This ain't your average browser hijacker!

Factual Questions
1

Warning, there may be some foul language. This could easily be a Pit thread, but I’m at the end of my rope and really need some advice/help

I don’t know where the hell this came from. I haven’t downloaded anything from iffy sites, I’m not using any P2P programs, and the sites I visit aren’t really known for putting shit on your computer.(Well, not known for it, but they could.) Problem is, with so many sites visited, who the hell knows where it may have come from?

What I’m getting are pop-ups. Never pop-unders. They’re for sites ranging from Party poker, to Vonage to Bob’s Big Dick Pills dot com. They aren’t at any timed rate, but it seems if I hit a certain number of links, one shows up. This is whether I hit a number of websites, or refresh the SDMB page. It’s almost like a schedule.

I’ve tried everything I can think of. multiple times.

Windows Defender.

Windows malicious remover thingamajig.

Spybot. It found a trojan about a week ago and now doesn’t see it after removal. The scan today brought up 9 things associated with (heh) Firefox.

Ad-Aware.

CWShredder (pain in the ass to find a site to get it from. Tells me something there, but nothing is found.)

Pest Patrol.

AVG anti-virus.

Symantec anti-virus (My full version)

Hijack This!

Every one of them declares a clean bill of health.

In addition I’m running ZoneAlarm firewall, Windows firewall, IE pop-up blocker, and Panicware’s Pop-Up blocker. On a side note, I’m kind of impressed my system can handle all this and still perform with great speed.

I’m to the point I almost want to reinstall XP and be done with it. But that’s been my fix in the past for lesser problems. This fucking thing is really starting to piss me off now. I want to defeat it. It’s my Holy Grail. Won’t you join my band of Merry Men?
Seriously, I’ve tried everything I can think of and find on sites like Kommando, etc. Obviously I’d like a no-cost solution as a reinstall doesn’t cost anything but time. But dammit, I don’t want to have to do that a second time should this happen again. A one-time fee would be acceptable if it’s the only way to fix these things.

I’ve tried to find obvious stuff in regedit, but with thousands of things to wade through I realized I don’t even know what I’m looking for.

Any suggestions? Those pertaining to fixing this problem are a priority. If you want to send me the addresses of the douchebags that are responsible for this kind of shit, I have some vacation time built up for a road trip. A seperate fund may be setup for bail/defense attorneys. :mad:

And yes, I realize Firefox is the end of world strife. I don’t like it. Not a permanent options.

As always, thanks in advance.

2

Crap, I forgot to mention.

In the “Favorites” toolbar, there are a bunch of links I can’t get rid of. “Cool Stuff”, “Travel”, “shopping Gifts”, etc. folders, as well as i.e. links such as “games”, “casino”, “web hosting”, etc.

If I right-click them, the only option is to “Close Toolbar”. If I try to use the “Organize” option they aren’t shown. If I hit the 'Favorites" in the toolbar, the dropdown shows the crap, but I can’t get a dialog box when I right-click. Under “Tools” the checked items are “Standard buttons”, “Address bar” and “StumbleUpon”. The StumbleUpon has been installed for about 6 months so I doubt that’s it.

Anyway, in case any of that helps.

3

My sole input is to direct you over to the http://www.spywareinfo.com/ forums. Register and post your problem over there. They have helped me twice in the past when no one else could.

4

One more you might want to try:

Ewido online scanner

I haven’t tried this myself, but it comes highly recommended as something that catches malware that other scanners might miss. Also the fact that it’s an online scan is a plus, since you won’t have to install another piece of software on your machine… well except for an active x control to use the program.

Good luck and let us know if it helps.

5

Did you empty your caches, or is that trojan still sitting in quarentine? :confused:

6

Damn, didn’t think of that. I’ll check it out right now.
Squee, not sure about the Active-X. Been burned on that before, but if anyone else can vouch for it I’ll give it a shot.

Thanks again.

7

ZC’s post reminded me…

Also disable system restore, if you have it enabled. Viruses and malware tend to be archived in there as well as your temp folders.

8

When you ran Hijack This, did anything odd appear with an R0 or R1 code?

9

Nothing odd appeared at all. It said there were no problems detected. Or whatever the syntax is they use. I get a little confused at this point.
And the system restore is on. If I disable it, then what? Run everything again?

10

I should warn you, disabling system restore will delete all of you restore points. If you haven’t yet identified the culprit, you can wait on this step.

11

Did you try “Vundofix” (easily found on anti-malware boards and sites)? A couple months ago, I got a browser hijacker I couldn’t get rid of, despite running every anti-viruses I could think of, and it turned to be a malware called “Vundo”, apparently relatively widespread and definitely nasty.

12

Ran Vundofix and nothing was found. Keep the suggestions coming. I’ll try anything up to and including live bunny sacrifice.
And I’ll keep the restore on for now.

13

Is a wipe and reinstall out of the question, this is usually a pretty fast fix for any tenacious virus or spyware. Sometimes you will run across infections that do not come out neatly anyway and leave you with a twitchy copy of windows.

14

It’s quite possible you’ve got a root kit virus which is more or less undetectable by regular virus/malware scanners as it modifies the OS to make itself invisible.

Go here & DL the blacklight beta

It will tell you if there are any hidden root kit crap installed & offer the option to rename the offending stuff. Once this is done restart the system in safe mode and run hijack this and delete any questionable processes. You should now see a few.

Re-boot than run a virus scanner liek ewido. It shoul now be able to detect the virus if it is still present.

15

The other day I had a bitch of a malware problem. Granted it was my fault :smack: but it required a lot of restarting is safe mode etc. Not sure if it is the same problem or not. Best way to find out is go to C WINDOWS TEMP and if you have things that resemble this win2a.tmp (different numbers and letters following win) and some like this win2a.tmp.exe. Then you have the same problem I had.
If that is the case you will need some special removal tools available from various sources like http://www.spyware-fighter.com/spy/

Good luck!

16

Since when does HJT report problems or no problems? I thought it just gave you a log to do with what you need?

Post your HJT log here, or at the Tech Support Guy Forum

Have you tried going to a restore point and then re-running your spyware apps? Or running them in Safe Mode? Or letting them run at startup?

17

Have you checked your internet settings?

Something or other I clicked on actually managed to change my DNS server and my IPA. I am on a LAN at home (router), so it is programmed to automatically get the address. At some point, I was having many of the issues you are describing. For some reason, I double checked my settings and found that there were actual numbers plugged in where there shouldn’t be. I cleared them out, reset it to check automatically for IPA and DNS and poof, problem solved.

Good luck.

18

Try downloading DLL Compare and Killbox. Open the DLL Compare program. then click Run locate.com in the upper left. Then click Compare at the lower right. Report back if it finds any files with the names and dates they were created. Do not delete anything at this time.

19

Ewido? Vouch!

CMC fnord!

20

Hey, duffer – you know what I’m gonna say, right? Maybe it’s time to move to that “alternative” OS you got installed. :wink:

My only real contribution here would be to suggest Mozilla. I don’t like Firefox either, but Mozilla is great for me. Now, I’m not really advocating for it, especially as I know what it’s like to just want to figure out how to fix one particular thing, but I thought I might as well throw it out there anyway. Take it or leave it – best of luck to you in figuring this one out.