Well, it's starting.

WeedoWeedo New
edited October 2004 in Science & Tech
I'm starting to get popups in Firefox. I guess it was bound to happen. Started off with the Phoenix U popup and now more are showing up. A like so...

Comments

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian
    edited October 2004
    Have you checked for Spyware/Adware?
  • WeedoWeedo New
    edited October 2004
    Yeah, I check for it often.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited October 2004
    Can you give me a URL to test?
  • WeedoWeedo New
    edited October 2004
    Next time I see one I'll get the url and pass it on.

    That appears to be msnbc.msn.com. I just hit it again and didn't get hte popup though.
  • DexterDexter Vancouver, BC Canada
    edited October 2004
    Silly question perhaps, but do you have the Firefox built-in pop-up stopper enabled?

    I personally keep it disabled and use the 3rd party Pop-up Stopper Pro. Although I have found that is a little less compatible with FF than IE. My list of allowed pop-up sites works fine in IE, but does not work at all in FF, so I do end up enabling and disabling it more often.

    Dexter...
  • WeedoWeedo New
    edited October 2004
    Yes, I do have it enabled. I'm not getting them all the time. It's actually rare, except for the Phoenix University one. That one popped up a lot there for a while. Been a couple of days since I saw it last though.

    The other 3 I only saw once (in the last few days) and not since, so not a big problem so far. Also, I don't think is was msnbc that those 2 were generated from after all. Can't remember what is was though.
  • WeedoWeedo New
    edited October 2004
    Here's that Phoenix University popup. Anyone else getting this one? I've been seeing it regularly. Even after runnig all my spyware stuff. My Hijackthis log is clean too.
  • DexterDexter Vancouver, BC Canada
    edited October 2004
    Pheonix U has been an advertiser of C2 Media (aka Lop / Omegasearch) and other unscrupulous advertisers. I'd say something is fishy. Let's see your HJT log....

    Dexter...
  • WeedoWeedo New
    edited October 2004
    Here's the log.

    Logfile of HijackThis v1.98.0
    Scan saved at 3:20:22 AM, on 10/9/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\mail.com\mcalert.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Folding@Home\FahCore_78.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Security Programs\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [\\TBIRD1200\EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P36 "\\TBIRD1200\EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - Startup: Folding@home 4.00.lnk = ?
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download2.us4.outblaze.com/download/mail.com/emailalert/mail_mcea115.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095707476203
Sign In or Register to comment.