Windows 10: Possible Firefox Infection Issue Solved

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 12,192
    W10Prox64
    Thread Starter
       04 Nov 2016 #11

    COMPUTIAC said: View Post
    Dang it, 26 ?

    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
    Key Found: HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
    Exactly what I got as well.
      My ComputerSystem Spec


  2. Posts : 12,192
    W10Prox64
    Thread Starter
       04 Nov 2016 #12

    Sophos came up clean, Running MBAM now.

    ESET NOD32 came up clean too. And, I didn't see anything on the FRST scan report.
    Attached Thumbnails Attached Thumbnails 2016_11_04_16_05_441.png  
      My ComputerSystem Spec


  3. Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       04 Nov 2016 #13

    Dang, @simrick, that sucks!

    AFAIK, Fx installers directly from the Mozilla official source should always be safe.
    https://www.mozilla.org/en-US/firefox/all/
    I assume the auto-updater ought to be safe, too.

    I've been on 49.x (via the manual, standalone, full installer) since a few days after it shipped, on all 3 boxes, with no problem. I suppose anything is possible, but there's been no spike in traffic at the mozillazine forum suggesting a widespread problem.
    And 49.x has been available for quite a while.

    Are you sure you didn't have a tab open somewhere else, or perhaps a "time bomb" from a trojan that made it onto the system undetected earlier? (IOW a coincidence with your Fx update?)

    What a PAIN!!
    Hope you get straightened out soon!

    MM
      My ComputerSystem Spec


  4. Posts : 12,192
    W10Prox64
    Thread Starter
       04 Nov 2016 #14

    MoxieMomma said: View Post
    Dang, @simrick, that sucks!

    AFAIK, Fx installers directly from the Mozilla official source should always be safe.
    https://www.mozilla.org/en-US/firefox/all/
    I assume the auto-updater ought to be safe, too.

    I've been on 49.x (via the manual, standalone, full installer) since a few days after it shipped, on all 3 boxes, with no problem. I suppose anything is possible, but there's been no spike in traffic at the mozillazine forum suggesting a widespread problem.
    And 49.x has been available for quite a while.

    Are you sure you didn't have a tab open somewhere else, or perhaps a "time bomb" from a trojan that made it onto the system undetected earlier? (IOW a coincidence with your Fx update?)

    What a PAIN!!
    Hope you get straightened out soon!

    MM
    IDK what to think MM. FF was working fine first thing this morning, then the toaster popped up (again) telling me v49 should be installed. I had TF, gmail, gmx mail and yahoo mail open. Decided I would update before I got into my work mode, and that's when all hell broke loose. Once FF restarted, everything was crazy like I've only seen with bad infections. Pages were freezing, scripting errors, nothing would download, the box would flash repeatedly while trying to download something, the whole browser would freeze constantly....exactly like severe infestations and worms. I couldn't even export my bookmarks - had to do it outside FF. Updating to v50 didn't help, reverting to v48 didn't help. I had to nuke the whole thing completely, clear it out of the computer, and reinstall clean.

    Thing is, aside from the 26 reg entries found by ADWCleaner (which may be FPs), nothing has shown up - not on ESET or MBAM or Sophos or SAS or my eval of FRST - nothing! I am stumped. Those reg entries point to a trojan from back in the XP W2K days. No other computer in the house is on, so there can't be any contamination from them either. I just don't understand. Wish I could nail this thing, so I'd know what the heck was going on.
      My ComputerSystem Spec

  5.    05 Nov 2016 #15

    Looks like the AdwCleaner issue has been confirmed as a false positive and fixed. https://toolslib.net/forum/viewthrea...few-different/
      My ComputerSystem Spec


  6. Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       05 Nov 2016 #16

    Hi:

    Yeah, the AdwCleaner hits were a F/P and were fixed sometime yesterday.

    then the toaster popped up (again) telling me v49 should be installed.
    Does Firefox generate toaster popups when outdated? (I do not recall ever seeing that, even though I often wait to upgrade for a few days after a new release version ships.)
    Or was that coming from Windows or some 3rd-party application update checker?
    Or am I losing what's left of my mind?
    (Sorry, I don't have a test box or VM to test this.)

    With an open browser and open webmail apps, I suppose it's possible that something may have slipped in, perhaps via some sort of drive-by exploit?

    The only thing I'm on which I'm willing to stake my leftover Halloween candy stash is that a legitimate Firefox installer directly from Mozilla would be 100% clean.
    I always do a manual, on-top upgrade with the full setup file I get here:
    https://www.mozilla.org/en-US/firefox/all/

    I'm no expert, but in all my years using Fx and hanging out at their user community & elsewhere, I've never heard of an infected installer.

    Sure does sound suspicious, though.

    Cheers,
    MM
      My ComputerSystem Spec


  7. Posts : 14,972
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       05 Nov 2016 #17

    OK, so this means we need to put the reg keys back in apparently , I'm curious as to what they were for. Nothing appears broke....yet. I researched one & got a ref to MS Office.

    @MoxieMomma, yes, I would think a FF installer would be clean, but then it wouldn't be the 1st time someone infiltrated an organization & planted malware. I'm thinking maybe her d/l got corrupted & caused the problems with FF?
      My ComputerSystem Spec


  8. Posts : 12,192
    W10Prox64
    Thread Starter
       05 Nov 2016 #18

    Thanks everyone. I don't know what to think.
    I'm going to create a restore point and update to v49.
    MM-I was getting toasters when on the beta channel; fixed that, now I'm getting regular update windows.
      My ComputerSystem Spec


  9. Posts : 12,192
    W10Prox64
    Thread Starter
       05 Nov 2016 #19

    Now I'm getting this:

    Click image for larger version. 

Name:	2016_11_05_16_49_361.png 
Views:	31 
Size:	10.7 KB 
ID:	108995
      My ComputerSystem Spec


  10. Posts : 14,972
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       05 Nov 2016 #20

    simrick said: View Post
    Now I'm getting this:

    Click image for larger version. 

Name:	2016_11_05_16_49_361.png 
Views:	31 
Size:	10.7 KB 
ID:	108995
    That's the stable version out right now.
      My ComputerSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
Solved Computer Infection--Emergency! in AntiVirus, Firewalls and System Security
Hi There Running Avast 12.3.2280 right now, and Malware bytes for on demand protection Anyways started having System Process using CPU all the way up to 91 percent at times, it's down now, first scan with Malwarebytes found backdoor.spynet...
Solved This bag of tricks may help stop a ransomware infection in AntiVirus, Firewalls and System Security
This bag of tricks may help stop a ransomware infection | PCWorld
Solved.
Solved Taobao infection in AntiVirus, Firewalls and System Security
Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with...
GPU and Firefox issue in Graphic Cards
First of all, I don't know if this belongs here or browsers sub forum :/ Move it to browsers if you think it's more appropriate I use Firefox now and in some occasions, Firefox (40) stops rendering using the GPU and reverts to software mode,...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:56.
Find Us