This thread was archived. Please ask a new question if you need help.
Hidden windows opened in firefix by website infomoneyservice.com
After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory.
I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com.
It appears these pages were opened before, but in an hidden way, and they don't show in history.
It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way.
I think this problem is also related to some interceptions of google results.
URL of affected sites
All Replies (1)
Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address 126.96.36.199:80 [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN