Infection - Once Firefox Pops (Up), It Doesn't Stop

Discussion in 'Malware Help (A Specialist Will Reply)' started by schreibah, Jan 16, 2010.

  1. schreibah

    schreibah Private E-2

    Hi all!

    Having some computer problems. About three days ago I got tired of all the duplicate photos and songs on my hard drive, so I downloaded some programs to help me find and delete them: DoublePics, Duplicate File Cleaner & Vistanita Duplicate Finder for the photos, Markelsoft Dupe Eliminator for iTunes for the songs. Right around that time I started experiencing difficulty with Firefox: when I would try to navigate to a search result in Google, half or more of the time I would be directed to a site I hadn't intended to visit. It's a minor annoyance, but I'm afraid it signifies some deeper problem.

    I've tried to run the entire suite of programs as per the Vista Cleaning Procedure (I'm running Windows 7). Superantispyware, MBAM and ComboFix appear to have run fine, but I've run into trouble with RootRepeal. When I attempt to open the program, I am given the message "FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000e4)." If press OK and try to run a file scan, I get two more messages, one saying to contact the author (which I have not yet done) and another reiterating "0xc0000024".

    I have not yet run MGTools; I wanted to get an Admin's opinion before going ahead. I would appreciate very much if someone could take a look at my logs and see what the deal is. Thanks!
     

    Attached Files:

    schreibah, Jan 16, 2010
    #1
  2. schreibah

    schreibah Private E-2

    I opened the ComboFix log out of curiosity and realized that it hadn't run properly. Here's the log from a second run.
     

    Attached Files:

    schreibah, Jan 16, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the log from running the C:\MGTools.exe ---> C:\MGLogs.zip.
     
    TimW, Jan 17, 2010
    #3
  4. schreibah

    schreibah Private E-2

    Here's the MGTools log.
     

    Attached Files:

    schreibah, Jan 17, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to tell me exactly what is happening. What pop up? I am not seeing any particular malware in your logs. Please run CCleaner and make sure your temp folders are clean.
     
    TimW, Jan 18, 2010
    #5
  6. schreibah

    schreibah Private E-2

    I wish I could tell you the sites to which I was redirected, but that has stopped happening. I needed to use my computer, despite the redirector Virus, so I installed Avast! and ran a startup scan. That appears to have taken care of the redirection problem, but now Windows is telling me that I don't have a genuine copy of Windows 7.

    When I try to re-enter the product key, I get error code 0x8007000D (description: The data is invalid)

    Trying to renter the key using command "slmgr.vbs -ipk <insert your product key here>" doesn't work, either.

    Ive tried running a repair installation with the Windows 7 disk, but it hangs at "Verifying compatibility."

    Nothing is working. Maybe I have to do a clean installation?
     
    schreibah, Jan 18, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest that you post in the software forum. I have seen this happen before, though I don't recall what people had to do to resolve it.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Jan 21, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds