AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2011-07-04, 07:53   Link #1
Marcus H.
Hunk o' Burning Love
 
 
Join Date: May 2009
Location: the Philippines
Suspicious Pop-ups in Browser

Hi, I think I might have stumbled upon something suspicious here.
My Mozilla Firefox v5.0 at times would have exactly 16 tabs open in a new window with the "Server not found" message after trying to access weird websites that starts with www. xn--*********.com or www. **unusual gibberish**.com or www. h.com. It would also open the folder containing My Documents.

Since I have no idea on what to do and I don't want to create a forum account just to ask about this, I've decided to ask here, hoping that someone else has encountered a similar problem.

Right now, I have downloaded HijackThis and MBAM, and is in the middle of a system scan using Avira AntiVir. And I have encountered the problem twice as of typing this post.
__________________
Marcus' Handpicked!
Autumn 2014: Log Horizon S2, Amagi Brilliant Park and Fate/Stay Night (2014).
Summer 2014: Hanayamata, Rail Wars!, Rokujouma no Shinryakusha!?, Sabagebu!, Gekkan Shoujo Nozaki-kun and Hanamonogatari.


Contact me on Wikia, MyAnimeList and Hummingbird.
MyAnimeList Status|| Watching: 36. Completed: 214. Plan to watch: 33.

Marcus H. is online now   Reply With Quote
Old 2011-07-04, 10:34   Link #2
Konakaga
Yuri Moderator
*Moderator
 
 
Join Date: Nov 2009
Location: FL, USA
Age: 27
Send a message via AIM to Konakaga Send a message via Skype™ to Konakaga
You definitely have some kind of virus or trojan on your computer for this to be happen.

You'll probably either need to run a virus scan in windows safe mode, or an on-boot virus scan especially if it's a trojan. Additionally if you have system restore enabled, you should probably disable temporally when running the scan.

To get any further help or advice, you have to find out what you're dealing with exactly.
__________________
Nanami Aoyama - Sakurasou no Pet na KanojoAvatar & Sig by TheEroKing
MAL(KagamiHiiragi)
Konakaga is offline   Reply With Quote
Old 2011-07-04, 11:00   Link #3
spikexp
Senior Member
 
 
Join Date: Oct 2008
Location: Quebec
Age: 22
run malwarebytes in safe mode.
spikexp is online now   Reply With Quote
Old 2011-07-04, 20:33   Link #4
synaesthetic
blinded by blood
*Author
 
 
Join Date: Jun 2009
Location: Oakland, CA
Age: 30
Send a message via AIM to synaesthetic Send a message via Skype™ to synaesthetic
Boot into safe mode with networking.
Go to housecall.trendmicro.com and run a scan.
Run HijackThis.
Run MBAM.
Should clear everything up.

Oh, and stop using Windows XP. With W7, UAC prevents most of this shit from happening. XP is insecure as hell especially since it grants your default user account administrator access and there isn't even a prompt or password request for making changes to system files.
__________________
synaesthetic is offline   Reply With Quote
Old 2011-07-04, 20:37   Link #5
Marcus H.
Hunk o' Burning Love
 
 
Join Date: May 2009
Location: the Philippines
I can't. Buying a license would set me back several thousand bucks here.

Windows 7 Starter: Php 1,900 - Php 2,100
Windows 7 Home Basic: Php 4,500 - 4,700
Windows 7 Home Premium: Php 5,700 - Php 5,900
Windows 7 Professional: Php 7,800 - Php 8,000
Windows 7 Ultimate: Php 10,500 - Php 11,000

EDIT: Performed a scan using HouseCall, HijackThis and MBAM on Safe Mode with Networking, and all came up with nothing.
__________________
Marcus' Handpicked!
Autumn 2014: Log Horizon S2, Amagi Brilliant Park and Fate/Stay Night (2014).
Summer 2014: Hanayamata, Rail Wars!, Rokujouma no Shinryakusha!?, Sabagebu!, Gekkan Shoujo Nozaki-kun and Hanamonogatari.


Contact me on Wikia, MyAnimeList and Hummingbird.
MyAnimeList Status|| Watching: 36. Completed: 214. Plan to watch: 33.


Last edited by Marcus H.; 2011-07-04 at 21:26.
Marcus H. is online now   Reply With Quote
Old 2011-07-04, 21:45   Link #6
Konakaga
Yuri Moderator
*Moderator
 
 
Join Date: Nov 2009
Location: FL, USA
Age: 27
Send a message via AIM to Konakaga Send a message via Skype™ to Konakaga
In that case you should try setting an on-boot scan with your anti-virus software; if your current one lacks the function to do so they I'd recommend Avast.
__________________
Nanami Aoyama - Sakurasou no Pet na KanojoAvatar & Sig by TheEroKing
MAL(KagamiHiiragi)
Konakaga is offline   Reply With Quote
Old 2011-07-04, 22:29   Link #7
synaesthetic
blinded by blood
*Author
 
 
Join Date: Jun 2009
Location: Oakland, CA
Age: 30
Send a message via AIM to synaesthetic Send a message via Skype™ to synaesthetic
There are plenty of free Linux distros out there.
__________________
synaesthetic is offline   Reply With Quote
Old 2011-07-04, 23:04   Link #8
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Sounds possibly like a Javascript issue to me. Create a new user in Windows and see if you get the same results. Try a different browser. Same results?

To follow up on syn's recommendation, burn this to a CD, put it in your drive and reboot. Choose the Try option. Your Windows installation will be left untouched.
__________________
SeijiSensei is offline   Reply With Quote
Old 2011-07-04, 23:53   Link #9
sa547
Senior Member
*Author
 
 
Join Date: Oct 2007
Location: Philippines
Age: 38
As a user of XP, Ubuntu and now Win7, let's get back to topic, shall we?

