X
Tap here to go to the mobile version of the site.

Support Forum

Hidden windows opened in firefix by website infomoneyservice.com

Posted

After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory.

I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com.

It appears these pages were opened before, but in an hidden way, and they don't show in history.

It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way.

I think this problem is also related to some interceptions of google results.

URL of affected sites

http://infomoneyservice.com

After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory. I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com. It appears these pages were opened before, but in an hidden way, and they don't show in history. It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way. I think this problem is also related to some interceptions of google results. == URL of affected sites == http://infomoneyservice.com

Additional System Details

Installed Plug-ins

  • -Adobe PDF Plug-In For Firefox and Netscape "9.3.3"
  • Shockwave Flash 10.1 r53

Application

  • User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

More Information

nothing found on that

nemesisinnotts 0 solutions 1 answers

Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address 64.20.63.58:80 [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN

Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address 64.20.63.58:80 [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN