Firefox can't access certain pages!

User Help for Mozilla Firefox
Hoz Guest
Guest

Post by Hoz Guest »

I encountered the same problem. I'm not sure when it happened exactly but it was on the same day I downloaded a huge file and my firewall started getting attacks that it was blocking. After I installed the program BOClean said one of the files pointed to patched.exe in my temp folder that was a trojan horse, I told it to remove it. The program had me install a driver but I also remember firefox updating itself right around the same time when all this started. It seems to only block certain sites.. hotmail.com, myspace, it will let me go to google but wont let me search.. after starting in safe mode and deleting the 2 DLL files that show up in my msconfig startup, disconnect and reboot i get a window that pops up a few times saying drive A is open and that it needs to be closed. At the top it says something like Rundll microsoft C++. I also noticed winsocket 32 keeps accessing the internet along with explorer.exe and explorer keeps listening to port 8012. I'm almost thinking theres a script on the computer disguised as something because nothing I run finds anything wrong except adware finds 50-100 infections each time usually.. but just cookies for tracking mostly... I just cant pinpoint where all this is coming from. Theres something hidden on the computer somewhere!! I block internet traffic and delete the DLL files and it is still trying to access the internet.
thedrakester
Guest

VERY frustrated

Post by thedrakester »

I am at a loss and very frustrated. I am also having a site access issue that started with the 4/13 update of firefox, that also affects both IE and Safari, but I only have an issue with amiestreet.com. When the problem started I thought that their servers were down...so I googled their offices and called them directly...their tech staff was baffled...we went thru several possible things including a trace route between our IP addresses...after that I went to my ISP's and to Dell's tech support...both had no clue.

This is what I have learned...I can access amiestreet.com and can navigate the site and even purchase music, but I cannot dl anything and I cannot use their internal music player(and sometimes their internal messaging service)...once I do either of those things the site appears to lock up...and I have to cancel the dl/close the player and then restart whatever browser in order to get back into the site. I said "appears to lock up" because it doesn't...the bit rate transfer drops to 1-5 kbps...basically that means that an album uploading to the player or downloading to my computer can take about 22-35 DAYS to transfer. This started on 4/13...for 4 days I couldn't access amiestreet until I realized I had to restart firefox. On the 16th I dl'd 400 songs from e-music in about 90 minutes.

This is what I have done based on these pages and with suggestions from friends and from amiestreet's tech dept...Removed realplayer, updated java and flash, as well as my winzip program...that's what I use to unzip the amie files, cleaned my cache and my cookies, run my Avira security suite, closed that dl'd Avast and run that scan, removed that program, reloaded my adaware and run that scan, run xoftspy, regedit and crapcleaner...my computer is so clean it squeaks. I have also done a disk clean and a defrag on both hard drives and gone into msconfig and found nothing out of the ordinary. I have also checked settings in Avira and in my adblock program...usually restarting the computer after each step...no trojans, viruses, odd files, etc.... Have also run dell's driver reset tool, microsft's malicious software removal tool and windows defender...nothing!!!!!

ANY suggestions at this point would be greatly appreciated! thedrakester in Atlanta, GA
Gangleri
Guest

Rogue .dll

Post by Gangleri »

I just thought I'd write what sweeps I did, the ones that found and removed the nasty virus egg-layer (though not the egg itself, see earlier post), as well as where to find the software.

AVG antivirus - http://free.grisoft.com/

Ad-aware - http://www.lavasoft.com/

Spybot - Search and Destroy - www.safer-networking.org/

This removed the malware/virus, but not the .dll that was still in the Sytem32-folder

After cleaning these out, I used Hijackthis! to remove the .dll from the registry:

http://www.trendsecure.com/portal/en-US ... hijackthis

Those of you that are experiencing a return of the problem after getting rid of the .dll probably still have the actual virus-carrier on your computer, so as soon as the .dll is removed, it'll just lay a new one down. AVG did NOT find and delete this particular virus, and from what I can see, other AV's are the same. Use Ad-aware and Spybot search and destroy.

Hope that helps!
frustrated user
Guest

Post by frustrated user »

I have just got home and there were 65 blank IE pages open, and that after AVG scan this morning.
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post by LoudNoise »

What does this have to do with Firefox?
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
frustrateduser
Guest

Post by frustrateduser »

LoudNoise wrote:What does this have to do with Firefox?


I don't use Internet explorer. This thread is about some sort of malware or virus that is causing problems on Firefox, and is also effecting other browsers!
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post by LoudNoise »

Oh, what suggestions have you tried?
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
frustrateduser
Posts: 1
Joined: April 28th, 2008, 9:44 am

Post by frustrateduser »

AVG and Lavasoft scans + Hijack this.
Guest
Guest

Re: Rogue .dll

Post by Guest »

Gangleri wrote:I just thought I'd write what sweeps I did, the ones that found and removed the nasty virus egg-layer (though not the egg itself, see earlier post), as well as where to find the software.

AVG antivirus - http://free.grisoft.com/

Ad-aware - http://www.lavasoft.com/

Spybot - Search and Destroy - www.safer-networking.org/

This removed the malware/virus, but not the .dll that was still in the Sytem32-folder

After cleaning these out, I used Hijackthis! to remove the .dll from the registry:

http://www.trendsecure.com/portal/en-US ... hijackthis

Those of you that are experiencing a return of the problem after getting rid of the .dll probably still have the actual virus-carrier on your computer, so as soon as the .dll is removed, it'll just lay a new one down.

AVG did NOT find and delete this particular virus, and from what I can see, other AV's are the same. Use Ad-aware and Spybot search and destroy.

That's very interesting, Gangleri. I have this same virus (or something similar) on my system, and so far have not been able to identify or remove it.

I would be interested in learning how you recognize this virus, and any of the file names you know that it goes by.

