Closed
Bug 774036
Opened 12 years ago
Closed 12 years ago
I have gotten infected with something called Яндекс and it has changed settings
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: unpitt23, Unassigned)
Details
Attachments
(1 file)
295.35 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 Build ID: 20120614114901 Steps to reproduce: I have no idea how this occurred. Actual results: All I know is that it has affected both Firefox and Internet Explorer and Windows 7 slightly. The main noticeable changes are that it added its sites to my favorites in IE and bookmarks toolbar for Firefox. It also added two of its sites pinned to my quickstart bar. It did change the display name for the default search engine in firefox which I corrected. It also added its site to the default drop down search engine box in firefox which I corrected. It has added its name to my default mozilla start page and possibly changed the search engine. I did go into the settings for firefox and remove any occurrences of the name and removed it. I deleted or changed all instances in registry or on computer. I ran antivirus, antispyware and anti-malware scans to get rid of anything that might be infected. The only noticeable thing for the infection remaining I see but there might be more is the mozilla default home page for google having the infections named displayed. I did find out this infection might be caused by yandex and checked to see if I had anything with its name located on my computer or in registry also and cleared any occurrences. I am attaching a screenshot of the homepage. I am going run a boot time scan with my antivirus to see it locates anything additional with the settings set to the max to detect any and everything that it is capable of detecting. I will also try to run other scans in safe mode. Also below is the current configuration of firefox. Application Basics Name Firefox Version 13.0.1 User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 Profile Folder Show Folder Enabled Plugins about:plugins Build Configuration about:buildconfig Crash Reports about:crashes Memory Use about:memory Extensions Name Version Enabled ID Add-on Compatibility Reporter 1.1 true compatibility@addons.mozilla.org All-in-One Sidebar 0.7.16 true {097d3191-e6fa-4728-9826-b533d755359d} BetterPrivacy 1.68 true {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} Bitdefender QuickScan 0.9.9.119 true {e001c731-5e37-4538-a5cb-8168736a2360} DownloadHelper 4.9.9 true {b9db16a4-6edc-47ec-a1f4-b86292ed211d} DownThemAll! 2.0.13 true {DDC359D1-844A-42a7-9AA1-88A850A938A8} FEBE 7.0.3.5 true {4BBDD651-70CF-4821-84F8-2B918CF89CA3} FireShot 0.98.11 true {0b457cAA-602d-484a-8fe7-c1d894a011ba} Flash Video Downloader Youtube Downloader 3.6.2 true artur.dubovoy@gmail.com Google Translator for Firefox 2.1.0.2 true translator@zoli.bod IE Tab 2 (FF 3.6+) 4.1.3.1 true {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} ImTranslator 4.17 true {9AA46F4F-4DC7-4c06-97AF-5035170634FE} Java Console 6.0.33 true {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} LastPass 2.0.0 true support@lastpass.com NoScript 2.4.8 true {73a6fe31-595d-460b-a920-fcc0f8843232} OpenDownload² 3.2.1 true {210249CE-F888-11DD-B868-4CB456D89593} pdfit 1.17 true service@touchpdf.com Restart Firefox 0.5 true restart@restart.org Session Manager 0.7.9 true {1280606b-2510-4fe0-97ef-9b5a22eafe30} TinEye Reverse Image Search 1.1 true tineye@ideeinc.com Toolbar Buttons 1.0 true {03B08592-E5B4-45ff-A0BE-C1D975458688} TooManyTabs 1.3.7 true TooManyTabs@visibotech.com WOT 20120515 true {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} Ad-Aware Security Toolbar 2.1 false {87934c42-161d-45bc-8cef-ef18abe2a30c} Ant Video Downloader 2.4.7.1 false anttoolbar@ant.com Awesome screenshot: Capture and Annotate 2.3.7 false jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack ColorfulTabs 12.4 false {0545b830-f0aa-4d7e-8820-50a4629a56fe} CoolPreviews 3.5 false {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} Copy Link URL 1.5 false copylinkurl@bluelightdev.com Download Manager Tweak 0.9.5 false {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} Exif Viewer 1.800000000001 false exif_viewer@mozilla.doslash.org Fasterfox Lite 3.9.7Lite false FasterFox_Lite@BigRedBrent Flagfox 4.1.17 