PDA

View Full Version : Firefox keeps telling me I have a virus



kc7jty
10-24-2009, 11:07 PM
But IE works fine. I ran Spybot and Avast and am supposedly clean. What gives?

WØTKX
10-24-2009, 11:55 PM
Uhh, does it happen when you open Firefox and you are not on the network?

Unplug it (modem, network, whatever) and restart Firefox. What happens then?

Screenshot of the error would help a lot, as the Alphabet Soup might mean something.

Oh, and is this on SSB or CW? ;) :mrgreen:

kc7jty
10-25-2009, 01:56 AM
how do I do a screenshot?

N2NH
10-25-2009, 02:11 AM
how do I do a screenshot?
Get FireShot. It's an add-on for FireFox. LINK (http://screenshot-program.com/fireshot/)

It's free and no other program - no notepad, no paint, nothing else is needed.
Save or edit in Fireshot then save where you like and it's already a JPEG (.jpg).
Click on the "S" in the toolbar and then save. Period. Link above.

ad4mg
10-25-2009, 04:56 AM
But IE works fine. I ran Spybot and Avast and am supposedly clean. What gives?
Bill, if you haven't already, download and run Malwarebytes. It routinely finds stuff that other programs don't:

Download Malwarebytes Free Version (http://www.malwarebytes.org/mbam-download.php)

kb2crk
10-25-2009, 05:05 AM
malewarebytes is a great program. i use it along with spybot and avg and the combination works well.

N1LAF
10-25-2009, 08:04 AM
Simple method for screen shots... does not require any other add-on program.

There are several ways -

1. Open (Microsoft) wordpad or paint.

2. Hit [Print Screen] keyboard button.

3. Click into Wordpad or Paint, hold down the [Ctrl] key and tap [C] key, right click on mouse and select "Paste"

4. In Wordpad, save as .rtf file, and from paint, save as .jpg file

If you use paint, and save as .jpg file, you can easily attach here for viewing and troubleshooting

kc7jty
10-25-2009, 01:01 PM
I'll download malwarebytes.
When I open Firefox it trys to load then the page immediately goes to thealertlite.com which looks like it has the windows castle icon and it tells me I have an assortment of viruses in 3 different areas on my pc. There are buttons to remove the viruses on that page buy they don't work.
I'm going to run IE for a while then maybe remove Firefox then reload it.

There were 2 viruses Avast found and I sent them into the virus vault. Everything checks fine now but I will run the malwarebytes.

n2ize
10-25-2009, 01:28 PM
It sounds like you are reaching or being redirected to a bogus site that is fooling you and trying to tell you that you have a computer virus. Those sham sites try to simulate real time scanning and function execution to fool the user into thinking its the real thing and thus coercing them into installing some virus, spyware, malware, or trojan.

N2NH
10-25-2009, 01:34 PM
It sounds like you are reaching or being redirected to a bogus site that is fooling you and trying to tell you that you have a computer virus. Those sham sites try to simulate real time scanning and function execution to fool the user into thinking its the real thing and thus coercing them into installing some virus, spyware, malware, or trojan.

ZDNet was warning that this was going to be a problem this Halloween.

Seems that an advertiser put one of these on the Fox site both in March and May,
Then the NY Times site last month...

kc7jty
10-25-2009, 02:01 PM
Installed and ran a thorough check with Malwarebytes and no infections. Should I run their fileassin on Firefox?
Also do I need to check for updates and run the scan once a week?

Should I remove Windows Defender which I have installed?
Thanks for the info folks.

kc7jty
10-25-2009, 02:22 PM
Simple method for screen shots... does not require any other add-on program.

There are several ways -

1. Open (Microsoft) wordpad or paint.

2. Hit [Print Screen] keyboard button.

3. Click into Wordpad or Paint, hold down the [Ctrl] key and tap [C] key, right click on mouse and select "Paste"

4. In Wordpad, save as .rtf file, and from paint, save as .jpg file

If you use paint, and save as .jpg file, you can easily attach here for viewing and troubleshooting
Thanks but it looks like it's gonna take me 5 hours to figure this one out.

kc7jty
10-25-2009, 02:52 PM
Is there any way to save Firefox without removing it and re installing it?
There was a shared folders icon in my documents I didn't know anything about that I deleted, but I still go to this alertlite site when I open Firefox.

kc7jty
10-25-2009, 02:54 PM
Uhh, does it happen when you open Firefox and you are not on the network?

