Random Links advertisement links ad themselfs to the bookmark toolbar

RESOLVED WORKSFORME

Status

()

Firefox
Security
RESOLVED WORKSFORME
12 years ago
11 years ago

People

(Reporter: rymac91, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:needinfo])

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

When just browsing the web I randomly get 'click here!' links on my bookmark toolbar,which when the cursor is held over it, it shows a link to a advertisment site.This problem happends at random and none of my Computers spyware and adware programs have found anything.

Reproducible: Couldn't Reproduce

Steps to Reproduce:
1.Start Firefox
2.browse the web like you normaly do
3.look at the bookbark toobar every now and then to see if anything has changed

Actual Results:  
a bookmakr will randomly appear in some occiasions usally saying 'click me!' on the far right with confusing link on it usally from some advertsing company...
The first thing to do is to think what sites you visited when this behavior first appeared or if the behavior appeared after you installed any extensions or software.

Then tell us what extensions you have installed and what plugins you have installed.

Open Tools, then Extensions and list the extensions you see installed along with their versions numbers. Where did you get these extensions?

Then open a new window (Control-N), type about:plugins in the URL bar and hit Enter. When the list of plugins is displayed type Control-A to select the text on the page, Control-C to copy it to the clipboard and then use Control-V to paste the list into this bug.

Go to <http://www.microsoft.com/athome/security/spyware/software/default.mspx> and download and install Microsoft's Windows Defender. Later you should read the sections on Windows security. Then using Internet Explorer, choose Tools, then Windows Update.

Once you have done Windows Update, run Windows Defender.

Then you should scan your computer for viruses, trojans and root kits. If you don't have any virus or spyware protection you can get free versions in the Google Pack <http://pack.google.com/> where you can customize the selections to include Norton AntiVirus and Ad-Aware SE Personal.

When you have finished scanning for viruses, trojans and root kits, please list the ones that were found here.
(Reporter)

Comment 2

12 years ago
I haven't installed any extensions for about a month.I was visiting Fanfiction.net when this first happend and google.com when this happend a second time. 

Extension List...
Talkback 1.5.0.4 
Xinha Here! 0.6
No Script 1.1.4.1
IE Tab 1.0.9.5
Forcastfox 0.9.2
FoxClocks 1.2.77
Gmail Manager 0.4.3.6
Google Web Accelerator 1.0.65.83
Sage 1.3.6

Installed plug-ins
Find more information about browser plug-ins at mozilla.org.
Help for installing plug-ins is available from plugindoc.mozdev.org.
PCMan's IE Tab Plug-in for Mozilla/Firefox

    File name: npietab.dll
    IE Tab Plug-in developed by Hong Jen Yee

MIME Type 	Description 	Suffixes 	Enabled
application/ietab 	npietab 	ietab 	Yes
Mozilla Default Plug-in

    File name: npnul32.dll
    Default Plug-in

MIME Type 	Description 	Suffixes 	Enabled
* 	Mozilla Default Plug-in 	* 	No
QuickTime Plug-in 7.1

