I’ve been getting weird message boxes popping up in Firefox 7.0.1. I’ll be browsing normal websites (Facebook, email, school website)and Firefox will freeze. After unfreezing, a message box will pop up with no text in the box or on the two choices. This has happened about 4-5 times in the past couple days, so I’m running a scan with the free Avast! antivirus. I’m also probably going to run a Malwarebyte’s scan as soon as that finishes. In the mean time, does anyone recognize this as a virus of some sort, or think it could be a virus? Thanks a lot.
The way to start is do a full scan with avast of your users file to be found on Computer - So Computer → comp name C: → Users
If the browser was terminated not properly it could lead to such a message…
Else we have to contact essexboy to have a more firm look at things,
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
Nothing really jumps out at me there so lets use a dedicated firefox tool. Your MBR is still reporting Vista
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKU\S-1-5-21-391789883-3755849557-3817460217-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Is it only firefox ?
Please download GooredFix from one of the locations below and save it to your Desktop
[*]Ensure all Firefox windows are closed.
[*]To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
[*]When prompted to run the scan, click Yes.
[*]GooredFix will check for infections, and then a log will appear.
Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Any reason my MBR would report Vista? This computer was purchased directly from Dell with Windows 7 on it. Is it safe to use the scans you linked on a Windows 7 machine? (System properties show Windows 7 as my OS.) Thanks.
If it was an upgrade from Vista to Windows 7, I wouldn’t be aware of it. Dell advertised it as a machine with Windows 7 on it. It seems to affect only Firefox though. Opera seemed to hang slightly, but never had the pop-up box issue.
Did a boot-time scan and eliminated a few suspicious files.
Had about 4-5 instances of Java:CVE:2010-0842-B[EXPL]
Had two instances of Java:Agent-DC[TRJ]
Following is the log for GooredFix.
GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:32 on 27/10/2011 (Andrew)
Firefox version 7.0.1 (en-US)
Cleared my Java Cache. Also, I noticed after some experimentation that as long as I don’t have Facebook open, the message box wouldn’t pop up. Once the box started popping up though, it would come back with increasing frequency. (From once an hour to about once every two minutes.)
exact same problem here! firefox 7.0.1, avast free 6.0.1289, virus definitions 111103-0. happens when in facebook too and I do not have noScript installed too. A two-buttoned messagebox appears, with no text in it, i close it from the x button and it keeps coming up after some time. It does not have a standard trigger function I do that brings it up.