Unplug it (modem, network, whatever) and restart Firefox. What happens then?

Screenshot of the error would help a lot, as the Alphabet Soup might mean something.

Oh, and is this on SSB or CW? ;) :mrgreen:
Last night I unplugged the cable to the modem and opened Firefox and the screen said thealertlite.com cannot be found because I wasn't connected to the internet.
But after running the Avast & Spybot scans again it doesn't matter, it goes to thealertlite.com site and does the virus warning thing connected or not.

kf0rt
10-25-2009, 03:02 PM
You sure you have that spelled right, Bill? thealertlite.com is unregistered and I'm not getting any hits on Google.

kc7jty
10-25-2009, 03:59 PM
You sure you have that spelled right, Bill? thealertlite.com is unregistered and I'm not getting any hits on Google.
Yep, it's spelled right. Bogus site that I automatically go to when Firefox tries to load.
Krice, whatever you do don't go there.

N2NH
10-25-2009, 04:33 PM
Uhh, does it happen when you open Firefox and you are not on the network?

Unplug it (modem, network, whatever) and restart Firefox. What happens then?

Screenshot of the error would help a lot, as the Alphabet Soup might mean something.

Oh, and is this on SSB or CW? ;) :mrgreen:
Last night I unplugged the cable to the modem and opened Firefox and the screen said thealertlite.com cannot be found because I wasn't connected to the internet.
But after running the Avast & Spybot scans again it doesn't matter, it goes to thealertlite.com site and does the virus warning thing connected or not.

Okay Bill, here's whatcha do (my advice):

1) Click on the "Tools" tab at the top of FireFox

2) Click on "Options" in the drop down menu

3) At the top of the new window, you'll see "Main." Click on that.

4) the top of the boxes says "Startup" -
When FireFox starts: - This should be set to "Show my home page".
If it is set to set to "Show my windows and tabs from last time", it'll automatically
go to the last page you were on.

5) Check to see that the home page is where you want to go. Some sites will
change your homepage to their site. A good bet is your favorite search engine,
like Google or Yahoo.

6) If you don't have the latest version of FF, now would be a good time to update (IMHO).

7) Then try Ad-Aware which is free from This Site (link). (http://www.lavasoft.com/products/ad_aware_free.php)


Hopefully this helps and will cure the problem.

kb2vxa
10-25-2009, 04:49 PM
4) the top of the boxes says "Startup" -
When FireFox starts: - This should be set to "Show my home page".
If it is set to set to "Show my windows and tabs from last time", it'll automatically
go to the last page you were on.

5) Check to see that the home page is where you want to go.
>>>Some sites will change your homepage to their site.<<<

This is why I have it set to "show a blank page". That just loads FF and it doesn't go anywhere until I tell it where to go.

N2NH
10-25-2009, 05:07 PM
4) the top of the boxes says "Startup" -
When FireFox starts: - This should be set to "Show my home page".
If it is set to set to "Show my windows and tabs from last time", it'll automatically
go to the last page you were on.

5) Check to see that the home page is where you want to go.
>>>Some sites will change your homepage to their site.<<<

This is why I have it set to "show a blank page". That just loads FF and it doesn't go anywhere until I tell it where to go.

One of the nice things about having a known homepage is that if something changes, you know there's a problem immediately. I haven't had a problem with it so far.

Another change is to dump your your cookies when FF closes. You can except sites you want cookies from, and the rest get flushed when you shut it down. So far no worries with this setup here.

God I hate malware/scareware. The worst are the ones that lock on and you have to CTRL/ALT/Delete your way out. I've blocked sites permanently just for pulling that stunt. How much do they want you to visit when they do that to your computer?

