Running FF, but getting IE windows/popups ??

[angelfire]

Help -- my laptop is freaking out on me! 

I only use Firefox -- I don't even have Internet Explorer as a desktop icon or in the Start Menu (though it is still installed in the computer). The last few days, I've been getting a lot of popup boxes (spammy ad type stuff) that say IE at the top, not FF.

Weirder yet, I've had a number of them that seem to be BOTH -- the FF fox icon is at the far left of the top bar of them, but that is followed by the words "Windows Internet Explorer" and the http address.

Sometimes it happens not as a separate popup box, but a whole new window opens, again with either IE or the FF/IE combo (I think those are strictly IE, not the combo thing, IIRC). These windows form and open without me clicking on anything, they just come out of nowhere.

I have adblock, and it's active and working on the regular FF pages, but it isn't present on the IE and FF/IE popups and windows, so I can't just block them with that.

I've run full scans with both AVG and Avast, and nothing showed up. Right after the Avast scan last night though, I was using the laptop and the Avast alarm went off from a virus/worm that it had just caught. I clicked the option to stop the virus/worm from downloading, and it went away. That had also happened a couple other times in the few days prior.

Also noticed a problem suddenly with not being able to log into Myspace (regular or mobile), it lets me get to the sign-in page, enter my username & password, and then it stays stuck at "loading" forever... doesn't ever connect. Tried going to Myspace thru Google (rather than bookmarks) and Google also stays stuck on "loading" when anything with "Myspace" is in the search box. Yet it seems to work for everything else. ?? I don't know if the IE and Myspace issues are related or not, but they appeared at the same time. I did finally manage to get logged onto Myspace mobile late last night -- I haven't been back on the laptop since to see if that's resolved itself now or what. I'm kind of afraid to use it... I finally got a popup that wouldn't let me click on the red X at the top, or close it from the task bar or anything... I ended up just shutting it all down and haven't been back to it since. I'm on my PC right now.

Does anyone know how the heck I'm getting IE popups and windows when I'm only using FF -- and what I can do to fix the issue?

I have pretty much all the same stuff on my PC as I do on my laptop, and the PC has no such problems, just the laptop. Many thanks in advance for any advice!!!

[swytch]

I think I've seen what you are talking about.  I fixed to laptops lately with the same sort of symptoms and each time is was nasty malware.  If that turns out to be what you are encountering, your first step is to run Spybot Search and Destroy: http://www.safer-networking.org/en/download/
Download it, run the updates and immunizer.  then run a full scan on your PC.  I also found an odd program installed in windows Add/Remove programs area which matched a title which was popping up on my screen (look for a company/product name - other than browser names).  To fix those laptops, I had to both manually uninstall a malware program from the Add/Remove progs area in windows AND run a malware cleaner on the machine.

Try those out and let me know how it goes!  Happy New Year! 

Swytch~~ 

[angelfire]

Many thanks, Swytch!!!     I'll try those and let you know what happens.

And Happy New Year to you too, and to all She-(and He!)Geeks!! 

[angelfire]

Swytch~

Still having problems... I downloaded Spybot and did the updates and immunizations, then ran the scan. A lot of viruses were showing up in the box as the scan went on -- a dozen instances of one, 10 of another, 1 each of several more, etc., I was amazed as I've been thinking that I was fairly well protected with AVG and Avast free editions, so I was aghast at the number of infections this scan was finding. Anyway, it got to a particular thing -- "Virtumonde.dll" -- and instead of capturing it, it got stuck there and the scan stopped right there. Much, much later I closed it out and started over. The same results showed up in the infection box, followed by the same stopping and getting stuck on "Virtumonde.dll." Exact same place in the sequence as before.

I wound up closing out and starting over several times, always the same scenario. Finally I just left it stuck at that spot, figuring that maybe eventually it would capture it if I left it alone to do so. Nope -- the computer eventually gives notice that "the program is not responding," so I closed it out again. Did that a few more times, same thing.

Finally, I Googled "Virtumonde.dll" and found out that it's a part of the Virtumonde virus which is really, really nasty. It spreads and changes names inside the computer and basically outruns attempts to eliminate it, or turns around and attacks the attempts to eliminate it. It's a real pain to get rid of, from what I've read, and I believe it! I've tried several different methods that I've read about, and so far it has thwarted all of them. I'm about to chuck the laptop out the window, I'm so frustrated!!! I've probably spent at least 12-16 solid hours on this thing, and it's kicking my ass!!!!   

