Firefox is infected with trojan-BNK.WIN.32.keylogger

Similar Messages

• I have been toldfirefox by win2011 that p.c. infected with trojan-bnk.win32 keylogger.gen,kapersky says not.

  win total security 2011 keeps poping up when I log on to firefox stating firefox is infected with the following (trojan - bnk.win 32 keylogger.gen.and also that I have 27 serious issues.I have done a total check using Kaspersky pure 9..0.1.24 which says eveything is clean.
  steve

  I am using ComboFix for a long time. Not so long ago, I was frequently  cleaning the PC of my friends, acquaintance or friends of my friends, as I am living in region of the world were people extremely rare buy antivirus software, but are surfing on thousands of infected websites and opening all the spamware links from IM chats or social networks messaging. There were no problems if the current antivirus is uninstalled. Not stopped from processes, but uninstalled. Also I would like to inform you that on really heavy infected machines there is no antivirus that can help you. Scanning could take not hours, but days, and the final result will be the same as it was at the beginning. Online scanners a even worse. It is impossible to clean an infected PC, connected to the internet and with all processes active. ComboFix will scan your PC in 20-30 minutes, depending on how much is infected. In my experience there were no problems with loosing any data. I had some difficulties when I did not removed AVG, just stopped it, and my internet connection was down after cleaning. (Combofix is disconnecting the PC from the internet during scanning). Flushing the DNS and updating the afd.sys repaired my connection. 
  At this moment ComboFix for me is the best malware remover. It is up to you to try it or not. 

• Both pcs are infected with trojans - is my router?

  Hi.  Both my desktop and now my notebook are infected with trojans.  I recently found that my desktop has two trojans.  My notebook which uses the router for connection was found to have a tojan today.   I am trying to keep both unhooked from the internet but I will have to connect up when I need to download programs to try to clean the pcs (I am hoping to find someone who will help get these off since I do not know how - as of now the infected files have been quarantined by my anti-virus programs).  When I connect up the desktop, I take the notebook off the connection and vice versa.  But what I am wondering is can the router itself have the viruses that is infecting the other pc and then spread it to the one I connect up with?  I ask this because at the momemt both pcs have different named trojans.   Just a week ago my bank account was drained from an unauthorized charge and I am now wondering if the info they got to do this is not stemming from the viruses I have found.
  Any help would be appreciated. 

  Hi.  I was not asking if it was my router that caused the viruses, I was asking is my router now infected or can be now that I have trojans on both pcs.  I want to know this because I am worried that when I connect with my desktop to try to find help to clean it and then I unconnect to connect my laptop up to do the same, is the viruses that they both have going to be stored in the router somehow and then infect the pc when it is connected to the router?
  Both pcs are protected, I thought, both have Avast anti-viruse, both have firewalls. 
  Message Edited by DevA on 01-14-2010 01:40 PM

• Firefox was infected with a virus or spywar and now tries to pop up a certain site every time I load a new page or refresh.

  A few days ago my computer was infected with a virus from my antivirus license running out without me knowing it. Ever since then every time I load a page in firefox or refresh it a pop up window to a site that my ESET antivirus blocks comes up. This will not stop and I can't figure out how to fix it. I've deleted all temporary files on my comp and tried reinstalling firefox from scratch and still won't go away. I'm running out of things to try and not sure what to do. Any help would be greatly apreciated.

  Do a malware check with a few malware scan programs.<br />
  You need to use all programs because each detects different malware.<br />
  Make sure that you update each program to get the latest version of the database before doing a scan.
  * http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  * http://www.superantispyware.com/ - SuperAntispyware
  * http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  * http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  * http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and [[Searches are redirected to another site]]
  If you can't fix it with the above listed scanners then you need to ask advise on one of the forums that specialize in malware removal mentioned in the <i>Popups_not_blocked</i> article.

• URGENT - ARE LATEST VERSIONS OF FIREFOX DOWNLOADS INFECTED WITH MALWARE/ADWARE?

