X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Malware puts advertising at the bottom of the Firefox window.

Posted

My Firefox installation has banner ads at the bottom of the Firefox window I know do not belong to the websites I visit. My Firefox installation, and possibly my computer, is infected. The advertisement changes to different ones automatically, and eventually rotate back to begin at the first one again. When I scroll the webpage the advertisement banner remains at the bottom. The advertisements are animated to make them difficult to ignore.

It is also converting selected phrases in the text of the website I visit into links. When I put the cursor over these links advertising pops up.

The banners at the bottom of the screen say things such as:

 "Your PC performance is Poor."
 "Make your PC run Faster!"
 "Problems have been detected with your Flash Player version."
 "To view the video you need to upgrade Adobe Flash Player"
 "Catch the Roach for an opportunity to win an iPad 2!"

I need help removing this malware. I hope I will not have to reinstall the operating system.

I have done a scan using the Microsoft Security Essentials and Safety Scanner. This did not eliminate the problem.

Modified by spflanze

Chosen solution

I would recommend starting with Adwcleaner : http://www.bleepingcomputer.com/download/adwcleaner/, which should detect majority of browser - impacting adware. If problems continue, run Hitman Pro ( broad range and scanning with 5 AV engines) and Spybot S&D. Malwarebytes and SuperSpyware, on the other hand, is not really effective against adware in my opinion, but might help if there is trojan.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.6 r602
  • PDF-XChange Viewer Netscape Gecko Plugin
  • 5.1.20125.0
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • NPWLPG
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • LabVIEW 8.5 Netscape Plug-in for Win32

अप्लिकेशन

  • Firefox 20.0
  • उपयोगकर्ता: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
  • Support URL: http://support.mozilla.org/1/firefox/20.0/WINNT/en-US/

Extensions

  • Default Tab 1.4.4 (addon@defaulttab.com)
  • SelectionLinks 1.5 (plugin@selectionlinks.com)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)

जावास्क्रिप्ट

  • incrementalGCEnabled: True

आलेखी

  • adapterDescription: NVIDIA Quadro 600
  • adapterDescription2:
  • adapterDeviceID: 0x0df8
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterDrivers2:
  • adapterRAM: 1023
  • adapterRAM2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.1.7601.17789
  • driverDate: 7-25-2012
  • driverDate2:
  • driverVersion: 9.18.13.529
  • driverVersion2:
  • info: {u'AzureContentBackend': u'direct2d', u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA Quadro 600)
  • windowLayerManagerType: Direct3D 10

प्राथमिकता सुधारना

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.search.useDBForOrder: True
  • browser.startup.homepage_override.buildID: 20130326150557
  • browser.startup.homepage_override.mstone: 20.0
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 20.0
  • font.internaluseonly.changed: True
  • gfx.direct3d.prefer_10_1: True
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1365285679
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • privacy.sanitize.migrateFx3Prefs: True
  • security.csp.enable: False
  • security.OCSP.enabled: 0

विविध

  • उपभोक्ता JS: हाँ
  • उपलब्धता: नहीं
the-edmeister
  • Top 10 Contributor
  • Moderator
3197 समाधान 24405 उत्तर

Helpful Reply

Install, update, and run these programs in this order. They are listed in order of efficacy.
(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)
These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have.
Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.

Malwarebytes' Anti-Malware - http://www.malwarebytes.org/mbam.php
SuperAntispyware - http://www.superantispyware.com/
AdAware - http://www.lavasoftusa.com/software/adaware/
Spybot Search & Destroy - http://www.safer-networking.org/en/index.html
Windows Defender: Home Page - http://windows.microsoft.com/en-US/wi.../windows-defender
Also, if you have a search engine re-direct problem, see this:
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
http://bleepingcomputer.com

Giedrius_M 18 समाधान 157 उत्तर

Chosen Solution

I would recommend starting with Adwcleaner : http://www.bleepingcomputer.com/download/adwcleaner/, which should detect majority of browser - impacting adware. If problems continue, run Hitman Pro ( broad range and scanning with 5 AV engines) and Spybot S&D. Malwarebytes and SuperSpyware, on the other hand, is not really effective against adware in my opinion, but might help if there is trojan.

Question owner

I ran AdwCleaner first. It found many registry keys. It also found these folders:

  • C:\Program Files (x86)\OApps
  • C:\Program Files (x86)\SaveValet

In the OApps directory was the file: dler.exe

Then I ran Malwarebytes Anti-Malware which found: D2M-Precheck[1].exe (Trojan.MSIL)

All of the above were missed by Microsoft's Security Essentials.

The malware that was was putting the banner in the webpages I viewed was SelectionLinks. It is a FireFox plugin that was sneakily installed.

I am certain the above infections happened because of free software I had downloaded. I do not know which of them it was. I suspect one or more of them was downloaded from other than the official site for them.

I thank you for your help. I had some serious infections, especially dler.exe.

Modified by spflanze