Firefox problem

[JohnH]

I clicked on a link relating to cad A video window came up with a message
that before i could view it I had to down load a [?]
I saved it to disk. Now when I Click on firefox a Window comes up.
"You have chosen to open ig which is an application/octet stream for
http:/google.co.nz
what should firefox do with this application" Browsing has slowed
considerably.
Any ideas,
Thanks
John

 

[Bert Kinney]

Hi John,

Could you provide a link as an example?

Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
Member: http://dts-l.org

 

[Nightowl]

I clicked on a link relating to cad A video window came up with a message
that before i could view it I had to down load a [?]
I saved it to disk. Now when I Click on firefox a Window comes up.
"You have chosen to open ig which is an application/octet stream for
http:/google.co.nz
what should firefox do with this application" Browsing has slowed
considerably.
Any ideas,

John, have a look in Firefox Tools | Options, Main and see what your
homepage is set to. I wonder if it might possibly be iGoogle. If so, you
can change it back here to a default Mozilla page, one of your bookmarks
or a blank page (type about:blank in the box).

 

[JohnH]

The link is www.google.co.nz
The problem occurs when I try to open my google home page,
ig file is something to do with google homepage
As I can't get the google start page I type in www.yahoo.com and down the
bottom it says "opening us.js2.yimg.com"
Thanks
John

Hi John,

Could you provide a link as an example?

Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
Member: http://dts-l.org

I clicked on a link relating to cad A video window came up with a message
that before i could view it I had to down load a [?]
I saved it to disk. Now when I Click on firefox a Window comes up.
"You have chosen to open ig which is an application/octet stream for
http:/google.co.nz
what should firefox do with this application" Browsing has slowed
considerably.
Any ideas,
Thanks
John

 

[Guest]

If there is any chance the download has been launched/run, I would do a
spyware scan with Ad-aware or the like.

Also look under tools>extensions and look for any Firefox add-ons that
shoudln't be there.

Firefox itself is very well protected against web-based attacks, but the
fact is that on any browser, malware can still be installed by manually
downloading and launching it.

Demanding that 'plugins' be updated is a favorite ploy used by malware sites
to get you to install Trojans. Never accept any such offers, if you need the
latest Flash or whatever, type 'www.adobe.com' directly into the URL bar, so
you KNOW you're getting the update from the genuine source.

For the same reason I generally turn update-notification off, the problem is
not with the updates themselves, but with the fact that these popups might
also be from malware sites. You can't tell, and therein lies the problem.

I reckon it was a Very Bad Idea to give Javascript the capability of of
popping borderless windows, this gives malware authors the capability of
simulating OS dialogs to a very high degree of realism -exactly what they
need in order to dupe visitors into installing Trojans. When dialogs can
appear on your screen that might be from your OS, or might be from a
malicious website, and you cannot tell which, that is not a good situation.

 

[JohnH]

I did a system restore and it is back to normal. I'll take your advise.
According to my update history I have security update Firefox 2.0.0.6
(2007072518) installed 1 Jan 1970 31:00:00 Status undefined.
Thanks
John

 

[JohnH]

ogfile of HijackThis v1.99.1
Scan saved at 21:57:31, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\lgbpd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\system32\conime.exe
C:\Program Files\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} -
C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINDOWS\system32\lgbpd.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
Player\WMPNSCFG.exe
O8 - Extra context menu item: Post Image to Blog -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Search
Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help -
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help -
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) -
http://cyimg5.cyworld.nate.com/ImageUpload/CyImageUpload2.cab
O16 - DPF: {10B69FAD-B2F1-4DB0-BBEC-81DCC529F957} (BTWWebClient Control) -
http://download.banktown.com/kbstarActiveX/BTW-sToolkit.cab
O16 - DPF: {155571EC-5A3C-4E5F-A00D-DC243A83023B} (FDiImgUpload Control ?R?$B!H(B?g???[??)
- https://www.fdinet.fujifilm.co.jp/fdinet/activex/FDiImgUpload.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) -
http://jr.naver.com/comic/book/viewer/NHNComicViewer.cab
O16 - DPF: {24A04430-81DA-467A-BE87-774DFAECBBF6} (UlalaPhoto Control) -
http://cyimg8.cyworld.nate.com/storyRoom/CyImageResizeCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) -
http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {6F06A005-C6F0-4913-A480-BCBC51D5E10B} (AxUOU Class) -
http://uwin.ulsan.ac.kr/Portal/DownLoad/AxUOU(2.0.0.4).cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) -
http://emailimg.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client
Control) - http://img.kbstar.com/xecure/xw_install_v7050.cab
O16 - DPF: {916465E2-F906-4A14-9A91-261BA17CA6A1} (Actstop Control) -
http://stop.co.kr/program/install/actstop.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl
Control) - http://file.naver.com/down/NaverFile.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) -
http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) -
http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) -
http://www.hmall.com/ilkActx/ilkactx.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) -
http://update.nprotect.net/nprotect/module/npx.cab
O16 - DPF: {D885750C-6002-460E-A162-713400FB1FD4} (CActiveXFileCtrl
Control) - http://www.goalibaba.com/setup/CActiveXFileCtrl.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) -
http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) -
http://www.hmall.com/initech/plugin/INISafeWeb50.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) -
http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner -
C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Elmo]

C:\WINDOWS\system32\lgbpd.exe

This random filename isn't mentioned in a Google Groups search, so it's
probably malware:
http://groups.google.com/groups/search?q=lgbpd.exe&qt_s=Search+Groups

C:\WINDOWS\System32\PAStiSvc.exe

Appears to be Malware:
http://groups.google.com/groups/search?q=PAStiSvc.exe&start=20&sa=N&