Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Hidden windows opened in firefix by website infomoneyservice.com

  • 21 trả lời
  • 125 gặp vấn đề này
  • 416 lượt xem
  • Trả lời mới nhất được viết bởi nemesisinnotts

more options

After running firefox a long time, i close it. But it appeared that it was still opened using a large part of memory.

I kill firefox, then reopen it, and 4 windows open with blank pages on the website infomoneyservice.com.

It appears these pages were opened before, but in an hidden way, and they don't show in history.

It happened to me 5 or 6 times since 1 week before i wa able to reproduce some symptoms in a systematic way.

I think this problem is also related to some interceptions of google results.

URL of affected sites


Tất cả các câu trả lời (1)

more options

Hi All, I was called to help a friend who had this problem after a download related to a keygen exe. The pop ups [in Firefox AND IE] relate to predominantly nrg.exe, nrf.exe & nrh.exe. I used Zonealarm Extreme Security to find the source of the outgoing traffic. A program called Onex autoconnects to an IP address [www.fiwijo.com] which in turn executes the three .exe's above. Bottom Line - get ZA or your Firewall to "Kill" Onex and a program called hbppro - these also recruit the Windows Command Processor. Interestingly nrg.exe lives here..... C:\Users\YourName\AppData\Local\Temp. Sure as eggs are eggs though, Zonealarm logs it and until I killed the exes manually and set up a Firewall rule, the pop ups continued!!! The .exe's were NOT seen as malicious by ANY of my anti-virus programs so I had to manually set the rules to block [kill] the auto-connections. This is the end destination for the executable...... http://www.ip-adress.com/ip_tracer/mpr2.ngd.vip.ch1.yahoo.com - it seems to be a "Product Brand Protection" company on reverse IP/WHOIS lookup. Hope that helps, NIN

  1. 1
  2. 2