I did find out in reading up on it that this virus is most likely what is causing the weird popups and the problems with Myspace and Google, it's known for those things. It's getting more prevalent and also getting smarter and stronger over time. It tends to get past most anti-virus programs, and it also opens the door for other viruses, which is probably why I have so many now. And, as I said, it's extremely tough to get rid of. It thwarted Spybot Search & Destroy, and wasn't even recognized by "Vundofix," which is supposed to be just for that.

I'm still plugging away at it. I'm not sure what I'll be trying next -- have to do some more reading. Any advice would be greatly appreciated! I hope to get it cleared up soon, as it tends to destroy computers if left to run rampant for very long, and I really, really love my laptop! 

P.S.: I haven't had any luck in identifying any suspect programs in the Add/Remove Programs area. I don't know what some of them are, but nothing stands out as being related to the viruses I've got (at least as far as I can tell). I don't want to remove anything that may be legit. This "Virtumonde" thing also has a habit of getting into the registry, and that's one of things I have to do yet -- try to find and remove the "evil" ones there. I've already set a "system restore" point and saved my important stuff to disk, just in case I screw up my own registry (or anything else) in the process. That's one of the hazards of trying to fight this thing, from what I've read.

All I want is 10 minutes alone with the #@%^$%!! that dreamed this thing up!!! 

[swytch]

@angelfire-

Hey there.  Well, it does look like you have a bugger there. 

AVG doesn't always pick up malware, though its generally quite good at picking up viruses.  I use a 3 part combo for my "pc health kit".  AVG, Spybot Search & Destroy & CCleaner (i'd download this one too http://www.ccleaner.com/download).

  unfortunately it looks as though you'll need to do some manual deleting/editing to completely rid yourself of this bug.  Doing it manually is not often very easy...but doable.  i found a little more info on Spybot's forums.  Did you disable TeaTimer prior to running your scan?  It locks down certain files from editing so it might be worth a try in this case.  Also, you can try running Spybot with your computer in (windows) Safe Mode.

info found on spybot forums:
http://forums.spybot.info/showthread.php?t=26215

Swytch~~   

[tomron]

@anglefire...

You can also try SUPERANTISPYWARE and MALWAREBYTES...

HJT might show the nasties....

Also try scanning in safe mode

[angelfire]

@Swytch~

Making progress!!! A thousand thanks for the info and the link to the Spybot forum thread -- I can't believe I didn't think of searching there! Duh!!

First off, I DID finally find a rogue entry in the Add/Remove Programs area -- I had just X'd out a popup advertising something like "Windows Registry Defender" or similar, remembered that I had seen that popup before, then found the same thing in Add/Remove. So I removed it, and the laptop immediately ran a heck of a lot faster. That was the first good thing!

I disabled TeaTimer and ran the Spybot scan again, this time in Safe Mode. It went all the way through this time, and didn't get stuck on "Virtumonde.dll." It caught it. YAY!!! The scan itself ran a lot faster this time, too -- I don't know whether that was due to the program I removed or to disabling TeaTimer or being in Safe Mode (or a combo thereof), but anyway it didn't take long at all. At the end of the scan, I had 126 !!! infections of various sorts, and there were still a bunch of "Virtumonde" ones with "Error" notices that couldn't be contained because the scanner's memory was full with the first 126! I clicked on the button to "fix" the ones it already had, it did that, and then it advised me that after a computer restart a new scan could probably get the rest. So I restarted and rescanned, and sure enough it caught & "fixed" the remaining 34 infections!!! WHEW!!!

So now I'm at the stage of identifying and deleting all the remaining little turds that are hiding in the registry and whatnot. It'll be time-consuming, but worth it!! Thanks again for all your help -- my laptop would be in a snowbank outside my bedroom window right now if it weren't for you!   I can't say thanks enough!!!

On edit: Forgot to add that I'm going to download CCleaner too -- thanks for that also!

@Tomron~

I'm going to try the links you suggested. I had already done the Malwarebytes one before, but the Virtumonde thing had interfered with it, so I deleted all the downloads from it before I redid the Spybot scans in Safe Mode. Now that a lot of that stuff is out of the way, I'll redownload it and try it again.

I'd read about Superantispyware, but hadn't tried it -- I don't know the first thing about HJT logs and all that, so I was trying to find a way to do it "myself." But I'm going to go there and read all the instructions and fully learn it, then do it! It's got to be easier than trying to identify & deal with all the little nasties myself!  Thanks for pointing me in that direction again!

[tomron]

You can also try McAfee Stinger or Trend Micro

[stripahoe]

you might be doing this already, but make sure to run your both your spyware and anti-virus software while your computer is in safe mode.  if you run them in regular mode, the malware/virus is already running so a lot of it can't be removed.  when you use safe mode, these programs are not running, thereby allowing your anti-virus/spyware program to completely remove the offending program.

good luck!