Bloody popups

Anybody got any experience of Firefox Popup problems?

Think it's some kind of spy/adware.

It was affecting IE as well as FF but I moved a few DLLs which I thought might have been casuing problems and that appears to have stopped the problem in IE but FF still has problems.

Most of the time it's sending me to: http://www.mega-cheap.com/normal/yyy34.html.

Virus/spyware scans show nothing, the PC isn't mine so I'm not sure what might have been installed - I've been told that nothing has been installed (Knowingly).

Have looked as msconfig and HiJack this and the services but nothing.

Nothing looks odd in the task mamnager so I'm a bit stumped.

It fires it up even when FF isn't loaded.

Oh and it also pops up some Flash adverts as well.

Anybody got any idea what it might be or where I could look next?

Cheers,

Dean

Sounds like some virus, trojan, and/or spyware is on the computer. You can look over the task manager processes running and see if there is anything suspicious. Run complete antivirus scan, and multiple antispyware scans (using different antispyware programs). Try scanning in safe mode.

Done all that and still can't find anything.

Tried a few spyware proggys but none of them are finding anything.

It's now trying to install WinFixer 2005

Sounds like a good time to reformat and to start from scratch!

What programs have you used? I was able to clean up a similar problem using Spybot S& D, CrapCleaner and ZoneAlarm Security Suite.

Spybot usually picks up most things for me. Have you updated it before running it? Also maybe post a HJT log here and see if anyone else can spot anything. There are some wiseguys on Devshed when it comes to HJT too.

It might also be worth looking at rootkit revealer too.
http://www.sysinternals.com/Utiliti...itRevealer.html

Tried SpyBot S&D, ZoneAlarm, Spyware Blaster, AVG Anti-Virus and Lavasoft AdAware plus one or two others that I can't rememeber.

I've checked the Program files for anyting iffy and can't find anything, have uninstalled everything I think shouldn't be there and still it keeps going.

Beginning to think that I do need to format and start again but must admit that I'm just being lazy. Seems a bit OTT for the problem but it is starting to get on my tits a bit to say the least.

I could almost put up with it if it weren't for the resizing of the window everytime it pops up.

Ahhh well; good format could get rid of any other "lingering" problems.

Cheers all,

Dean

You could look at all the bootup processes with msconfig, and disable anything that looks suspicious.

Also turn off system restore and rescan. And if you're using IE try turning off the "allow third party browser extensions" setting.

Already done the MSCOnfig thing.

Will have a look at the IE 3rd party though... didn't think of that.

Turned off Restore an age ago; hate it with a passion. More trouble tha it's worth!

Cheers,

Dean

once virus get control, it can do whatever it want, including replacing real windows dll
files with its own files - usually such thing is not reversible. and anti virus programs won't
recognize it because the files are "real" by all means.

See what you mean but would have thought there would be another file which had to do the overwriting in the first place.

Reinstalled FF but that didn't do anything so if it was a virus which was overwriting DLLs I would have expected the reinstall to overwrite them again.... and because the problem has carried on I would have to assume that something has overwritten the DLLs again meaning that there is a detectable exe in there somewhere doing the overwriting. Knew I'd get there in the end.

Looks like I'm just going to have to go with the rebuild option as I've tried another two anti-virus and a few other bits and bobs and nothing is coming up with anything.

Whatever it is is a sneaky little bugger.

Cheers for all your help people.

Dean