false {1018e4d6-728f-4b20-ad56-37578a4de76b} Flash and Video Download 1.12 false {bee6eb20-01e0-ebd1-da83-080329fb9a3a} Forecastfox 2.2.1 false {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FoxClocks 2.10.85 false {d37dc5d0-431d-44e5-8c91-49419370caa1} FoxTab 1.4.5 false {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} Image Zoom 0.4.6 false {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} Lavasoft Search Plugin 0.5 false jid1-yZwVFzbsyfMrqQ@jetpack Linky 3.0.0 false linky@gemal.dk Media Converter 1.0.3 false {6e764c17-863a-450f-bdd0-6772bd5aaa18} MP4 Downloader 1.3.2 false mp4downloader@jeff.net NetVideoHunter 1.9.1 false netvideohunter@netvideohunter.com Skype Click to Call 6.0.0.10297 false {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} Tab Scope 1.1.6 false tabscope@xuldev.org URL Link 2.04.1 false {139a120b-c2ea-41d2-bf70-542d9f063dfd} User Agent Switcher 0.7.3 false {e968fc70-8f95-4ab9-9e79-304de2a71ee1} Vuze Remote Community Toolbar 3.13.0.6 false {ba14329e-9550-4989-b3f2-9732e92d17cc} Webmail Ad Blocker 3.6 false gmailnoads@mywebber.com Important Modified Preferences Name Value accessibility.blockautorefresh true accessibility.typeaheadfind.flashBar 0 browser.cache.disk.capacity 1048576 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size_cached_value 849920 browser.display.background_color #C0C0C0 browser.display.use_system_colors true browser.places.smartBookmarksVersion 3 browser.sessionstore.postdata -1 browser.startup.homepage about:home browser.startup.homepage_override.buildID 20120614114901 browser.startup.homepage_override.mstone 13.0.1 dom.ipc.plugins.enabled.npietab2.dll true extensions.checkCompatibility false extensions.checkCompatibility.10.0 false extensions.checkCompatibility.10.0.previous false extensions.checkCompatibility.10.0a false extensions.checkCompatibility.10.0a.previous false extensions.checkCompatibility.11.0.previous false extensions.checkCompatibility.11.0a false extensions.checkCompatibility.11.0a.previous false extensions.checkCompatibility.12.0 false extensions.checkCompatibility.12.0a false extensions.checkCompatibility.3.6 false extensions.checkCompatibility.3.6.previous false extensions.checkCompatibility.3.6b false extensions.checkCompatibility.3.6b.previous false extensions.checkCompatibility.3.6p false extensions.checkCompatibility.3.6p.previous false extensions.checkCompatibility.3.6pre false extensions.checkCompatibility.3.6pre.previous false extensions.checkCompatibility.3.7a false extensions.checkCompatibility.3.7a.previous false extensions.checkCompatibility.4.0 false extensions.checkCompatibility.4.0.previous false extensions.checkCompatibility.4.0b false extensions.checkCompatibility.4.0b.previous false extensions.checkCompatibility.4.0p false extensions.checkCompatibility.4.0p.previous false extensions.checkCompatibility.4.0pre false extensions.checkCompatibility.4.0pre.previous false extensions.checkCompatibility.4.2 false extensions.checkCompatibility.4.2.previous false extensions.checkCompatibility.4.2a false extensions.checkCompatibility.4.2a.previous false extensions.checkCompatibility.4.2b false extensions.checkCompatibility.4.2b.previous false extensions.checkCompatibility.4.2p false extensions.checkCompatibility.4.2p.previous false extensions.checkCompatibility.4.2pre false extensions.checkCompatibility.4.2pre.previous false extensions.checkCompatibility.5.0 false extensions.checkCompatibility.5.0.previous false extensions.checkCompatibility.5.0a false extensions.checkCompatibility.5.0a.previous false extensions.checkCompatibility.5.0b false extensions.checkCompatibility.5.0b.previous false extensions.checkCompatibility.5.0p false extensions.checkCompatibility.5.0p.previous false extensions.checkCompatibility.5.0pre false extensions.checkCompatibility.5.0pre.previous false extensions.checkCompatibility.6.0 false extensions.checkCompatibility.6.0.previous false extensions.checkCompatibility.6.0a false extensions.checkCompatibility.6.0a.previous false extensions.checkCompatibility.7.0 false extensions.checkCompatibility.7.0.previous false extensions.checkCompatibility.7.0a false extensions.checkCompatibility.7.0a.previous false extensions.checkCompatibility.8.0 false extensions.checkCompatibility.8.0.previous false