WØTKX
10-25-2009, 05:30 PM
This crap is interesting as a puzzle, but it sure is annoying.

kf0rt
10-25-2009, 05:37 PM
Interesting thing about this "thealertlite" thing.

thealertlite.com shows as an available domain on GoDaddy. Buy it for $10.69.
Ping it, and it comes up 208.68.139.38, so there must be a DNS record (how can it be available, then?).
ARIN lookup on 208.68.139.38 comes up with:


OrgName: FAST Search & Transfer Inc
OrgID: FST-20
Address: 117 Kendrick Street
City: Needham
StateProv: MA
PostalCode: 02494
Country: US

NetRange: 208.68.136.0 - 208.68.143.255
CIDR: 208.68.136.0/21
OriginAS: AS40066
NetName: FAST-HOSTED-SERVICES
NetHandle: NET-208-68-136-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Assignment
NameServer: DNSBOSEXT.FASTSEARCH.NET
NameServer: DNSDENEXT.FASTSEARCH.NET
Comment:
RegDate: 2006-06-28
Updated: 2008-04-11

RTechHandle: JHH10-ARIN
RTechName: Hutchinson, James Henry
RTechPhone: +1-781-433-8999
RTechEmail: james.hutchinson@microsoft.com

OrgTechHandle: JHH10-ARIN
OrgTechName: Hutchinson, James Henry
OrgTechPhone: +1-781-433-8999
OrgTechEmail: james.hutchinson@microsoft.com

@microsoft.com ???!!???

N2NH
10-25-2009, 07:06 PM
Interesting thing about this "thealertlite" thing.

thealertlite.com shows as an available domain on GoDaddy. Buy it for $10.69.
Ping it, and it comes up 208.68.139.38, so there must be a DNS record (how can it be available, then?).
ARIN lookup on 208.68.139.38 comes up with:


OrgName: FAST Search & Transfer Inc
OrgID: FST-20
Address: 117 Kendrick Street
City: Needham
StateProv: MA
PostalCode: 02494
Country: US

NetRange: 208.68.136.0 - 208.68.143.255
CIDR: 208.68.136.0/21
OriginAS: AS40066
NetName: FAST-HOSTED-SERVICES
NetHandle: NET-208-68-136-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Assignment
NameServer: DNSBOSEXT.FASTSEARCH.NET
NameServer: DNSDENEXT.FASTSEARCH.NET
Comment:
RegDate: 2006-06-28
Updated: 2008-04-11

RTechHandle: JHH10-ARIN
RTechName: Hutchinson, James Henry
RTechPhone: +1-781-433-8999
RTechEmail: james.hutchinson@microsoft.com

OrgTechHandle: JHH10-ARIN
OrgTechName: Hutchinson, James Henry
OrgTechPhone: +1-781-433-8999
OrgTechEmail: james.hutchinson@microsoft.com

@microsoft.com ???!!???

I couldn't ping it from here. I got no hits on google on thealertlite.com. This is a strange one. I think Bill has found the McGuffin (as Hitchcock would call it). Makes me wonder if it's just one of those things that is but is never admitted to.
:think

kc7jty
10-25-2009, 08:41 PM
I can't get onto Firefox. It won't load without going to the bogus site. I have FF 3.5, maybe I should just get the 3.6 if it's worth it?

N2NH
10-25-2009, 08:47 PM
I can't get onto Firefox. It won't load without going to the bogus site. I have FF 3.5, maybe I should just get the 3.6 if it's worth it?

You should be able to do the changes even if it does. Then remove the cookies and re-start FF. That should do it.

Tools>Options>Content>Block Pop-up Windows should be checked.

Also when checking for the start up, see if more than one page is being loaded. Sometimes FF will load a second (or more) page. Here's the FF site page on how that would look and work. (http://support.mozilla.com/en-US/kb/Multiple+tabs+open+when+starting+Firefox?s=home%20 page)

Tools>Options>Privacy>Accept Cookies from sites should be checked - Accept 3rd party cookies should not and as mentioned before only allow cookies until you close FireFox.

Tools>Options>Privacy>Show Cookies - Remove all cookies. You'll have to relog on here after that.

