When i open firefox i am getting netshield telling me that jl.chura.pl/rc/ has been blocked, i already blocked that site on my router and that helped tremendously to clear up the infection i had. all instances of that virus is gone except for this one thing. any idea on where to look to get rid of that redirect attempt?
Have you ran the avast! Virus Cleaner - free virus removal tool?
This malware is associated with a very nasty virus called Virut and many times the only cure is a full reformat and reinstall.
oh yes i ran that and avast did not clear it out. had to run a myriad of things malwarebytes, superantispyware, dr web, even had to go in and windows recovery and delete user32.dll and reinstall it. my systems appears to be clean now because i am now able to get to avast.com and update and also update malwarebytes and superantispyware. It is just this one redirect that keeps popping up when i open firefox. i have searched the registry but i cannot find anything. not sure where i should be looking for attempted redirects. since i blocked that site on my router that made a world of difference in being able to clean this virus up. nothing shows up in my HJT log either. I dont get it.
That URL which is being blocked is a known malicious site, that is why avast is blocking.
What has to be found is why when firefox is launched it tries to connect there. Presumably when you open firefox it open your home page or other sites ?
If so then it is possible that one or more of them has been hacked.
So what sites open when you start firefox ?
Change the http for hXXp in the URLs so the link isn’t active.
yes, when i open firefox, i have google as my home page. it goes to google just fine and any other site (now that i have the jl.chura.pl blocked on my router, before that certain sites were redirected to random sites: nationwideinsurance, ign.com etc)
so exactly where do i need to look? and where am i chaning http to hxxp?
thanks again for the help.
and where am i chaning http to hxxp?
So nobody can click on the malicious link before realizing what they are doing.
I have found a fix for this posted on a few sites. From here: http://www.mywot.com/en/scorecard/jl.chura.pl
1- go to “C:\Program Files\Mozilla Firefox\res” (if you have fIrefox installed in C: partition)
2-you will see a html file “hiddenWindow.html” at that folder
3-open it with notepad and remove “”
4-save file and that’s all.
For IE just try changing d Home Page.That should be enough.
ahhhh that was it!!! gonna reboot and see if the problem is taken care of, if so then i have (FINALLY), successfully removed the virut.56 without having to format…yay…yes it took me over the course of tow and half days to accomplish this LOL
(curious evilfantasy, what did you search for to find that, in all my researching trying to get rid of this virus i never came acrooss that one, thanks again for your help.)
(did not realize i hat posted an active link, i will use hxxp from now on.)
thanks again, be back in a few and let ya know if it worked
I searched this.
jl.chura.pl/rc/
Thanks for posting.
The strange thing an avast on-demand scan (depends on settings) I would have though this hiddenWindow.html file would have been found as infected with the iframe-inf or similar malware name, weird.
Reminds me of the Firefox overlay.xul file which is a browser redirect. You have to go in and manually delete it.
C:/Program Files/Mozilla/Firefox/extentions/{xxxxxxxxxx}/chrome/content/overlay.xul
{xxxxxxxxxx} is always a different set of letters and numbers so scanners have a hard time with it.
ahhh i did not search the /rc/ part just the first part of the addie, anyways, everything worked great! i had aboput 7 lines of iframe in that hiddenwindow file though, got rid of them all, everything is working superb! sop glad i did not have to format.
thanks again everyone…
VIRUT.56 is DEAD!!!