Matthew_84
Beta member
- Messages
- 3
Hey all,
First off, I'd like to correct my title. The virus isn't a pop-up, it appears in a new tab in Firefox, just to be specific.
My mom used her computer and was on eBay. When she went to pay for something, a new tab opened from the address "quizfinddomain.com". This site claimed that she was the Ontario (our province) winner for that day's date. We use Firefox to browse the net and pop-ups or new tabs never ever come up for no reason. She thought it was a prize from eBay, so she clicked on the link and even put in her cell phone number when prompted.
When I got on the computer hours later it clearly had a virus. It was running very sluggishly and at random times, even when doing nothing, the blue screen of death would come up followed by a crash dump. Since then I have been going nuts. I found out that this happened on 09/09/2011 at about 12:20pm, because there were a whole bunch of new files (like begar2x.exe, efeh.log, and mousedriver.bat) that were installed at that time and were since added to windows start-up files, performances, and the registry. I went through all of them and got rid of every file that looked suspicious. The computer seemed to be a bit better.
But last night the pop-up from "quizfinddomain.com" still came up. I've noticed something else, this pop-up only appears when you are signing in to a site, or entering your e-mail address, or any personal information. Obviously I got very worried. A minute or two later, the Blue Screen appeared again. I dropped the computer off today to a computer tech who claimed to have fixed it. After I went through stuff and checked out what he did, without making any changes, I went to register for a file sharing site that asked for my address and things like this, the pop-up came up again.
The only file that remains that is a concern to me is this:
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\InternetExplorer\MSIMGSIZ.DAT
Now I've read up on this file and everyone says that it is a normal file and was there all along. The thing is that when I click on the properties, it says that the file was created at the precise time that the other virus's were installed (09/09/2011 12:24:11 PM) and has not been modified since. This file apparently stores something to do with Internet Explorer. None of us have used Internet Explorer in years, and when I go into and look at any dates modified, nothing was modified on the same day as the MSIMGSIZ.DAT file. I am unable to delete this file, and I know it is causing some of the issues as it was downloaded at the same time as the virus was.
Also, I'm very curious as to why the site "quizfinddomain.com" only comes up when I'm entering personal data, even on new websites I've never been to before. It really seems like there's something on my computer that allows it to know that I am entering information and then it pops up.
I have installed the add-ons for WebOfTrust, NoScript, and now BlockSite: WOT, says "quizfinddomain.com" is not safe, I have the site listed as Untrusted in NoScript, but it still came up so now I added it to the blacklist of BlockSite. I have not seen it pop-up yet and I've tried logging into various sites to try it out, but I think I may just be masking the problem.
I will call the tech again tomorrow, but I think I need some more opinions.
I had Avast! Home Edition installed as well as SpyBot Seek & Destroy, but the tech uninstalled them and installed Symantec Endpoint Protection today. He certainly did clean up the computer as it's faster now then it's been in a while.
Sorry for the long post, and thanks for taking your time to read it... Any opinions would be hugely appreciated!
Thanks,
Matt
First off, I'd like to correct my title. The virus isn't a pop-up, it appears in a new tab in Firefox, just to be specific.
My mom used her computer and was on eBay. When she went to pay for something, a new tab opened from the address "quizfinddomain.com". This site claimed that she was the Ontario (our province) winner for that day's date. We use Firefox to browse the net and pop-ups or new tabs never ever come up for no reason. She thought it was a prize from eBay, so she clicked on the link and even put in her cell phone number when prompted.
When I got on the computer hours later it clearly had a virus. It was running very sluggishly and at random times, even when doing nothing, the blue screen of death would come up followed by a crash dump. Since then I have been going nuts. I found out that this happened on 09/09/2011 at about 12:20pm, because there were a whole bunch of new files (like begar2x.exe, efeh.log, and mousedriver.bat) that were installed at that time and were since added to windows start-up files, performances, and the registry. I went through all of them and got rid of every file that looked suspicious. The computer seemed to be a bit better.
But last night the pop-up from "quizfinddomain.com" still came up. I've noticed something else, this pop-up only appears when you are signing in to a site, or entering your e-mail address, or any personal information. Obviously I got very worried. A minute or two later, the Blue Screen appeared again. I dropped the computer off today to a computer tech who claimed to have fixed it. After I went through stuff and checked out what he did, without making any changes, I went to register for a file sharing site that asked for my address and things like this, the pop-up came up again.
The only file that remains that is a concern to me is this:
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\InternetExplorer\MSIMGSIZ.DAT
Now I've read up on this file and everyone says that it is a normal file and was there all along. The thing is that when I click on the properties, it says that the file was created at the precise time that the other virus's were installed (09/09/2011 12:24:11 PM) and has not been modified since. This file apparently stores something to do with Internet Explorer. None of us have used Internet Explorer in years, and when I go into and look at any dates modified, nothing was modified on the same day as the MSIMGSIZ.DAT file. I am unable to delete this file, and I know it is causing some of the issues as it was downloaded at the same time as the virus was.
Also, I'm very curious as to why the site "quizfinddomain.com" only comes up when I'm entering personal data, even on new websites I've never been to before. It really seems like there's something on my computer that allows it to know that I am entering information and then it pops up.
I have installed the add-ons for WebOfTrust, NoScript, and now BlockSite: WOT, says "quizfinddomain.com" is not safe, I have the site listed as Untrusted in NoScript, but it still came up so now I added it to the blacklist of BlockSite. I have not seen it pop-up yet and I've tried logging into various sites to try it out, but I think I may just be masking the problem.
I will call the tech again tomorrow, but I think I need some more opinions.
I had Avast! Home Edition installed as well as SpyBot Seek & Destroy, but the tech uninstalled them and installed Symantec Endpoint Protection today. He certainly did clean up the computer as it's faster now then it's been in a while.
Sorry for the long post, and thanks for taking your time to read it... Any opinions would be hugely appreciated!
Thanks,
Matt