    File name: npqtplugin7.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
image/tiff 	TIFF image 	tif,tiff 	Yes
image/x-tiff 	TIFF image 	tif,tiff 	Yes
image/jp2 	JPEG2000 image 	jp2 	Yes
image/jpeg2000 	JPEG2000 image 	jp2 	Yes
image/jpeg2000-image 	JPEG2000 image 	jp2 	Yes
image/x-jpeg2000-image 	JPEG2000 image 	jp2 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin6.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
video/x-m4v 	Video (protected) 	m4v 	Yes
image/x-macpaint 	MacPaint image 	pntg,pnt,mac 	Yes
image/pict 	PICT image 	pict,pic,pct 	Yes
image/x-pict 	PICT image 	pict,pic,pct 	Yes
image/png 	PNG image 	png 	Yes
image/x-png 	PNG image 	png 	Yes
image/x-quicktime 	QuickTime image 	qtif,qti 	Yes
image/x-sgi 	SGI image 	sgi,rgb 	Yes
image/x-targa 	TGA image 	targa,tga 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin5.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
audio/3gpp 	3GPP media 	3gp,3gpp 	Yes
video/3gpp2 	3GPP2 media 	3g2,3gp2 	Yes
audio/3gpp2 	3GPP2 media 	3g2,3gp2 	Yes
video/sd-video 	SD video 	sdv 	Yes
application/x-mpeg 	AMC media 	amc 	Yes
video/mp4 	MPEG-4 media 	mp4 	Yes
audio/mp4 	MPEG-4 media 	mp4 	Yes
audio/x-m4a 	AAC audio 	m4a 	Yes
audio/x-m4p 	AAC audio (protected) 	m4p 	Yes
audio/x-m4b 	AAC audio book 	m4b 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin4.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
video/mpeg 	MPEG media 	mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa 	Yes
audio/mpeg 	MPEG audio 	mpeg,mpg,m1s,m1a,mp2,mpm,mpa,m2a 	Yes
audio/x-mpeg 	MPEG audio 	mpeg,mpg,m1s,m1a,mp2,mpm,mpa,m2a 	Yes
video/3gpp 	3GPP media 	3gp,3gpp 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin3.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
audio/vnd.qcelp 	QUALCOMM PureVoice audio 	qcp 	Yes
audio/AMR 	AMR audio 	AMR 	Yes
audio/aac 	AAC audio 	aac,adts 	Yes
audio/x-aac 	AAC audio 	aac,adts 	Yes
audio/x-caf 	CAF audio 	caf 	Yes
video/x-mpeg 	MPEG media 	mpeg,mpg,m1s,m1v,m1a,m75,m15,mp2,mpm,mpv,mpa 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin2.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
audio/x-aiff 	AIFF audio 	aiff,aif,aifc,cdda 	Yes
audio/basic 	uLaw/AU audio 	au,snd,ulw 	Yes
audio/mid 	MIDI 	mid,midi,smf,kar 	Yes
audio/x-midi 	MIDI 	mid,midi,smf,kar 	Yes
audio/midi 	MIDI 	mid,midi,smf,kar 	Yes
audio/x-gsm 	GSM audio 	gsm 	Yes
audio/x-wav 	WAVE audio 	wav,bwf 	Yes
audio/wav 	WAVE audio 	wav,bwf 	Yes
QuickTime Plug-in 7.1

    File name: npqtplugin.dll
    The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.

MIME Type 	Description 	Suffixes 	Enabled
application/sdp 	SDP stream descriptor 	sdp 	Yes
application/x-sdp 	SDP stream descriptor 	sdp 	Yes
application/x-rtsp 	RTSP stream descriptor 	rtsp,rts 	Yes
video/quicktime 	QuickTime Movie 	mov,qt 	Yes
video/quicktime 	QuickTime Movie 	mov,qt,mqv 	Yes
video/flc 	AutoDesk Animator (FLC) 	flc,fli,cel 	Yes
audio/aiff 	AIFF audio 	aiff,aif,aifc,cdda 	Yes
RealJukebox NS Plugin

    File name: nprjplug.dll
    RealJukebox Netscape Plugin

MIME Type 	Description 	Suffixes 	Enabled
none 	RealJukebox NS Plugin File 	none 	Yes
RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)

    File name: nppl3260.dll
    RealPlayer(tm) LiveConnect-Enabled Plug-In

MIME Type 	Description 	Suffixes 	Enabled
audio/x-pn-realaudio-plugin 	RealPlayer(tm) as Plug-in 	rpm 	Yes
RealPlayer Version Plugin

    File name: nprpjplug.dll
    6.0.12.1483

MIME Type 	Description 	Suffixes 	Enabled
application/vnd.rn-realplayer-javascript 	RealPlayer Version Plugin 	rpj 	Yes
Shockwave for Director

    File name: np32dsw.dll
    Macromedia Shockwave for Director Netscape plug-in, version 10.1

MIME Type 	Description 	Suffixes 	Enabled
application/x-director 	Shockwave Movie 	dir,dxr,dcr 	Yes
Shockwave Flash

    File name: npswf32.dll
    Shockwave Flash 8.0 r22

MIME Type 	Description 	Suffixes 	Enabled
application/x-shockwave-flash 	Macromedia Flash movie 	swf 	Yes
application/futuresplash 	FutureSplash movie 	spl 	Yes
RealNetworks Rhapsody Player Engine

    File name: nprhapengine.dll
    Rhapsody Player Engine Plugin

MIME Type 	Description 	Suffixes 	Enabled
application/rhapsody-plugin 	RhapsodyPlugin 	rhp 	Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJPI150_06.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;jpi-version=1.5.0_06 	Java Applet 		Yes
application/x-java-bean;jpi-version=1.5.0_06 	JavaBeans 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPOJI610.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-vm 	Java 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJava11.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.1.1 	Java Applet 		Yes
application/x-java-bean;version=1.1.1 	JavaBeans 		Yes
application/x-java-applet;version=1.1 	Java Applet 		Yes
application/x-java-bean;version=1.1 	JavaBeans 		Yes
application/x-java-applet 	Java Applet 		Yes
application/x-java-bean 	JavaBeans 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJava12.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.2 	Java Applet 		Yes
application/x-java-bean;version=1.2 	JavaBeans 		Yes
application/x-java-applet;version=1.1.3 	Java Applet 		Yes
application/x-java-bean;version=1.1.3 	JavaBeans 		Yes
application/x-java-applet;version=1.1.2 	Java Applet 		Yes
application/x-java-bean;version=1.1.2 	JavaBeans 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJava13.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.3.1 	Java Applet 		Yes
application/x-java-bean;version=1.3.1 	JavaBeans 		Yes
application/x-java-applet;version=1.4 	Java Applet 		Yes
application/x-java-bean;version=1.4 	JavaBeans 		Yes
application/x-java-applet;version=1.4.1 	Java Applet 		Yes
application/x-java-bean;version=1.4.1 	JavaBeans 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJava14.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.4.2 	Java Applet 		Yes
application/x-java-bean;version=1.4.2 	JavaBeans 		Yes
application/x-java-applet;version=1.5 	Java Applet 		Yes
application/x-java-bean;version=1.5 	JavaBeans 		Yes
Java(TM) 2 Platform Standard Edition 5.0 Update 6

    File name: NPJava32.dll
    Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

MIME Type 	Description 	Suffixes 	Enabled
application/x-java-applet;version=1.3 	Java Applet 		Yes
application/x-java-bean;version=1.3 	JavaBeans 		Yes
application/x-java-applet;version=1.2.2 	Java Applet 		Yes
application/x-java-bean;version=1.2.2 	JavaBeans 		Yes
application/x-java-applet;version=1.2.1 	Java Applet 		Yes
application/x-java-bean;version=1.2.1 	JavaBeans 		Yes
Adobe Acrobat

    File name: nppdf32.dll
    Adobe Acrobat Plug-In Version 5.00 for Netscape

MIME Type 	Description 	Suffixes 	Enabled
application/pdf 	Acrobat 	pdf 	Yes
Windows Media Player Plug-in Dynamic Link Library

    File name: npdsplay.dll
    Npdsplay dll

MIME Type 	Description 	Suffixes 	Enabled
application/asx 	Media Files 	* 	Yes
video/x-ms-asf-plugin 	Media Files 	* 	Yes
application/x-mplayer2 	Media Files 	* 	Yes
video/x-ms-asf 	Media Files 	asf,asx,* 	Yes
video/x-ms-wm 	Media Files 	wm,* 	Yes
audio/x-ms-wma 	Media Files 	wma,* 	Yes
audio/x-ms-wax 	Media Files 	wax,* 	Yes
video/x-ms-wmv 	Media Files 	wmv,* 	Yes
video/x-ms-wvx 	Media Files 	wvx,* 	Yes
Microsoft® DRM

    File name: npdrmv2.dll
    DRM Netscape Network Object

MIME Type 	Description 	Suffixes 	Enabled
application/x-drm-v2 	Network Interface Plugin 	nip 	Yes
Microsoft® DRM

    File name: npwmsdrm.dll
    DRM Store Netscape Plugin

MIME Type 	Description 	Suffixes 	Enabled
application/x-drm 	Network Interface Plugin 	nip 	Yes

I currently have eTrust Pest Patrol,eTrust Antivirus and eTrust EZ Firewall(basicly zonealarm) and I have Spybot Search & Destroy and I already have Windows Defender.

I will be starting a Antivirus scan in 22 hours and I may start a quick on in 3-5 hours...I can't start it now since I have to let someone else use this computer(family computer).

(In reply to comment #1)
> The first thing to do is to think what sites you visited when this behavior
> first appeared or if the behavior appeared after you installed any extensions
> or software.
> 
> Then tell us what extensions you have installed and what plugins you have
> installed.
> 
> Open Tools, then Extensions and list the extensions you see installed along
> with their versions numbers. Where did you get these extensions?
> 
> Then open a new window (Control-N), type about:plugins in the URL bar and hit
> Enter. When the list of plugins is displayed type Control-A to select the text
> on the page, Control-C to copy it to the clipboard and then use Control-V to
> paste the list into this bug.
> 
> Go to <http://www.microsoft.com/athome/security/spyware/software/default.mspx>
> and download and install Microsoft's Windows Defender. Later you should read
> the sections on Windows security. Then using Internet Explorer, choose Tools,
> then Windows Update.
> 
> Once you have done Windows Update, run Windows Defender.
> 
> Then you should scan your computer for viruses, trojans and root kits. If you
> don't have any virus or spyware protection you can get free versions in the
> Google Pack <http://pack.google.com/> where you can customize the selections to
> include Norton AntiVirus and Ad-Aware SE Personal.
> 
> When you have finished scanning for viruses, trojans and root kits, please list
> the ones that were found here.
> 

For the most part I would not expect an adware extension to announce itself in the standard interface, not unless it had useful functionality as well in an effort to appear legit.

>     File name: npietab.dll
>     IE Tab Plug-in developed by Hong Jen Yee

Presumably used only on legit must-have sites that don't work with Firefox? While using the IE tab you are of course vulnerable to any holes in the underlying IE. Probably irrelevant to this bug, I wouldn't expect IE malware to target Firefox's bookmarks toolbar.

> QuickTime Plug-in 7.1
> 
> RealPlayer Version Plugin
>     File name: nprpjplug.dll
>     6.0.12.1483

Good job keeping up with recent security fixes on these.

>     File name: npswf32.dll
>     Shockwave Flash 8.0 r22

You should upgrade to the recent 8.0 r24, people are nervous that the hole it plugged could be abused pretty easily. Only a matter of time if there isn't malware using it already.

>     Java Plug-in 1.5.0_06 for Netscape Navigator (DLL Helper)

Sun recently released 1.5.0_07 but the changelog doesn't list any obvious security fixes.

I doubt any of the bug is involved here... instead I want to know what global extension or chrome is installed. Find your install directory (Probably c:\Program files\Mozilla Firefox\) and in there you will find the subdirectories "chrome" and "extensions". I want a directory listing from each of them so we can look for things that aren't supposed to be there. While you're at it add a directory listing for the "components" subdirectory, but it's less likely that anything is hiding there.
Whiteboard: [sg:needinfo]
what was the result of the anti-virus scan? Have you run an anti-spyware scan such as ad-aware or spybot search and destroy?
-> no reply on the comment on the question from dan on comment #4 for over 8 months.

I have also not seen the described behavior in the latest Build like Firefox 1.5.0.12 RC 2 - 2.0.0.4 RC 3 and Trunk on Windows 2000/XP x64 and Windows Vista. 

So i mark this bug works for me, feel free to reopen if a testcase or steps to reproduce with a url comes in.


Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
Group: security
You need to log in before you can comment on or make changes to this bug.