I've run a Spybot S&D scan and removed the items it came up with, but apparently that hasn't found this virus. I've also run Avast and an AdAware SE scan, but come up with nothing. Suppose I'll have to break down and download the AdAware 2007 version, which I understands runs much slower. I've also run Spyware Terminator, but it found nothing also.

It's likely that the .dll is still in the registry, although for the life of me I wouldn't know it if I saw it. How do you identify this virus? I downloaded the hijackthis tool and have run it, but do not know how to identify what is good and what is bad as far as .dll files are concerned. Any advice (from anyone) how to do this?

So it resides in the System32 folder. That's a start. Thanks.
Thom01
Posts: 1
Joined: April 28th, 2008, 10:20 am

Re: Rogue .dll

Post by Thom01 »

Guest - Thom01 wrote:That's very interesting, Gangleri. I have this same virus (or something similar) on my system, and so far have not been able to identify or remove it.

I would be interested in learning how you recognize this virus, and any of the file names you know that it goes by.

I've run a Spybot S&D scan and removed the items it came up with, but apparently that hasn't found this virus. I've also run Avast and an AdAware SE scan, but come up with nothing. Suppose I'll have to break down and download the AdAware 2007 version, which I understands runs much slower. I've also run Spyware Terminator, but it found nothing also.

It's likely that the .dll is still in the registry, although for the life of me I wouldn't know it if I saw it. How do you identify this virus? I downloaded the hijackthis tool and have run it, but do not know how to identify what is good and what is bad as far as .dll files are concerned. Any advice (from anyone) how to do this?

So it resides in the System32 folder. That's a start. Thanks.

Sorry, I thought my log in had taken before I sent this message. Apparently it did not.
User avatar
LIMPET235
Moderator
Posts: 39936
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Post by LIMPET235 »

LIMPET235 wrote:No-one has mentioned going to a virus removal site for help with this beast.
Maybe if you go to any of these, you may get the required assistance...
http://castlecops.com/
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://forums.spywareinfo.com/
Only post on one forum.
These guys do this all the time, so be patient & thorough..


This is the recommended procedure for any virus/trojan etc., you might have trouble with.
They will help with interpreting your HJT log file.
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.

(Always choose the "Custom" Install.)
thedrakester
Guest

Post by thedrakester »

I posted a few days ago with an issue about amiestreet.com...have tried all previous and recent suggestions...I have no viruses or trojans and can't find any dll files that are causing a problem.....any others that use amie and firefox...have you had problems! VERY FRUSTRATED!
JacknCoke
Posts: 2
Joined: May 1st, 2008, 5:28 pm

Post by JacknCoke »

Had this problem today, didn't stop till I solved it: http://forums.mozillazine.org/viewtopic ... 16#3358116
Little_kratzui
Guest

Same problem - SOLVED!

Post by Little_kratzui »

The ONLY thing that gets rid of this horrid version of the Trojan "Vundo" is an anti-spyware software called "Spybot - Search & Destroy".



GET IT IF YOU HAVE THIS PROBLEM!
Status report
Guest

Re: Firefox can't access certain pages!

Post by Status report »

I found that my computer started to have problems such as the mouse would lag during processing, explorer.exe would crash randomly when browsing the interface, and the computer would freeze when processing a lot at once.

None of those problems happened to me until shortly after 4/13, Yahoo! will not load and Google loads ONLY the main page, GMail or searching will sit around at "Waiting for <website>...", however I managed to already have Windows Safari (from Apple) installed before any of these problems, so today I found this weird advertising javascript code in ALL of the pages I'd visit (no matter what website or page), I also previously noticed that rundll32.exe's were being ran when my computer started.

Before I noticed the strange javascript code, AVG 7 didn't detect anything, I upgraded to AVG 8 and it kept complaining about those randomly named dll's inside the system folder, I let it do it's fix/quarantine and it said it fixed it and everything was OK but shortly (about a minute) later, the same dialog would pop up, but with a different DLL name, this bugged the crap out of me so I uninstalled AVG 8.

Later, after detecting the javascript code, I continued what I was doing on the computer, then after completing my work, I decided it's time to fix this problem once and for all. So I went to Command Prompt hoping it would hold information when I did "netstat -ao" which basically tells you everything about all your network connections (e.g. MYPC:<port> to <website>:http) and thanks to the 'o' parameter, it also would show which application program was using that connection, I later found explorer.exe was listening on port 8012, I connected Firefox to 127.0.0.1:8012 and it kept saying that it never got a response from the remote host, so I went to google using Firefox and tried to search for "explorer.exe port 8012", I waited and waited (just like everyone else), finally I closed out Firefox and went to Windows Safari, I went to google and did the search, I turned up this page.

After reading, I opened regedit and went to the "HKLM\SOFRWARE\Microsoft\Windows\CurrentVersion\Run" and tried to remove 2 entries (there we 2 rundll's being ran at startup, and 2 entries at this part of the windows registry), one entry was removed, and I thought I removed the other, but when I refreshed the directory, it was there again, so I read further, went into Safe Mode with Networking, removed the entry (this time it actually was gone), after that I went into Command Prompt and removed the file from the system folder (which was previously "Access is denied" when I wasn't in Safe Mode), now I'm posting here and I am about to restart the computer, and do any more other "work" which may lie ahead.

I don't think the DLL name matters considering it's randomly created.

I never did try the System Restore, I've never used System Restore before either, hehe.

[ Reboot ]

OK so now I booted up and logged in, I checked the processes tab in Task Manager and rundll32.exe never executed, and I no longer see any issues. Google works, Yahoo! works, no weird javascript code at the bottom of any page's source, and the speed of my computer has increased a bit.

Hope this information helps anyone else with these problems everyone is having.
Locked