Wednesday, 31 March 2010

74.55.39.45 pauses in Firefox

Sometime in the past week my PC developed a bit of a pause on quite a few websites, including slashdot.org. At the bottom of the page you can see it trying to connect to the IP address 74.55.39.45 - doing a lookup on that doesn't shed any light.

Googled a couple of threads talking about the same thing
http://www.webmasterworld.com/google_adsense/4104383.htm
http://forums.vwvortex.com/zerothread?id=4819449

None of the AV checks I ran showed anything up - Malwarebytes, Ad-Aware, Symantec EndPoint and Prevx. IE8 worked ok, just Firefox that is affected (v3.63).

Hosts file is clear.

Also disabled all add-ins and plugins, but it still showed up as a problem.

In the end enabling Adblock Plus in Firefox has stopped it.
https://addons.mozilla.org/en-US/firefox/addon/1865

2 comments:

Rien said...

AdBlock didn't work for me, but Prevx found a malware file named Spiral.dll in the folder App Data/Local/Spiral and a registry entry with that address.
That won't help you much, because it seems that the malware takes on different names, so you might have to run Prevx yourself. The free version won't remove it, but it will tell you where it is, so you can remove it yourself.

erod said...

I agree with Rien.

Prevx will not remove (without paying, at least), but it does identify the affected file and you can remove it by a) uninstalling any recent app which will be the cuplrit of the malware, b) deleting the associated registry entry, and c) rebooting into safe mode to delete the affected dll file.

Trust 1&1 Internet for your domain name registration, from only £1.99/year!. Check now!