  It is VERY URGENT that the following is looked into by Mozilla Firefox and anyone else who uses this browser, as it would appear that the latest installation downloads from Mozilla Firefox (GB-EN) for versions 28.0 and 29 (and quite possibly previous versions) ARE THEMSELVES INFECTED with malware/adware. This is the only conclusion I can come to after repeated resets of my computers to factory settings, and everything is fine until I re-download Mozilla Firefox and select it as default browser, then the following happens when my Office 365 account is accessed:
  In Office 365, if I select the 'File' menu and 'Office Account', then click on the 'Manage Account' button, TWO tabs on the default browser (if it is Firefox) are opened and the SECOND tab is a malware/adware page, usually called something like www.74f.com or another URL or server with a number, and sometimes this has an email address on the adware page that opens. This only happens when Mozilla Firefox is the default browser - it does not happen in Internet Explorer. In IE, the second tab is the correct tab for the Account in Office 365.
  This has caused me to do repeated resets to factory default settings on my two laptops, one running Windows 8.1 64 bit and one running Windows 7 64 bit, and everything is fine when re-installation of all programs is complete and IE is the default browser. As soon as Mozilla Firefox is downloaded - the latest versions 28 or 29, and Firefox is set as the default browser, the malware/adware tab reopens in Office 365, as above.
  On doing a search on what www.74f.com is, it appears to be registered on servers in China.
  The malware/adware seems to be directly connected with the download and installation of the latest versions of Firefox. PLEASE INVESTIGATE URGENTLY - as although Firefox has always been my favourite browser, there is no way I am ever going to use it again unless this is solved, as I am fed up with doing factory resets of my computers to solve this. Each time I re-install Firefox it happens again, to a previously clean system.

  First - Relax
  So to clarify what the issue is. What apparently no one of our IT experts could figure out in a YEAR!
  If you trace everything with Procmon you will see that this is a simple issue of not putting Quotation marks around Command line arguments.
  That is what Office is executing as you click that "Manage Account" button.
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F
  So there is a MachineKey generated with a space in it.
  What happens if you execute this in cmd… Correct – Firefox will assume that 66F is a 2nd argument in this case a URL and translate it to www.66f.com after not finding a DNS record for 66F in the local environment.
  Of course ChinaHackers will figure this out too and maybe use this… but then I couldn’t find anything strange with the 66f website.
  As in this case: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" FirstTab 2ndTab
  This is not a Firefox issue MS should just bloody put his Urls in Quotation marks!
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" “http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F”
  Now feel free to write Microsoft and tell them thanks for wasting 15min of my day.

• Anyone recieved emails infected with trojan which wouldn't delete?

  I received two emails, both with similar headings: "Love letter from your Girlfriend" or something like that and both with attachments. As soon as I tried deleting them Trend Smart Surfing came up saying it had found numerous issues and couldn't quarantine them. Trend listed a couple different Trojans. I continued attempting to delete the emails however every time I did a pop up message from iMail says can't move email failure to connect with something. Now Trend is coming up saying that the Trojan is in my Time Capsule and I'm starting to get a little concerned!!
  Has enyone had a similar experience or know of how I can get rid of this bloody thing?
  I guess I should mention I have the Trend Smart Surfing (as mentioned above) and also MacKeeper for security. Strangely, MacKeeper's scans are coming up clean!
  If anyone could offer some advise I would be very, very grateful!

  Hello:
  Opinion is sometimes worth what you pay for it and mine is free
  FWIW, here is my view after reading both of your posts.
  Nothing has "infected" your Mac unless that A/V package you installed did something "under the covers" that neither of us is aware of.  I have never heard of an E-mail that was not opened ever causing a problem. 
  I did a little research on the file suffixes you posted:
  .AW is a Microsoft suffix (figures).  No Apple could open it, ever - anymore than an Apple could open the dreaded .exe Microsoft files.
  http://www.filesuffix.com/extension/aw.html
  I couuld find nothing at all about an "EKD" suffix....there was something about an "EKG" suffix.
  Upon trying to delete them a message from iMail came up saying it couldn't connect to server or something and couldn't move the emails.
  Is "iMail" referring to Apple's Mail application?  If so, that probably relates to something that was done in the overall activities you describe - what, I do not know.
  "My concern now is obviously what they may have done, infected etc. and also why I keep getting these scan logs saying I've got Trojans when apparently there are NO viruses that affect a Mac running OS X - none."
  IMHO, the messages and whatever they found are bogus and useless.  The A/V program is scanning (and apparently) found something that certainly does not affect a Mac running OS X (the last part of your statement is my original observation and is quite true).
  In summary (again IMHO) you have no problem.  If I were you (and I am not) I would uninstall the A/V software.  If you are really worried, reinstall OS X (you should, of course, have a good backup first).
  Barry

• I believe Firefox is infected by a trojan virus, I run a complete virus scan but it does not pick up anything

  I believe the virus is associated with firefox, I run a complete scan using McAfee, anti virus, but it shows up nothing. Firefox constantly shows no responding signs, then it will be normal again. Or I have to go into task manager and end firefox.
  There is a fake transaction from my bank account, is there anyway I an remove the trojan?

