NSIS Media any way to get rid - Mozilla

This is a discussion on NSIS Media any way to get rid - Mozilla ; I am trying to get rid of a problem that affects both IE and Firefox. No Antivirus websites are offering a solution or identity of the worm/trojan whatever it is. It appears to pop up as an executable JAR file ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: NSIS Media any way to get rid

  1. NSIS Media any way to get rid

    I am trying to get rid of a problem that affects both IE and Firefox.
    No Antivirus websites are offering a solution or identity of the worm/trojan
    whatever it is.

    It appears to pop up as an executable JAR file in a sub folder of the
    Mozilla Firefox folder, (the folder name is Chrome),
    as well as Program files/common files/NSIS media/ ...dll and uninst.exe

    Deleting registry keys for this and deleting files etc looks to work but on
    reboot- reappears.
    Not sure whats going on here. Can anyone offer any solutions that do not
    include a full re-install as I do not want to do that at the moment if
    possible.

    I am running FireFox 1.5.04.

    Thanks,
    Richard



  2. Re: NSIS Media any way to get rid

    Richard price wrote:
    > I am trying to get rid of a problem that affects both IE and Firefox.
    > No Antivirus websites are offering a solution or identity of the worm/trojan
    > whatever it is.
    >
    > It appears to pop up as an executable JAR file in a sub folder of the
    > Mozilla Firefox folder, (the folder name is Chrome),
    > as well as Program files/common files/NSIS media/ ...dll and uninst.exe
    >
    > Deleting registry keys for this and deleting files etc looks to work but on
    > reboot- reappears.
    > Not sure whats going on here. Can anyone offer any solutions that do not
    > include a full re-install as I do not want to do that at the moment if
    > possible.
    >
    > I am running FireFox 1.5.04.
    >
    > Thanks,
    > Richard
    >
    >
    >

    What's the name of that .jar file?



  3. Re: NSIS Media any way to get rid

    Richard price wrote:

    >I am trying to get rid of a problem that affects both IE and Firefox.
    >No Antivirus websites are offering a solution or identity of the worm/trojan
    >whatever it is.
    >
    >It appears to pop up as an executable JAR file in a sub folder of the
    >Mozilla Firefox folder, (the folder name is Chrome),
    >as well as Program files/common files/NSIS media/ ...dll and uninst.exe
    >
    >Deleting registry keys for this and deleting files etc looks to work but on
    >reboot- reappears.
    >Not sure whats going on here. Can anyone offer any solutions that do not
    >include a full re-install as I do not want to do that at the moment if
    >possible.


    Put nsis media into Google.

    Here's a nice return:

    http://www.wilderssecurity.com/showthread.php?p=796002

    and here:

    http://forums.mozillazine.org/viewto...7dd211379ece53

  4. Re: NSIS Media any way to get rid

    The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
    Filename: nsis.jar, (executable JAR file).

    Thanks, but I have already searched on Google. Been looking for the past few
    days. Still no real solutions found. Have moved, will try adjusting the dll
    file and leaving in place just to stop the pop ups.

    I have been running checks for the two files wattsja posted @
    http://www.zeropaid.com/bbs/spyware-...ups-38259.html

    but not found them at all. Cannot locate a process that runs. No one has a
    real solution for is so far as its so new.

    It rebuilds the NSIS folder and dll files on shutdown, according to the
    timestamp on them.
    Still no suggestion found that deals with it 100%. I will keep trying myself
    and post if I get anywhere.

    Thanks
    Richard



  5. Re: NSIS Media any way to get rid

    Richard price wrote:
    > The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
    > Filename: nsis.jar, (executable JAR file).
    >
    > Thanks, but I have already searched on Google. Been looking for the past few
    > days. Still no real solutions found. Have moved, will try adjusting the dll
    > file and leaving in place just to stop the pop ups.
    >
    > I have been running checks for the two files wattsja posted @
    > http://www.zeropaid.com/bbs/spyware-...ups-38259.html
    >
    > but not found them at all. Cannot locate a process that runs. No one has a
    > real solution for is so far as its so new.
    >
    > It rebuilds the NSIS folder and dll files on shutdown, according to the
    > timestamp on them.
    > Still no suggestion found that deals with it 100%. I will keep trying myself
    > and post if I get anywhere.
    >
    > Thanks
    > Richard
    >
    >

    Do you have any antivirus installed in your computer ? Start Windows in Safe
    mode ( while booting press F8 key and select "Safe Mode" ).Scan Now your
    computer with Antivirus software .

  6. Re: NSIS Media any way to get rid

    Richard price wrote:

    > The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
    > Filename: nsis.jar, (executable JAR file).
    >
    > Thanks, but I have already searched on Google. Been looking for the past few
    > days. Still no real solutions found. Have moved, will try adjusting the dll
    > file and leaving in place just to stop the pop ups.
    >
    > I have been running checks for the two files wattsja posted @
    > http://www.zeropaid.com/bbs/spyware-...ups-38259.html
    >
    > but not found them at all. Cannot locate a process that runs. No one has a
    > real solution for is so far as its so new.
    >
    > It rebuilds the NSIS folder and dll files on shutdown, according to the
    > timestamp on them.
    > Still no suggestion found that deals with it 100%. I will keep trying myself
    > and post if I get anywhere.
    >
    > Thanks
    > Richard
    >
    >

    NSIS is also Nullsoft Scriptable Installing System, which is part of
    http://nsis.sourceforge.net/Main_Page. Some extension authors and
    developers use it.

