4 Replies Latest reply on Feb 3, 2010 6:47 PM by Marlin

    Firefox browser has been hi-jacked and Internet Explorer won't run?

      If I search for anything in Firefox using Google, the screen stalls, shows "waiting for triplexfeed" and then takes me to a new page saying I have a Windows Security Alert. However, it is a fake screen of the My Computer, not my real My Computer. The address bar shows "http://mywoobbvlo.com/in.cgi?7&parameter=" and then whatever search term I have just entered in Google - followed by "1&HTTP_REFERER=33852"

      The fake Windows Security Alert window shows detected spyware and adware on my computer, listing "Admess.Trojan, zserv.Transponder.Trojan, Wstart.TrojanDownloader" - and when I try to scroll down this fake windows alert pop-up, a new pop-up shows "Opening install.exe", apparently a Binary File from http://security-pc2016.org. It won't close. I shut the browser with Windows Task Manager, tried again and got a similar pop-up, this time saying "The page at http://security-pc2016.org says The PC remains infected by spyware. They can seriously harm your private data or files, and should be healed immediately. Return to Cyber Security and download it secure to your PC" (the grammar faults are theirs!)

       

      I ran a McAfee scan and it detected 3 objects which it deleted. I shut down, re-booted and have the same problem. A repeat scan has not detected anything. McAfee shows the firewall is not installed although when I checked at the security center, it shows it is installed. I cannot get McAfee to switch on the Firewall, so I have switched on the standard Windows Firewall instead - presumably too late now.

       

      I am running Total Protection Standard Service 2 Year Subscription which was purchased on 6th January 2010, soon after I bought the PC and whilst the trial version that was pre-installed was still operating. All updates have been installed automatically.

       

      I hope someone can tell me what I need to do please?

        • 1. Re: Firefox browser has been hi-jacked and Internet Explorer won't run?
          gzliaoh

          I have the same problem. Help plz.

          • 2. Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

            Hi Guys,

             

            I guess the first thing to do here is to try & run our fakealert stinger -

             

             

            http://download.nai.com/products/mcafee-avert/fakealertstinger.exe

             

            Hopefully, this will eridcate the broswer modification & the presence of this fake AV program. If it doesn't then we'll have to arrange for you guys to submit suspicious files to our support group for further analysis.

             

            Additionally, it may be worth running the stinger in safe mode.

             

            Good luck

             

            Tony

            • 3. Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

              I tried the Fakestinger but to no affect. I re-ran McAfee Scan and it found 4 threats (attached). I shutdown & re-booted but the problem is still there. IE doesn't either (I think because of a safety measure - DEP?)

               

              What else can I try?

              • 4. Re: Firefox browser has been hi-jacked and Internet Explorer won't run?

                In case the attachment doesn't open here is the detail of the report:

                Elapsed time: 53:35

                Scan engine version: 5301.4018

                DAT file version: 5881.0000

                Last update: November 21, 2009 (although I often click update now, this date hasn't changed?)

                Completion status: Scan completed

                Location: C:\

                Files scanned: 273944

                File threats detected: 4

                Files cleaned: 0

                Files deleted: 4

                Registry threats detected: 0

                Registry threats cleaned: 0

                Cookie threats detected: 0

                Cookie threats cleaned: 0

                 

                Threats detected

                In     Type      Object                                                                                                                                                    Threat                                     Status

                File  Trojan    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\                           Artemis!842DE988A5E5     Deleted

                APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ONH1Z4HV.DEFAULT\CACHE\533178A7D01

                 

                (This is repeated again, but in lower case)

                 

                File   Trojan   C:\WINDOWS\SYSTEM32\6A.TMP                                                                                                Generic PWS.y!bvz               Deleted

                File    Trojan     C:\WINDOWS\system32\6A.tmp                                                                                                Generic PWS.y!bvz               Deleted

                 

                Hope someone can offer a suggestion as I am stuck! I have re-run the stinger in Safe Mode too, but no difference.

                If I hit Internet Explorer icon several times, I eventually get a pop-up box referring to DEP - Data Execution Prevention, indicating that Windows is protecting memory by preventing executables running from protected memory locations. Great - but shouldn't Firefox do this too? DEP merely indicates the Trojan is still there.

                Thanks

                 

                 

                Message was edited by: Marlin on 03/02/10 18:45:01 CST

                 

                 

                Message was edited by: Marlin on 03/02/10 18:47:28 CST