# help me.. virus... not able to open mozilla



## the.kaushik (Apr 24, 2007)

this is the symptoms:
when i open mozilla firefox it opens and closes and  error comes: 
"I DNT HATE MOZILLA BUT USE IE OR ELSE..."

and at any place if i write "ork*ut" it says "or*kut is banned you fool,The administrators didnt write this program guess who did? MUHAHAHA!!" and a  sound at back.

i wrote or*kut with " * " because if i have writen without it my explores had been closed.. even i rename a file with the same without * then it also gives error.. what a hell.. i already formated and again it came from a friends pendrive.. already this explore closed 2 times as i spelled ork*ut without * while writing this post..  

i have tried avast,avg7,norton 2007 and was of no use..

also if i do "show hidden file" it wont work.

i attached my n80 as usb drive to my pc and a file is in it with name "...dll.vbs". this file i cant see in my pc but i can see in my mobile with file explorer.. what should i do.. all my friends pcs are infected.. 
pls help


----------



## anandk (Apr 24, 2007)

hey this ones new to me  c if this helps *groups.google.com/group/mozilla.su...fea68c3d267/3b33a65285809b9e#3b33a65285809b9e

generally speaking scan with ur AV (adaware/avg as/etc) in SAFE MODE. runn ccleaner and then reboot. if problm stl persists post ur hjt log.


----------



## abhijangda (Apr 24, 2007)

.vbs file is visual basic script it can also b a virus. Your computer is infected by a spyware. So use spybot and ad-aware.


----------



## the.kaushik (Apr 24, 2007)

ya i tried without spy doctor and no sign of any problem!!!
 what to do? not only me.. all my college computer and friends computer got affected!

shall i post a hjt log.. can anyone say how to do that after installing the softare

my hijak this log file! experts of hijack this can pls help me?

Logfile of HijackThis v1.99.1
Scan saved at 8:42:36 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\utorrent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\n80\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21A6D4D4-9B52-4692-B68C-FD2CC3315A30}: NameServer = 202.144.95.4,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{21A6D4D4-9B52-4692-B68C-FD2CC3315A30}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


----------



## boosters (Apr 25, 2007)

first of all you have to remove all new install program and than run Online Bitdefender Scan from Internet Explorer. They must burn this virus.


----------



## nasa42 (May 10, 2007)

*img168.imageshack.us/img168/5678/idonthatemozillabutuseiak7.jpgYes I too had the same problem - 
Here what you can do.
open task manager, by clicking ctrl+alt+del.
Goto process tab and click on "Image Name" so that all processes are arranged in alphabetical order.
Now select the process, whose Image name is svchost.exe and User Name is {Windows Account Name}, and kill them by clicking on End Process button.
Be sure that you dont kill other svchost.exe process having User Name SYSTEM, LOCAL SERVICE, NETWORK, otherwise your system will shutdown.
Now using a search engine, look for a folder starting with name "heap" (in my case it was c:\heap41a ), this folder will be containing files svchost.exe and some text files. Just delete them.
Now start Firefox, this should have solved the problem.
Happy killing !!


----------



## cooljeba (May 19, 2007)

even I got stuck with this virus recently. I have blogged the steps on how to remove this virus step by step and to remove all traces of this virus.
Hope you will find it useful.
*www.jeba.in/posts/w32usbworm-lets-remove-this-worm-manually/

..:: Peace ::..
Jeba


----------



## vrnoormd (May 19, 2007)

Thank u Cooljeba for the instructions,

I have done it. i removed that.


----------



## NIGHTMARE (Jul 14, 2007)

my firefox not saving my site passwords and remember password for sites is enable


----------



## Vishal Gupta (Jul 14, 2007)

^^ Goto "*Tools -> Options -> Security*" and make sure that "*Remember passwords for sites*" is enabled.


----------



## NIGHTMARE (Jul 14, 2007)

yes this option is already enable


----------



## Liggy (Jul 14, 2007)

the.kaushik said:
			
		

> i have tried avast,avg7,norton 2007 and was of no use..


It is not wise to have more then one AV scanner on system at one time, they conflict with each other and let some bad 'thingies' through,  try nasa42 solution, and cooljeba's blog to remove reg entries,


----------



## hpotter606 (Aug 30, 2007)

If nothing works, download security task manager and just quarantine the process. The danger level shown by security task manger is very high for it. then deleter the folder containing the file. You can find the path in security task manager...


----------