    --
    So, You Think You Know Everything?

    Did you know that the up and coming Mercedes-Benz Bionic Car will be
    based on the sleekness and stylish of a fish in water -- the
    streamline contours of a box fish that is?

  7. Re: NSIS Media any way to get rid

    Richard price wrote:

    >I am trying to get rid of a problem that affects both IE and Firefox.
    >No Antivirus websites are offering a solution or identity of the worm/trojan
    >whatever it is.


    As a matter of interest... did you get it from Foxie?

  8. Re: NSIS Media any way to get rid

    On 18.07.2006 05:15 pm, CET - what odd quirk of fate caused jo to
    generate the following:? :

    >Richard price wrote:
    >
    >
    >
    >>I am trying to get rid of a problem that affects both IE and Firefox.
    >>No Antivirus websites are offering a solution or identity of the worm/trojan
    >>whatever it is.
    >>
    >>It appears to pop up as an executable JAR file in a sub folder of the
    >>Mozilla Firefox folder, (the folder name is Chrome),
    >>as well as Program files/common files/NSIS media/ ...dll and uninst.exe
    >>
    >>Deleting registry keys for this and deleting files etc looks to work but on
    >>reboot- reappears.
    >>Not sure whats going on here. Can anyone offer any solutions that do not
    >>include a full re-install as I do not want to do that at the moment if
    >>possible.
    >>
    >>

    >
    >Put nsis media into Google.
    >
    >Here's a nice return:
    >
    >http://www.wilderssecurity.com/showthread.php?p=796002
    >
    >


    maybe the OP should read the posts there a bit closer - especially the
    one from wattsja, labled #23 - July14th 11:46am

    QUOTE from that post:

    In my %win%\system32 directory, I had the following 2 files:
    krnsvr32.dll
    wmdmb32.dll

    Neither of these are Windows files and mine are dated 2001. I couldn't
    delete them, but I was able to MOVE them (accomplishes the same thing
    huh??) to a temp folder, then rename them. Once this was completed, I
    manually removed the NSIS stuff (folder and registry entries) ...
    rebooted and it was gone. I put the files back ... reboot .... it's back.

    Hope this will help some of you.

    UNQUOTE


    << SNIPPED >>

    reg

  9. Re: NSIS Media any way to get rid

    >
    > maybe the OP should read the posts there a bit closer - especially the one
    > from wattsja, labled #23 - July14th 11:46am
    >
    > QUOTE from that post:
    >
    > In my %win%\system32 directory, I had the following 2 files:
    > krnsvr32.dll
    > wmdmb32.dll
    >
    > Neither of these are Windows files and mine are dated 2001. I couldn't
    > delete them, but I was able to MOVE them (accomplishes the same thing
    > huh??) to a temp folder, then rename them. Once this was completed, I
    > manually removed the NSIS stuff (folder and registry entries) ... rebooted
    > and it was gone. I put the files back ... reboot .... it's back.
    >
    > Hope this will help some of you.
    >


    Thankyou Squaredancer,

    yes I (OP) have seen it & tried it, however
    I dont have krnsvr32.dll or wmdmb32.dll on my PC. Tried what is suggested on
    all fora so far I reckon. Did the google search first thing on figuring I
    had a problem, repeating a google search every day pretty much to see if any
    new wisdom.
    So many threads refer to each other, that most point to that one. It still
    looks that there is no way to get rid of it so far for me. I have to assume
    that the infected dlls that my PC have are called something different.

    Guess I just have to wait for MS, an AV company or Mozilla to have a fix for
    this. Unless there is a way of finding it. This virus will reinstate itself
    on shutdown if allowed, or bootup if the power was cut before shutdown.
    Cannot find how it works or the files to delete. The ones I know about just
    self regenerate each time along with registry keys.

    Thankyou for your help, perhaps it will help someone with those dlls.
    Richard



  10. Re: NSIS Media any way to get rid

    NSIS Media pop ups, the files and the Registry Keys have now dissapeared
    from my PC.
    I have been trying this and that for ages.

    Eventually Trojan Hunter found it and Avast found something in a temp file
    too. I do wonder where it came from. I suspect that Mozilla Firefox was
    vulnerable to it and a malicious page on myspace (yes Im sure they exist)
    installed a payload of some malware.

    But Iv run that many Anti virus, Spyware, Adware, trojan detectors, it was
    an absolute Joke. Eventually I found an exe file elsewhere else (another
    drive), so I deleted that. and the folders and the registry Keys. They are
    now not re-appearing. Odd as I cannt see one step alone that got rid of it.

    Oh well. No way to prevent it seemingly but at least its gone away.
    Thanks for the suggestions all who tried. If you have it and cannot seem to
    shake it, send me a message and Ill give you a list of things that finally
    strangled the critter.
    Richard



+ Reply to Thread