Guest JohnH Posted September 6, 2007 Posted September 6, 2007 I clicked on a link relating to cad A video window came up with a message that before i could view it I had to down load a [?] I saved it to disk. Now when I Click on firefox a Window comes up. "You have chosen to open ig which is an application/octet stream for http:/google.co.nz what should firefox do with this application" Browsing has slowed considerably. Any ideas, Thanks John
Guest Bert Kinney Posted September 6, 2007 Posted September 6, 2007 Re: Firefox problem Hi John, Could you provide a link as an example? Regards, Bert Kinney MS-MVP Shell/User http://bertk.mvps.org Member: http://dts-l.org JohnH wrote: > I clicked on a link relating to cad A video window came up with a message > that before i could view it I had to down load a [?] > I saved it to disk. Now when I Click on firefox a Window comes up. > "You have chosen to open ig which is an application/octet stream for > http:/google.co.nz > what should firefox do with this application" Browsing has slowed > considerably. > Any ideas, > Thanks > John
Guest Nightowl Posted September 6, 2007 Posted September 6, 2007 Re: Firefox problem JohnH <1234@nospam.com> wrote on Thu, 6 Sep 2007: >I clicked on a link relating to cad A video window came up with a message >that before i could view it I had to down load a [?] >I saved it to disk. Now when I Click on firefox a Window comes up. >"You have chosen to open ig which is an application/octet stream for >http:/google.co.nz >what should firefox do with this application" Browsing has slowed >considerably. >Any ideas, John, have a look in Firefox Tools | Options, Main and see what your homepage is set to. I wonder if it might possibly be iGoogle. If so, you can change it back here to a default Mozilla page, one of your bookmarks or a blank page (type about:blank in the box). -- Nightowl
Guest JohnH Posted September 6, 2007 Posted September 6, 2007 Re: Firefox problem The link is http://www.google.co.nz The problem occurs when I try to open my google home page, ig file is something to do with google homepage As I can't get the google start page I type in http://www.yahoo.com and down the bottom it says "opening us.js2.yimg.com" Thanks John "Bert Kinney" <bert@NSmvps.org> wrote in message news:OvziQiD8HHA.5456@TK2MSFTNGP05.phx.gbl... > Hi John, > > Could you provide a link as an example? > > Regards, > Bert Kinney MS-MVP Shell/User > http://bertk.mvps.org > Member: http://dts-l.org > > > JohnH wrote: >> I clicked on a link relating to cad A video window came up with a message >> that before i could view it I had to down load a [?] >> I saved it to disk. Now when I Click on firefox a Window comes up. >> "You have chosen to open ig which is an application/octet stream for >> http:/google.co.nz >> what should firefox do with this application" Browsing has slowed >> considerably. >> Any ideas, >> Thanks >> John
Guest Anteaus Posted September 6, 2007 Posted September 6, 2007 Re: Firefox problem If there is any chance the download has been launched/run, I would do a spyware scan with Ad-aware or the like. Also look under tools>extensions and look for any Firefox add-ons that shoudln't be there. Firefox itself is very well protected against web-based attacks, but the fact is that on any browser, malware can still be installed by manually downloading and launching it. Demanding that 'plugins' be updated is a favorite ploy used by malware sites to get you to install Trojans. Never accept any such offers, if you need the latest Flash or whatever, type 'www.adobe.com' directly into the URL bar, so you KNOW you're getting the update from the genuine source. For the same reason I generally turn update-notification off, the problem is not with the updates themselves, but with the fact that these popups might also be from malware sites. You can't tell, and therein lies the problem. I reckon it was a Very Bad Idea to give Javascript the capability of of popping borderless windows, this gives malware authors the capability of simulating OS dialogs to a very high degree of realism -exactly what they need in order to dupe visitors into installing Trojans. When dialogs can appear on your screen that might be from your OS, or might be from a malicious website, and you cannot tell which, that is not a good situation.