  Hi leehuiling
  try with a few malware/virus scan programs. You need to use all programs because each detects different malware. Make sure to update each program to get the latest version before doing a scan.
  http://housecall.trendmicro.com/ - Trendmicro online
  http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  http://www.superantispyware.com/ - SuperAntispyware
  http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  http://www.microsoft.com/windows/antivirus-partners/windows-7.aspx
  check also for a rootkit infection with TDSSKiller.
  http://support.kaspersky.com/viruses/solutions?qid=208280684
  thank you

• HT5228 How can I tell if my  computer has been infected with the Trojan?

  How can I tell if my computer has been infected with this latest Trojan (or with any Trojan)?  I did install the latest update to Java when I was told by my iMac that new software was available for my computer, which was just 2 or 3 days ago (first week of April).  Now it is being said that there was a Java Trojan.
  Many thanks for any replies!

  Log out and log back in, if you haven’t done so recently. Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.
  Step 1
  Copy or drag — do not type — the line below into the Terminal window, then press return:
  launchctl getenv DYLD_INSERT_LIBRARIES
  Post the lines of output, if any, that appear below what you just entered (the text, please, not a screenshot.)
  Step 2
  Repeat with this line (triple-click anywhere in it to select the whole line):
  find /Applications /System/Library/CoreServices -type d -name *.app -exec defaults read {}/Contents/Info LSEnvironment \; 2> /dev/null | grep DYLD_INSERT_LIBRARIES
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear.
  If you get no output from either step, you're not infected with any variant of Flashback that I know of.

• My yahoo acct is infected with a trojan.

  My yahoo acct is infected with a trojan. I ran a full system scan with sophos but it is still infected. can someone walk me through the fix?

  Have you contacted Yahoo tech support and/or posted in their forums if they have one? 

• What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  Hey Kappy, without even looking I can tell you anything is better than the GeForce4MX cards, but see
  See japamacs page here on the best AGP cards for G4s & G5s...
  http://www.jcsenterprises.com/Japamacs_Page/Blog/4B4B7BA2-7ABB-47F1-87AC-B03D379 42BEE.html
  Rated slowest on top, fastest on bottom, hopefully japamac will drop in shortly.
  Oh, & they need way more RAM...
  http://www.everymac.com/systems/apple/powermac_g4/specs/powermac_g4_933_qs.html
  http://eshop.macsales.com/MyOWC/Upgrades.cfm?sort=pop&model=155&type=Memory

• Avast detects URL:MAL when opening firefox.No issue with IE or Chrome,after troubleshooting realized problem is NoScript addon.Can it have been infected?

  avast -network shield
  Infection Details
  URL: http://188.24.140.190/
  Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  Infection: URL:Mal

  Hi Tyler,
  Thanks for quick reply
  Initially after some troubleshooting I noticed that I could make infection pop up disappear:
  From Configure how firefox connects to the internet -> changed from "use system proxy settings" to "auto-detect proxy settings" or "no proxy"
  With this option modified, the pop up from avast didn't appear any longer when opening Firefox.
  However I noticed that both Chrome and IE were set to work on the same "use system proxy settings" and they weren't causing problems...so I assumed the problem still has to be with firefox.
  After changing back the option in firefox to "use system proxy" I got again the notice, but saw that when opening firefox in safe mode the issue was gone again.
  I tracked it to the no script addon, after removing it, the issue disappear regardless of proxy config settings...when I reinstall it, it appears again.
  I am now running in depth virus scans to see were the actual infection is.
  It seems to me it is expoiting a vulnerability in this addon, I will try the reset also.

• Can the rescue and recovery function be infect with a trojan virus?

  I had some trouble with trojan viruses. My scan software detected malware on my system which I deleted with the help of the antivirus software antivir (free version) and with the software malwarebytes.
  My thinkpad r51 is still running and virus scans do not show any problems any more. But I am not quite sure if I can trust the scans. So I am thinking about to format the harddisk and setup a new system. Or to use the rescue and recovery function which says that the system will be put back to its initial state. Is it really possible to bring the system back to its original state with help of rescue and recovery? ? I am a little bit afraid that the rescue and recovery function might be infected too? How does the function work? Can the system really be put back to its original state?
  Any help appreciated, thanks!
  Tom
  Solved!
  Go to Solution.

