, it will load them. This way, they still muck with your machine, but won't show up in the taskmanager processes, startup folder(s), or the registry.
 
Fark_Maniac said:
take a look in the system32 directory for obviously new .dll files. When windows boots, it will load them. This way, they still muck with your machine, but won't show up in the taskmanager processes, startup folder(s), or the registry.
Click to expand...

I'm guessing those will be protected system files then. I'll likely have to boot to safe mode to delete them? Already disabled system restore if that's anyone else's next suggestion. :)

Thanks Fark, and everyone.
 
SPARTAN VI said:
I'm guessing those will be protected system files then. I'll likely have to boot to safe mode to delete them? Already disabled system restore if that's anyone else's next suggestion. :)

Thanks Fark, and everyone.
Click to expand...

yeah, you should boot to safe mode to delete
 
You must log in or register to reply here.
Back
Top