Quote:
Originally Posted by Marcus H. View Post
Hi, I think I might have stumbled upon something suspicious here.
My Mozilla Firefox v5.0 at times would have exactly 16 tabs open in a new window with the "Server not found" message after trying to access weird websites that starts with www. xn--*********.com or www. **unusual gibberish**.com or www. h.com. It would also open the folder containing My Documents.

Since I have no idea on what to do and I don't want to create a forum account just to ask about this, I've decided to ask here, hoping that someone else has encountered a similar problem.

Right now, I have downloaded HijackThis and MBAM, and is in the middle of a system scan using Avira AntiVir. And I have encountered the problem twice as of typing this post.
First, reboot the PC, then before Windows comes up press F8. There should be a menu in which you then select Safe Mode. Go there and then once the desktop appears try to run the antivirus utility you have there, along with Malwarebytes and other recommended tools (if possible). Once done and the viruses rooted out, you can restart again.

Otherwise if you need further help I suggest you can check out TipidPC (we speak our language, btw).
__________________
sa547 is offline   Reply With Quote
Old 2011-07-04, 23:54   Link #10
synaesthetic
blinded by blood
*Author
 
 
Join Date: Jun 2009
Location: Oakland, CA
Age: 30
Send a message via AIM to synaesthetic Send a message via Skype™ to synaesthetic
I love the Linux Live CD (or flash memory) option. It's so useful, I don't even need Backtrack actually installed on my laptop, just have it handy on an 8GB flash drive.
__________________
synaesthetic is offline   Reply With Quote
Old 2011-07-05, 01:38   Link #11
Tiberium Wolf
Senior Member
 
 
Join Date: Dec 2004
Location: Portugal
Age: 34
Strange that you can't find anything. Have tried uninstalling FF and then manual remove whatever profiles/folders are left (local and roaming, you gotta search? Maybe something hidden in there.
__________________
Tiberium Wolf is offline   Reply With Quote
Old 2011-07-05, 04:03   Link #12
-KarumA-
(。☉౪ ⊙。)
*Author
 
 
Join Date: Jul 2004
Location: In Maya world, where all is 3D and everything crashes
Age: 26
First thing I would do when scanning is nick out the network cable, some viruses that cause problems online cannot be removed if you stay online while scanning.

Go into safe mode, scan with malwarebytes, which you probably did.
Clear out temp files etc. with CCleaner.. there was another which I lost the link of that was also good
Also scan with combofix: http://www.bleepingcomputer.com/comb...o-use-combofix
-KarumA- is offline   Reply With Quote
Old 2011-07-05, 04:53   Link #13
Marcus H.
Hunk o' Burning Love
 
 
Join Date: May 2009
Location: the Philippines
I discover that there's so much margin of error for Combofix that I might make things worse by making mistakes.

Quote:
Originally Posted by ComboFix Guide
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
Worst case is that I'm handling a rootkit problem here, since the browser appears to try to access My Documents from the browser.

Quote:
Originally Posted by SeijiSensei
To follow up on syn's recommendation, burn this to a CD, put it in your drive and reboot. Choose the Try option. Your Windows installation will be left untouched.
Do I really need to install an entire operating system? I'm not really a fan of using multiple operating systems, and I'd probably delete it immediately because it would just be excess luggage.

EDIT: HijackThis hangs on Safe Mode (not on Safe Mode with Networking).
__________________
Marcus' Handpicked!
Autumn 2014: Log Horizon S2, Amagi Brilliant Park and Fate/Stay Night (2014).
Summer 2014: Hanayamata, Rail Wars!, Rokujouma no Shinryakusha!?, Sabagebu!, Gekkan Shoujo Nozaki-kun and Hanamonogatari.


Contact me on Wikia, MyAnimeList and Hummingbird.
MyAnimeList Status|| Watching: 36. Completed: 214. Plan to watch: 33.


Last edited by Marcus H.; 2011-07-05 at 06:09.
Marcus H. is online now   Reply With Quote
Old 2011-07-05, 07:49   Link #14
demonix
Senior Member
 
 
Join Date: Jul 2006
Location: Hayes, Middx UK
Age: 35
Send a message via Yahoo to demonix Send a message via Skype™ to demonix
Quote:
Originally Posted by Marcus H. View Post
Do I really need to install an entire operating system? I'm not really a fan of using multiple operating systems, and I'd probably delete it immediately because it would just be excess luggage.
You seem to have missed the point as it only runs in memory and doesn't touch the hard drive so once the computer is switched off the OS will no longer be available unless you boot the disc again.
demonix is offline   Reply With Quote
Old 2011-07-05, 09:00   Link #15
Marcus H.
Hunk o' Burning Love
 
 
Join Date: May 2009
Location: the Philippines
So it does not add something to the hard drive? If so, then I might just try it out.

Spoiler for PS:


Also, as of typing this post, I haven't experienced the suspicious pop-up problem.
__________________
Marcus' Handpicked!
Autumn 2014: Log Horizon S2, Amagi Brilliant Park and Fate/Stay Night (2014).
Summer 2014: Hanayamata, Rail Wars!, Rokujouma no Shinryakusha!?, Sabagebu!, Gekkan Shoujo Nozaki-kun and Hanamonogatari.


Contact me on Wikia, MyAnimeList and Hummingbird.
MyAnimeList Status|| Watching: 36. Completed: 214. Plan to watch: 33.

Marcus H. is online now   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 20:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.