this popup drops what im doing and opens webpage everyday

DO NOT CLICK!!!http://web.tofushopnews.com/g/?ilmernzkvtazn=BCAEC5119C316547&pu=&s=D-firefox&nm=ilmernzkvtazn&t=(Not a link!!!)
This site engages my web browser every day. I suspect its a virus down load. But cant find a way to make it stop from opening my browser. No matter what im doing this happens. Can someone tell me how to block them? I have Malwarebytes as well as avast. I scanned after it happened a few times to make sure I was clean. And nothing showed up in scans.

Could you follow the steps here http://forum.avast.com/index.php?topic=53253.0
And attach the generated logs in this thread

report on that link… click Picture in top right corner http://urlquery.net/report.php?id=4500793

It has javascript malware on it: http://sitecheck.sucuri.net/results/web.tofushopnews.com/g/

The Hacker is detecting this on the downloaded file in Virustotal: JS/Feebs.gen@MM

The Website is downloading two files called SetStretch.exe and SetStretch.cmd.

Virustotal: https://www.virustotal.com/en/file/a84b5e69527a9f91dae964ed40022a2a77c1fe45b7a381a335202ec3927d140b/analysis/1376253695/
https://www.virustotal.com/en/file/656912e6b3deb9fd4b6f223e9056350a77253fbda1b66df867aeda08956af342/analysis/

The files can be found in the Program (32-Bit) Folder of Windows.

I will sent them to Avast for analysis.

The cmd file opens the exe file (Screenshot)

The files look clean. 1/45 is detecting the exe file on Virustotal as Virut-Virus (Jiagnmin).

It was first submitted 2009.

Please follow the Steps from Essexboy until he gives you a clean sheet, or he gives up. ;D

I am also having the exact same problem. Attached are my log files. Malwarebytes didn’t find anything.

Does this occur only in firefox or is it in IE as well

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2013/05/29 18:34:21 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
O3 - HKU\S-1-5-21-894513301-464839021-2148896484-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I’m also having the same problem with Google Chrome, it happens every day.

More to the point does it occur in IE as chrome and firefox share files

Received Microsoft windows message “OTL Stopped Working” during fix. Rebooted and ran OTL quick scan. Results attached.

Are you still getting the same problem ?

So far it hasn’t come up. We will wait and see now. THANKS for your help!

Hmm the problem with firefox is that there are so many places for the malware to hide unseen

Could you run firefox in safe mode and see if the alerts restart https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

Hi, I generally use Chrome, but this same pop-up comes up on my computer maybe daily in an IE window. Can I follow the same fix that outlined above that says it’s system specific?

No as stated they are system specific, used on another computer may cause some unexpected results