Otherwise you will have to remove it and do a registry clean up & reboot before installing 3.6. Try to back up your bookmarks first.

kc7jty
10-25-2009, 09:17 PM
Thanks for the help John.
Can't I remove the cookies with the crap cleaner sweep broom? I remember once when I had the modem disconnected a pop up said the alertlite bogus site couldn't be found.
That's something I haven't done for a while, the registry cleaner.

kc7jty
10-25-2009, 09:36 PM
This Site (link). (http://www.lavasoft.com/products/ad_aware_free.php)

I started to download this and a Windows pop up said HIGH Probability it was a fake and dangerous, so I aborted.

N2NH
10-25-2009, 09:39 PM
Thanks for the help John.
Can't I remove the cookies with the crap cleaner sweep broom? I remember once when I had the modem disconnected a pop up said the alertlite bogus site couldn't be found.
That's something I haven't done for a while, the registry cleaner.

You can do it with a 3rd party program, but it's good to check afterwards. Chances are it'll be gone, but considering the problem IMHO it's good to leave nothing to chance.

The registry cleaner might work unless it 'sees' this as a legitimate program. I'd say run a virus cleaner first, but you already have and it's not seeing it. Normally a registry cleaner seems to only remove odds and ends that are left behind. That's probably not going to happen if the malware is still around. IMO I'd try Ad-Aware first then try the registry cleaner. That's probably the best route. For some reason, a lot of anti-virus programs aren't dumping malware as if it's just adware instead of a virus.

Believe me, Ad-Aware is not a fake. That's [highlight:26373ww4]not[/highlight:26373ww4] the site though - the link below is. Sorry if I gave the wrong link. I use Ad-Aware (among other programs that I switch regularly) all the time and this link is from the program that I use. It's legit.

Try this link and see if you fare better. (http://www.lavasoft.com/products/ad_aware_free.php)

kc7jty
10-25-2009, 09:46 PM
Here's a plan:
Disconnect the pc from the modem.
Clean all cookies & registry
double click Firefox to load it.
then try your suggestion to show my home page if the virus warning comes back, if it says it can't load the evil page all the better.
Think I'll do it tomorrow though, I'm hoping to get some input on the Toshiba laptop I'm thinking about buying tomorrow.

N2NH
10-25-2009, 09:56 PM
Here's a plan:
Disconnect the pc from the modem.
Clean all cookies & registry
double click Firefox to load it.
then try your suggestion to show my home page if the virus warning comes back, if it says it can't load the evil page all the better.
Think I'll do it tomorrow though, I'm hoping to get some input on the Toshiba laptop I'm thinking about buying tomorrow.

Sounds good. PM me if you need more help. I changed the links so nobody would d/l the wrong program - My Bad.

kc7jty
10-26-2009, 12:33 AM
Ad-Aware found and removed 3 objects.

I now have
AdAware
Malwarebytes
Avast
Spybot
Windows defender

all running. Isn't that going to slo me down? I seem to rember having AdWare before and removing it because it wasn't compatable with something, Spybot perhaps.

WØTKX
10-26-2009, 01:03 AM
Ad-Aware found and removed 3 objects.

I now have
AdAware
Malwarebytes
Avast
Spybot
Windows defender

all running. Isn't that going to slo me down? I seem to rember having AdWare before and removing it because it wasn't compatable with something, Spybot perhaps.

Glad to know you're feeling better. Please take a tissue. :mrgreen:

http://1.bp.blogspot.com/_ovJS1Em-6dg/RaOC4KtH04I/AAAAAAAAA_8/uqIO6SjKfDA/s400/maoiTissue.jpg

You're still a little stuffed up, some of the software is redundant.

Picking one that is less popular and still effective is a good way to go, and turn the other one off.
Keep it around, and don't use it unless something gets missed. Keep Malwarebytes for sure, they are very quick responders to the worst stuff, IMHO.

kc7jty
10-26-2009, 01:15 AM
IT WORKED!
I have my precious Firefox back, and am on it now.
Good thing nobody's close I'd be givin yiz all a big wet kiss.
Much appreciation, and many thanks for all the help. :agree:

kc7jty
10-26-2009, 01:24 AM
I can't get onto Firefox. It won't load without going to the bogus site. I have FF 3.5, maybe I should just get the 3.6 if it's worth it?