Guest JohnH Posted September 6, 2007 Posted September 6, 2007 Re: Firefox problem I did a system restore and it is back to normal. I'll take your advise. According to my update history I have security update Firefox 2.0.0.6 (2007072518) installed 1 Jan 1970 31:00:00 Status undefined. Thanks John "Anteaus" <Anteaus@discussions.microsoft.com> wrote in message news:C7C6E739-2DB1-463F-B7A5-2E733C2DF444@microsoft.com... > If there is any chance the download has been launched/run, I would do a > spyware scan with Ad-aware or the like. > > Also look under tools>extensions and look for any Firefox add-ons that > shoudln't be there. > > Firefox itself is very well protected against web-based attacks, but the > fact is that on any browser, malware can still be installed by manually > downloading and launching it. > > Demanding that 'plugins' be updated is a favorite ploy used by malware > sites > to get you to install Trojans. Never accept any such offers, if you need > the > latest Flash or whatever, type 'www.adobe.com' directly into the URL bar, > so > you KNOW you're getting the update from the genuine source. > > For the same reason I generally turn update-notification off, the problem > is > not with the updates themselves, but with the fact that these popups might > also be from malware sites. You can't tell, and therein lies the problem. > > I reckon it was a Very Bad Idea to give Javascript the capability of of > popping borderless windows, this gives malware authors the capability of > simulating OS dialogs to a very high degree of realism -exactly what they > need in order to dupe visitors into installing Trojans. When dialogs can > appear on your screen that might be from your OS, or might be from a > malicious website, and you cannot tell which, that is not a good > situation. > >
Guest JohnH Posted September 6, 2007 Posted September 6, 2007 Are any of these suspect? Are any of these suspect? ogfile of HijackThis v1.99.1 Scan saved at 21:57:31, on 06/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\lgbpd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat C:\WINDOWS\system32\conime.exe C:\Program Files\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINDOWS\system32\lgbpd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg5.cyworld.nate.com/ImageUpload/CyImageUpload2.cab O16 - DPF: {10B69FAD-B2F1-4DB0-BBEC-81DCC529F957} (BTWWebClient Control) - http://download.banktown.com/kbstarActiveX/BTW-sToolkit.cab O16 - DPF: {155571EC-5A3C-4E5F-A00D-DC243A83023B} (FDiImgUpload Control ?R?�$B!H�(B?g???[??) - https://www.fdinet.fujifilm.co.jp/fdinet/activex/FDiImgUpload.cab O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer/NHNComicViewer.cab O16 - DPF: {24A04430-81DA-467A-BE87-774DFAECBBF6} (UlalaPhoto Control) - http://cyimg8.cyworld.nate.com/storyRoom/CyImageResizeCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab O16 - DPF: {6F06A005-C6F0-4913-A480-BCBC51D5E10B} (AxUOU Class) - http://uwin.ulsan.ac.kr/Portal/DownLoad/AxUOU(2.0.0.4).cab O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://emailimg.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://img.kbstar.com/xecure/xw_install_v7050.cab O16 - DPF: {916465E2-F906-4A14-9A91-261BA17CA6A1} (Actstop Control) - http://stop.co.kr/program/install/actstop.cab O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10 O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.hmall.com/ilkActx/ilkactx.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab O16 - DPF: {D885750C-6002-460E-A162-713400FB1FD4} (CActiveXFileCtrl Control) - http://www.goalibaba.com/setup/CActiveXFileCtrl.cab O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.hmall.com/initech/plugin/INISafeWeb50.cab O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Guest Elmo Posted September 6, 2007 Posted September 6, 2007 Re: Are any of these suspect? Re: Are any of these suspect? JohnH wrote: > C:\WINDOWS\system32\lgbpd.exe This random filename isn't mentioned in a Google Groups search, so it's probably malware: http://groups.google.com/groups/search?q=lgbpd.exe&qt_s=Search+Groups > C:\WINDOWS\System32\PAStiSvc.exe Appears to be Malware: http://groups.google.com/groups/search?q=PAStiSvc.exe&start=20&sa=N& -- Joe =o)
Recommended Posts