X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Hidden windows opened in firefix by website infomoneyservice.com

Được đăng

After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory.

I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com.

It appears these pages were opened before, but in an hidden way, and they don't show in history.

It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way.

I think this problem is also related to some interceptions of google results.

URL of affected sites

http://infomoneyservice.com

After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory. I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com. It appears these pages were opened before, but in an hidden way, and they don't show in history. It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way. I think this problem is also related to some interceptions of google results. == URL of affected sites == http://infomoneyservice.com

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • -Adobe PDF Plug-In For Firefox and Netscape "9.3.3"
  • Shockwave Flash 10.1 r53

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

Thông tin chi tiết

nothing found on that

nemesisinnotts 0 giải pháp 1 câu trả lời
Được đăng

Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address 64.20.63.58:80 [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN

Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address 64.20.63.58:80 [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN