Richard price wrote:
> I am trying to get rid of a problem that affects both IE and Firefox.
> No Antivirus websites are offering a solution or identity of the worm/trojan
> whatever it is.
>
> It appears to pop up as an executable JAR file in a sub folder of the
> Mozilla Firefox folder, (the folder name is Chrome),
> as well as Program files/common files/NSIS media/ ...dll and uninst.exe
>
> Deleting registry keys for this and deleting files etc looks to work but on
> reboot- reappears.
> Not sure whats going on here. Can anyone offer any solutions that do not
> include a full re-install as I do not want to do that at the moment if
> possible.
>
> I am running FireFox 1.5.04.
>
> Thanks,
> Richard
>
>
>
What's the name of that .jar file?

Richard price wrote:

>I am trying to get rid of a problem that affects both IE and Firefox.
>No Antivirus websites are offering a solution or identity of the worm/trojan
>whatever it is.
>
>It appears to pop up as an executable JAR file in a sub folder of the
>Mozilla Firefox folder, (the folder name is Chrome),
>as well as Program files/common files/NSIS media/ ...dll and uninst.exe
>
>Deleting registry keys for this and deleting files etc looks to work but on
>reboot- reappears.
>Not sure whats going on here. Can anyone offer any solutions that do not
>include a full re-install as I do not want to do that at the moment if
>possible.

Put nsis media into Google.

Here's a nice return:

http://www.wilderssecurity.com/showthread.php?p=796002

and here:

http://forums.mozillazine.org/viewto...7dd211379ece53

The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
Filename: nsis.jar, (executable JAR file).

Thanks, but I have already searched on Google. Been looking for the past few
days. Still no real solutions found. Have moved, will try adjusting the dll
file and leaving in place just to stop the pop ups.

I have been running checks for the two files wattsja posted @
http://www.zeropaid.com/bbs/spyware-...ups-38259.html

but not found them at all. Cannot locate a process that runs. No one has a
real solution for is so far as its so new.

It rebuilds the NSIS folder and dll files on shutdown, according to the
timestamp on them.
Still no suggestion found that deals with it 100%. I will keep trying myself
and post if I get anywhere.

Thanks
Richard

Richard price wrote:
> The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
> Filename: nsis.jar, (executable JAR file).
>
> Thanks, but I have already searched on Google. Been looking for the past few
> days. Still no real solutions found. Have moved, will try adjusting the dll
> file and leaving in place just to stop the pop ups.
>
> I have been running checks for the two files wattsja posted @
> http://www.zeropaid.com/bbs/spyware-...ups-38259.html
>
> but not found them at all. Cannot locate a process that runs. No one has a
> real solution for is so far as its so new.
>
> It rebuilds the NSIS folder and dll files on shutdown, according to the
> timestamp on them.
> Still no suggestion found that deals with it 100%. I will keep trying myself
> and post if I get anywhere.
>
> Thanks
> Richard
>
>
Do you have any antivirus installed in your computer ? Start Windows in Safe
mode ( while booting press F8 key and select "Safe Mode" ).Scan Now your
computer with Antivirus software .

Richard price wrote:

> The JAR file was located in C:\Program Files\Mozilla Firefox\chrome
> Filename: nsis.jar, (executable JAR file).
>
> Thanks, but I have already searched on Google. Been looking for the past few
> days. Still no real solutions found. Have moved, will try adjusting the dll
> file and leaving in place just to stop the pop ups.
>
> I have been running checks for the two files wattsja posted @
> http://www.zeropaid.com/bbs/spyware-...ups-38259.html
>
> but not found them at all. Cannot locate a process that runs. No one has a
> real solution for is so far as its so new.
>
> It rebuilds the NSIS folder and dll files on shutdown, according to the
> timestamp on them.
> Still no suggestion found that deals with it 100%. I will keep trying myself
> and post if I get anywhere.
>
> Thanks
> Richard
>
>
NSIS is also Nullsoft Scriptable Installing System, which is part of
http://nsis.sourceforge.net/Main_Page. Some extension authors and
developers use it.

--
So, You Think You Know Everything?

Did you know that the up and coming Mercedes-Benz Bionic Car will be
based on the sleekness and stylish of a fish in water -- the
streamline contours of a box fish that is?

