Nsis Media Pop-ups

Re: Nsis Media Pop-ups /HJT log

Welcome to Majorgeeks,

In your Add/Remove Programs list the below appears:
NSIS Media Extension

Have you actually tried just uninstalling this?

 

You will need to save the below information locally to a text file or print it because I will be telling you to disconnect from the internet soon!

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files".

NOW DISCONNECT YOUR PC from the internet by unplugging the cable.


Once you are disconnected from the internet and you have saved the file double click it and allow it to merge with the registry.

Look for the below files and them if they exist, delete them(if you cannot delete it right now, boot into safe mode and see if you can delete them):
C:\Program Files\Mozilla Firefox\chrome\nsis.jar
C:\Windows\A~NSISu_.exe
c:\windows\system32\krnsvr32.dll
c:\windows\system32\wmdmb32.dll

Just stay in safe mode if at any point you need to boot to safe mode to delete any files.


Now delete the below folder and everything in it. (if you cannot delete it right now, boot into safe mode and see if you can delete it)
C:\Program Files\Common Files\NSIS

Now create the same folder as we just deleted (the NSIS folder) then right click on the folder from Windows Explorer and select Properties. Change the Attributes to have Read-only selected and also put a check in the Hidden box. (Note the Read-only option should already be set after creating the folder.)


Now delete all files & subfolders in the below folder (downloading things like this is a sure way to have malware problems):
C:\Documents and Settings\Mike\Local Settings\TEMP

Note Windows may block deletion of a few files from the current date in the above folder.

Now reboot into normal mode but do not reconnect to the internet yet. Just check to see if the problem files have come back or not. Hopefully the NSIS folder we recreated is empty.

Now connect to the internet and again check the status of the NSIS folder.

Now come back and tell me what happened.

Questions: Did you ever have Foxie Browser Suit with Security Firewall installed?

 

Sounds good! FireFox is not the cause of the problem. It is just one of the vehicle's that the infection uses to reinfect you. Any program on your PC can be used as a vehicle for reinfection. Most often malware creators have used Microsoft processes like explorer.exe, iexplore.exe (Internet Explorer), and winlogon.exe. Something else that has been installed or a site you visited (etc) just made use Firefox.

Make sure you download today's latest update to Sun Java: Sun Java Runtime Environment 5.0 Update 8

Then uninstall any old versions. Also make sure you say NO to the Google Toolbar add-on unless you want that.

 

You're welcome. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!