extensions.checkCompatibility.8.0a false extensions.checkCompatibility.8.0a.previous false extensions.checkCompatibility.9.0 false extensions.checkCompatibility.9.0.previous false extensions.checkCompatibility.9.0a false extensions.checkCompatibility.9.0a.previous false extensions.checkCompatibility.nightly false extensions.checkCompatibility.nightly.previous false extensions.checkCompatibility.previous false extensions.lastAppVersion 13.0.1 gfx.direct2d.disabled true keyword.URL http://yandex.ru/yandsearch?win=28&clid=1855511&text= layers.acceleration.disabled true network.cookie.lifetimePolicy 2 network.cookie.prefsMigrated true network.dnsCacheEntries 512 network.dnsCacheExpiration 3600 network.http.max-connections-per-server 16 network.http.max-persistent-connections-per-proxy 12 network.http.pipelining true network.http.pipelining.maxrequests 6 network.http.pipelining.ssl true network.http.proxy.pipelining true places.database.lastMaintenance 1342293873 places.frecency.bookmarkVisitBonus 1 places.frecency.unvisitedBookmarkBonus 1 places.history.expiration.transient_current_max_pages 104858 places.history.expiration.transient_optimal_database_size 167772160 plugin.disable_full_page_plugin_for_types video/x-ms-wmv,application/pdf privacy.clearOnShutdown.downloads false privacy.clearOnShutdown.offlineApps true privacy.clearOnShutdown.passwords true privacy.clearOnShutdown.siteSettings true privacy.cpd.cookies false privacy.cpd.extensions-sessionmanager false privacy.cpd.offlineApps true privacy.cpd.sessions false privacy.cpd.siteSettings true privacy.sanitize.migrateFx3Prefs true privacy.sanitize.sanitizeOnShutdown true privacy.sanitize.timeSpan 0 security.csp.enable false security.warn_viewing_mixed false Graphics Adapter Description NVIDIA GeForce GTX 560M Vendor ID 0x10de Device ID 0x1251 Adapter RAM 3072 Adapter Drivers nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um Driver Version 8.17.12.9616 Driver Date 3-4-2012 Direct2D Enabled false DirectWrite Enabled false (6.1.7601.17789) ClearType Parameters ClearType parameters not found WebGL Renderer Google Inc. -- ANGLE (NVIDIA GeForce GTX 560M ) -- OpenGL ES 2.0 (ANGLE 1.0.0.963) GPU Accelerated Windows 0 JavaScript Incremental GC 1 Library Versions Expected minimum version Version in use NSPR 4.9 4.9 NSS 3.13.4.0 Basic ECC 3.13.4.0 Basic ECC NSS Util 3.13.4.0 3.13.4.0 NSS SSL 3.13.4.0 Basic ECC 3.13.4.0 Basic ECC NSS S/MIME 3.13.4.0 Basic ECC 3.13.4.0 Basic ECC Expected results: Well my settings should not of changed.
Use the enduser support https://support.mozilla.org/en-US/questions for troubleshooting, Bugzilla is about bugs in Mozilla products, not current user issues related to your profile/OS. You should change your profile to new one (with the feature in about:support) And read: http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Comment 2•12 years ago
|
||
I'd suggest resetting your Profile: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems Apart of that keyword.URL http://yandex.ru/yandsearch?win=28&clid=1855511&text= security.csp.enable false changed looks suspicious if you didn't change those yourself.
Comment 3•12 years ago
|
||
That text is just Yandex, that was the default search engine for ru locale, no virus or malware there.
Well to respond to Marco there was some kind of infection since something changed my settings and added things to my computer that weren't there prior. I backed up my firefox settings using FEBE and manually backing up my toomanytabs and bookmarks just in case. However I think I resolved this issue by first trying to reset firefox which still left "Яндекс" on my default firefox home page. So then I just uninstalled and reinstalled firefox and used FEBE to bring back most of my settings but did have a few issues with it not bringing back all of my addons for some reason so there was another bug and also my toomanytabs backup I did manually would not implement which was more updated than the FEBE backup of my toomanytabs extension. However everything seems okay now for the most part and I am using 2 profiles and probably will resort to 3-4 profiles to prevent this issue in the future and safeguard one safe profile and one profile for guest.
You need to log in
before you can comment on or make changes to this bug.
Description
•