Richard price wrote:

>I am trying to get rid of a problem that affects both IE and Firefox.
>No Antivirus websites are offering a solution or identity of the worm/trojan
>whatever it is.

As a matter of interest... did you get it from Foxie?

On 18.07.2006 05:15 pm, CET - what odd quirk of fate caused jo to
generate the following:? :

>Richard price wrote:
>
>
>
>>I am trying to get rid of a problem that affects both IE and Firefox.
>>No Antivirus websites are offering a solution or identity of the worm/trojan
>>whatever it is.
>>
>>It appears to pop up as an executable JAR file in a sub folder of the
>>Mozilla Firefox folder, (the folder name is Chrome),
>>as well as Program files/common files/NSIS media/ ...dll and uninst.exe
>>
>>Deleting registry keys for this and deleting files etc looks to work but on
>>reboot- reappears.
>>Not sure whats going on here. Can anyone offer any solutions that do not
>>include a full re-install as I do not want to do that at the moment if
>>possible.
>>
>>
>
>Put nsis media into Google.
>
>Here's a nice return:
>
>http://www.wilderssecurity.com/showthread.php?p=796002
>
>

maybe the OP should read the posts there a bit closer - especially the
one from wattsja, labled #23 - July14th 11:46am

QUOTE from that post:

In my %win%\system32 directory, I had the following 2 files:
krnsvr32.dll
wmdmb32.dll

Neither of these are Windows files and mine are dated 2001. I couldn't
delete them, but I was able to MOVE them (accomplishes the same thing
huh??) to a temp folder, then rename them. Once this was completed, I
manually removed the NSIS stuff (folder and registry entries) ...
rebooted and it was gone. I put the files back ... reboot .... it's back.

Hope this will help some of you.

UNQUOTE


<< SNIPPED >>

reg

>
> maybe the OP should read the posts there a bit closer - especially the one
> from wattsja, labled #23 - July14th 11:46am
>
> QUOTE from that post:
>
> In my %win%\system32 directory, I had the following 2 files:
> krnsvr32.dll
> wmdmb32.dll
>
> Neither of these are Windows files and mine are dated 2001. I couldn't
> delete them, but I was able to MOVE them (accomplishes the same thing
> huh??) to a temp folder, then rename them. Once this was completed, I
> manually removed the NSIS stuff (folder and registry entries) ... rebooted
> and it was gone. I put the files back ... reboot .... it's back.
>
> Hope this will help some of you.
>

Thankyou Squaredancer,

yes I (OP) have seen it & tried it, however
I dont have krnsvr32.dll or wmdmb32.dll on my PC. Tried what is suggested on
all fora so far I reckon. Did the google search first thing on figuring I
had a problem, repeating a google search every day pretty much to see if any
new wisdom.
So many threads refer to each other, that most point to that one. It still
looks that there is no way to get rid of it so far for me. I have to assume
that the infected dlls that my PC have are called something different.

Guess I just have to wait for MS, an AV company or Mozilla to have a fix for
this. Unless there is a way of finding it. This virus will reinstate itself
on shutdown if allowed, or bootup if the power was cut before shutdown.
Cannot find how it works or the files to delete. The ones I know about just
self regenerate each time along with registry keys.

Thankyou for your help, perhaps it will help someone with those dlls.
Richard

NSIS Media pop ups, the files and the Registry Keys have now dissapeared
from my PC.
I have been trying this and that for ages.

Eventually Trojan Hunter found it and Avast found something in a temp file
too. I do wonder where it came from. I suspect that Mozilla Firefox was
vulnerable to it and a malicious page on myspace (yes Im sure they exist)
installed a payload of some malware.

But Iv run that many Anti virus, Spyware, Adware, trojan detectors, it was
an absolute Joke. Eventually I found an exe file elsewhere else (another
drive), so I deleted that. and the folders and the registry Keys. They are
now not re-appearing. Odd as I cannt see one step alone that got rid of it.

Oh well. No way to prevent it seemingly but at least its gone away.
Thanks for the suggestions all who tried. If you have it and cannot seem to
shake it, send me a message and Ill give you a list of things that finally
strangled the critter.
Richard