Firefox taken over by IE! (msg 1 of 2)

Discussion in 'Malware Help (A Specialist Will Reply)' started by Chicagoshirl, Jul 8, 2010.

  1. Chicagoshirl

    Chicagoshirl Private E-2

    Just over the past few days, I've noticed problems with Firefox. Font is different, stored passwords to various sites no longer come up, page load errors look like the IE message page rather than what normally pops up when Firefox can't load a page. I'm running XP Professional, SP 3, and thought I was doing the right thing by having McAfee Total Protection. But lately McAfee has been buggy, continually prompting me to reboot so it can fix a problem it found (trojan named Artemis!) but never seems able to fix the problem despite shutting down and rebooting. Are these incidents related?

    I feel like an idiot. I've never had this happen before, and have always been the one to help others with their pc problems. But now I am stumped. Do I load a different total protection package such as Norton (which I believe I can get free from my ISP)? The Firefox site has some suggestions posted, and also linked to various forums, so after working all night (I'm in healthcare) I spent some time exploring here and at bleepingcomputer. After sleeping a little, I have now diligently followed all the steps on your "Read and Run Me First" page (did them all, didn't cheat!), and will attach all the logs as instructed.

    I do note some improvements, such as no longer getting a couple of error messages that used to pop up on start-up or shut-down. However, my main concern is that Firefox still seems to be not itself, and is more like IE running in disguise. When I click on Help, About, it shows Firefox version 3.6.6. But when I tab over to one of my bookmarked pages (CBS, Late Show) there is a msg bar at the top of the screen that says "You are using an outdated browser. For a better experience using CBS.com, please upgrade to a modern web browser." It then lists links to Firefox 3.5, IE 8, and a couple of others. So if I'm really running 3.6.6, why is this msg displaying? And now pop-up ads, that I haven't had a problem with in years, are suddenly all over the place. Aarrgh!

    And just to add to the frustration and tension, I am nervous about being online, knowing my pc is being controlled by who knows what and possibly sending my data to who knows where.

    Also, I have loved Firefox from the Mozilla beginnings, and loathe all things msft, so only used IE when forced to (school or work). But did I really see something here that indicates IE8 is safer than Firefox? I also saw something, either here or at bleepingcomputer, about game sites being particularly risky, and must confess that I have recently spent some time on a site a family member told me about, but will be staying away from them until I have a sense of the source of my problems.

    Anyway, thanks so much for whatever advice, help, etc. you can give me. And my next pc project is going to be reading through the protection/prevention discussions.
     

    Attached Files:

    Chicagoshirl, Jul 8, 2010
    #1
  2. Chicagoshirl

    Chicagoshirl Private E-2

    Firefox taken over by IE! (msg 2 of 2)

    Here is the second msg required for me to upload the 5th log. Thanks so much for this site. Can't believe how much I've learned in the past couple of hours!
     

    Attached Files:

    Chicagoshirl, Jul 8, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs. Perhaps you should uninstall FF.

    We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:

    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need to exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:

    C:\Documents and Settings\UserAccount\Local Settings\Application Data\Mozilla
    C:\Program Files\Mozilla Firefox

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).


    Is FireFox working okay now?
     
    TimW, Jul 8, 2010
    #3
  4. Chicagoshirl

    Chicagoshirl Private E-2

    Hey Tim. Thanks for the instructions. I have hit a snag, though, when trying to delete the C:\Program Files\Mozilla Firefox folder. I get an error, access denied pop up that tells me a file is in use or write protected. The file is Scriptff.dll and is in the components subdirectory. When I right click for properties, I see that it has a McAfee copyright, and is described as VSCore Script Scanner. I tried disabling McAfee's real time scanning to see if that would put the file out of use, but no dice. Any idea how to work around this?

    Again, many, many, thanks.

    Shirl
     
    Chicagoshirl, Jul 9, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You may be far enough along to go ahead and try re-installing FF. Let me know how that goes.
     
    TimW, Jul 9, 2010
    #5
  6. Chicagoshirl

    Chicagoshirl Private E-2

    Hey Tim. Well, so far it all looks ok. But I stupidly didn't print out my passwords before I uninstalled, so will need to deal with that over the next few weeks as I log in to various places. But that's a minor inconvenience compared to being haunted by IE and having stupid Bing pop-ups all over the place!

    I cannot thank you enough. This site rocks, and will be my newest and one of my favorite bookmarks!

    One final question, if you don't mind my asking. Any idea how this could have happened? Like I said in my original post, I have McAfee "Total Protection" installed and running, so what snuck past it? My isp is comcast, and they offer Norton free to their customers. Should I ditch McAfee and switch to Norton? I had Norton in the past, in Win 98 and 2K days, and was quite happy; only reason I went with McAfee was I had to get a new machine a while back for school (needed XP and Office) and McAfee was on sale at the time. Alternatively, would it be enough to supplement McAfee with one of the spyware programs listed on the how to stay protected page?

    Again, a million and one thanks. You are doing a great service by helping out poor unsuspecting souls who have been cyber smacked.

    Shirl
     
    Chicagoshirl, Jul 9, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. But just be aware that all AV programs have their faults. It really is a matter of how quickly they update their definitions to catch new forms of malware. You should just pay some heed to the link on how to protect yourself at the bottom of these final instructions;

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:

     
    TimW, Jul 10, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds