I was recently browsing LifeHacker in Firefox when the NoScript notification appeared at the bottom of my screen saying tons of scripts had been blocked. Ever since then, my computer has been really slow and I sometimes get redirected to advertisement sites in Firefox. I did a thorough scan of both my C and D drives with avast! (in Safe Mode), but nothing turned up. I am updated with the latest program version and VPS definitions. I don’t know what to do now, so hopefully you guys can help me out.
Welcome to the forums!
Try downloading Malwarebytes from http://www.malwarebytes.org (the trial version) and run a quick scan.
Let us know if that fixes it. If not, we can try HJT next.
Here’s the log:
Malwarebytes’ Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
4/15/2009 12:01:15 PM
mbam-log-2009-04-15 (12-01-11).txt
Scan type: Quick Scan
Objects scanned: 71850
Time elapsed: 13 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Why did you disable the Security Center items?
You have disabled Automatic Updates, anti virus detection and Windows firewall.
He possibly didn’t, as this is a tactic of malware that want to disable your security programs without the WSC alerting to it being disabled, etc.
@ Vonnick
- Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.
It still doesn’t explain why he has browser redirections.
MalwareBytes checks the hosts file, right?
Maybe we’ll have you download hijackthis http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
and run a scan. Then, you can post the log here for further review.
I wasn’t responding to that just why the security center reporting was disabled.
@ Vonnick
However, I would expect more in the way of consistency as the redirect is intermittent.
I sometimes get redirected to advertisement sites in Firefox.
If this were a consistent issue I would have though MBAM would have seen something, so HJT is one option. Also SUPERantispyware On-Demand only in free version.
Personally in NoScript I don’t have notifications enabled, I simply can’t see the point of being told what scripts have been blocked as they can’t harm you having been blocked. Those notifications are doing more harm than good and making you paranoid.
So I think it more likely a coincidence that you notice a slowing on your system. That doesn’t mean you didn’t have something going on just that I don’t believe the notifications were anything to do with it.
I would also suggest AdBlock Plus for firefox.