Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 5

Firefox browser has been hi-jacked and Internet Explorer won't run?

If I search for anything in Firefox using Google, the screen stalls, shows "waiting for triplexfeed" and then takes me to a new page saying I have a Windows Security Alert. However, it is a fake screen of the My Computer, not my real My Computer. The address bar shows "" and then whatever search term I have just entered in Google - followed by "1&HTTP_REFERER=33852"

The fake Windows Security Alert window shows detected spyware and adware on my computer, listing "Admess.Trojan, zserv.Transponder.Trojan, Wstart.TrojanDownloader" - and when I try to scroll down this fake windows alert pop-up, a new pop-up shows "Opening install.exe", apparently a Binary File from It won't close. I shut the browser with Windows Task Manager, tried again and got a similar pop-up, this time saying "The page at says The PC remains infected by spyware. They can seriously harm your private data or files, and should be healed immediately. Return to Cyber Security and download it secure to your PC" (the grammar faults are theirs!)

I ran a McAfee scan and it detected 3 objects which it deleted. I shut down, re-booted and have the same problem. A repeat scan has not detected anything. McAfee shows the firewall is not installed although when I checked at the security center, it shows it is installed. I cannot get McAfee to switch on the Firewall, so I have switched on the standard Windows Firewall instead - presumably too late now.

I am running Total Protection Standard Service 2 Year Subscription which was purchased on 6th January 2010, soon after I bought the PC and whilst the trial version that was pre-installed was still operating. All updates have been installed automatically.

I hope someone can tell me what I need to do please?

4 Replies
Level 7
Report Inappropriate Content
Message 2 of 5

Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

I have the same problem. Help plz.

Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

Hi Guys,

I guess the first thing to do here is to try & run our fakealert stinger -

Hopefully, this will eridcate the broswer modification & the presence of this fake AV program. If it doesn't then we'll have to arrange for you guys to submit suspicious files to our support group for further analysis.

Additionally, it may be worth running the stinger in safe mode.

Good luck


Level 7
Report Inappropriate Content
Message 4 of 5

Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

I tried the Fakestinger but to no affect. I re-ran McAfee Scan and it found 4 threats (attached). I shutdown & re-booted but the problem is still there. IE doesn't either (I think because of a safety measure - DEP?)

What else can I try?

Level 7
Report Inappropriate Content
Message 5 of 5

Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

In case the attachment doesn't open here is the detail of the report:

Elapsed time: 53:35

Scan engine version: 5301.4018

DAT file version: 5881.0000

Last update: November 21, 2009 (although I often click update now, this date hasn't changed?)

Completion status: Scan completed

Location: C:\

Files scanned: 273944

File threats detected: 4

Files cleaned: 0

Files deleted: 4

Registry threats detected: 0

Registry threats cleaned: 0

Cookie threats detected: 0

Cookie threats cleaned: 0

Threats detected

In     Type      Object                                                                                                                                                   Threat                                     Status

File  Trojan    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\                           Artemis!842DE988A5E5     Deleted


(This is repeated again, but in lower case)

File   Trojan   C:\WINDOWS\SYSTEM32\6A.TMP                                                                                               Generic PWS.y!bvz               Deleted

File    Trojan     C:\WINDOWS\system32\6A.tmp                                                                                               Generic PWS.y!bvz               Deleted

Hope someone can offer a suggestion as I am stuck! I have re-run the stinger in Safe Mode too, but no difference.

If I hit Internet Explorer icon several times, I eventually get a pop-up box referring to DEP - Data Execution Prevention, indicating that Windows is protecting memory by preventing executables running from protected memory locations. Great - but shouldn't Firefox do this too? DEP merely indicates the Trojan is still there.


Message was edited by: Marlin on 03/02/10 18:45:01 CST

Message was edited by: Marlin on 03/02/10 18:47:28 CST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community