  Hi,
  if you have a virus on your system, then there is a realy small chance, that the virus got also into the Service Partition. 
  So in this situation if you want to restore the system , then after the restore finish, the virus should surely be gone.
  Service partition is a protected partition, which content can not be accessed just like that .
  Rgrds

• I think I've been infected with a virus and my other anti-virus program isn't catching it; how do I turn on Firefox's virus protection?

  For the past few months, I've had this very weird problem. Any time I'm online, what looks like a big cursor (as if I'm in a writing program or typing in a text field) will appear in random places on any webpage. The cursor flashes, can be different sizes, and comes and goes randomly. Sometimes it's almost three-quarters the height of the webpage; sometimes it's small. I mentioned it to a computer-savvy friend who suggested that the computer might be infected with a virus. I have Avira, but apparently it's not catching this virus, if that's what it is. How do I know whether Firefox's anti-virus program is enabled, and do you think it can solve my "cursor" issue?? Help!

  You may have switched on [http://kb.mozillazine.org/accessibility.browsewithcaret caret browsing]: press F7 to toggle
  See http://kb.mozillazine.org/Scrolling_with_arrow_keys_no_longer_works
  Tools > Options > Advanced : General: Accessibility: [ ] "Always use the cursor keys to navigate within pages"
  See also http://kb.mozillazine.org/Accessibility_features_of_Firefox

• Firefox infected with virus (searchq)

  My browser (firefox) has been infected with a virus searchq through jzip and I seem to have successfully removed it from my files etc but it has attached itself to my homepage and into mozilla files but not allowing me to remove it and can not default back to google - my IE browser and chrome have no problems but I prefer firefox so I uninstalled all firefox files from my program files and control panel and tried to reinstall but searchq is still there. Can I remove firefox completely to start again? Ive tried to google this but there seems to be a consensus on forums that you can not remove it permanently. There seems no other way of getting searchq off my pc if this is the case.

  Thanks - I finally found a thread that sorted it out (been at it for over a week) it was under TOOLS>OPTIONS>GENERAL show my homepage and I can restore to default. I had tried to change it under control panel and remove all files, remove all addons under extensions....Cant find the thread link now on here but it was on this forum. Many thanks

• Can't close Firefox after eradicating Fake.Trojan virus

  Got infected with Fake.Trojan virus today while surfing email via Firefox. Successfully used Malwarebytes to clean up the mess but some carnage remains. On a WIn7 platform.
  During infection and since eradication I keep getting this message, "Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
  Tried the following to no avail --
  1. Task Manager - The Firefox process doesn't show up.
  2. Restarting the PC - Same problem;
  3. Uninstalling & Reinstalling - Same problem; says it need to close first.
  4. Finding/fixing the Profile - %APPDATA%\Mozilla\Firefox\Profiles\ not found.
  5. Call to tech support at AVG - They've never seen this. They recommend a full reinstall of Windows (Ugh - don't even know where the disks are!).
  Any help welcome. Thanks. -j philly

  Thank you for the tip. I had already tried your suggestion but based on it decided to take a closer look. I also did a YouTube lookup using IE.
  But my first stop was to run that lengthy ChkDsk program to make sure all was structurally sound after the virus. I also bought the Pro version of Malwarebytes to take security even higher.
  I went to YouTube because I was having a hard time finding that profile folder the solution you gave me referenced. Answer that worked for me: Don't use the Start button to find your Profile, use your desktop explorer starting with your Users directory and drill down from there. Learned that here: http://www.youtube.com/watch?v=zRUgxlo4U4w&feature=related (Note: The speaker and video quality isn't great but his intent is good and his message had enough helpful content to get me started. Ohers may feel the same way.)
  Within the comments section replying to the above-referenced YouTube video, I then found one person who wrote this --
  "If your Firefox locks up with this error as the result of a "virus" which also happened to hide all your files and desktop icons, then none of these crap Windows XP 'fixes'on YOUTUBE will work.
  In 2012, you will need to install Google Chrome, make it your default browser/import bookmarks etc. Then run Firefox while Chrome is open, and Firefox will suddenly be unlocked! 8-) Amazing!!! Then just disarm Google Chrome and uninstall it, and you will have your Firefox back."
  His message wasn't so kind, but I did try his solution and it worked! All appears better.
  Thank you again to the community for assistance today and to jscher2000 in particular for taking the time. - j philly