You should be able to do the changes even if it does. Then remove the cookies and re-start FF. That should do it.

Tools>Options>Content>Block Pop-up Windows should be checked.

Also when checking for the start up, see if more than one page is being loaded. Sometimes FF will load a second (or more) page. Here's the FF site page on how that would look and work. (http://support.mozilla.com/en-US/kb/Multiple+tabs+open+when+starting+Firefox?s=home%20 page)

Tools>Options>Privacy>Accept Cookies from sites should be checked - Accept 3rd party cookies should not and as mentioned before only allow cookies until you close FireFox.

Tools>Options>Privacy>Show Cookies - Remove all cookies. You'll have to relog on here after that.

Otherwise you will have to remove it and do a registry clean up & reboot before installing 3.6. Try to back up your bookmarks first.
Can you think of any other settings I should change? I'm probably set to the default when I downloaded FF.

kc7jty
10-26-2009, 01:31 AM
Ad-Aware found and removed 3 objects.

I now have
AdAware
Malwarebytes
Avast
Spybot
Windows defender

all running. Isn't that going to slo me down? I seem to rember having AdWare before and removing it because it wasn't compatable with something, Spybot perhaps.

Glad to know you're feeling better. Please take a tissue. :mrgreen:

http://1.bp.blogspot.com/_ovJS1Em-6dg/RaOC4KtH04I/AAAAAAAAA_8/uqIO6SjKfDA/s400/maoiTissue.jpg

You're still a little stuffed up, some of the software is redundant.

Picking one that is less popular and still effective is a good way to go, and turn the other one off.
Keep it around, and don't use it unless something gets missed. Keep Malwarebytes for sure, they are very quick responders to the worst stuff, IMHO.
Sorry to be such a dumbbell, but how should I best turn AdAware off but keep it in case it's needed?

WØTKX
10-26-2009, 02:37 AM
Sorry to be such a dumbbell, but how should I best turn AdAware off but keep it in case it's needed?

I have not used it for a long time, so it's different. And I ran the subscription version for the better features then. It was a hidden switch in the menus, in an advanced section. Money buys you advanced features, but I don't remember if that would work in the free version specifically.

But hey, that was 3-4 years ago, and everything changes in 3-4 months with the annoying charms of marketing noise. Been running Avast! and AVG is no longer on the main PC.

I don't recommended diving into the registry, it gives most humans a case of mental "hives".

You gotta back up the registry completely before you screw it up. Before you boot windows. And so an idiot like me keeps a few boot CD around that will get to the HD. Without starting Windows. Do it from a system prompt. Not always DOS like either. Partition Commander can be really helpful as well as disk image tools.

It is Bill the Gates fault that I spew nonsense poetry. :homer:

Windoze hypnotizes all with it's MicroSquisy Marketecture. I just go for reasonable stability, and use the computers now more that tweak on them Rather be tweaky in a forum. :snicker:

Good for you man, you stuck with it, and it's running again... Whew.

N2NH
10-26-2009, 06:33 AM
Great to hear Bill. As far as the Registry, I also would advise against working on it manually. There are some cleaners out there that will do it and they're pretty good. They'll back up the data just in case and when they're done you'll usually see a big increase in speed.

Hmmm... I'll have to look around FF for extra tweaks. It took me awhile to figure out what I'd done - haven't had to mess with it for a few months.

I use Ad-Aware when I need it. I do the scan on a regular basis, delete the crud and then move on. Figure out which one of those programs work best for you and run with that one. Ad-Aware's free version doesn't have the anti-virus, so that's not going to be much help AFAIC.

BTW, check your messages.

The important thing is everything is back to normal...
:agree:

KJ3N
10-26-2009, 09:25 AM
I seem to rember having AdWare before and removing it because it wasn't compatable with something, Spybot perhaps.
They like to complain about each other, but they will get along fine. Just tell each one to ignore the other.

I have them both running here and have zero problems.