I have gotten infected with something called Яндекс and it has changed settings

RESOLVED INVALID

Status

()

RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: unpitt23, Unassigned)

Tracking

13 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 642329 [details]
Mozilla Firefox Start Page.jpeg

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Build ID: 20120614114901

Steps to reproduce:

I have no idea how this occurred.


Actual results:

All I know is that it has affected both Firefox and Internet Explorer and Windows 7 slightly.  The main noticeable changes are that it added its sites to my favorites in IE and bookmarks toolbar for Firefox.  It also added two of its sites pinned to my quickstart bar.  It did change the display name for the default search engine in firefox which I corrected.  It also added its site to the default drop down search engine box in firefox which I corrected.  It has added its name to my default mozilla start page and possibly changed the search engine.  I did go into the settings for firefox and remove any occurrences of the name and removed it.  I deleted or changed all instances in registry or on computer.  I ran antivirus, antispyware and anti-malware scans to get rid of anything that might be infected.  The only noticeable thing for the infection remaining I see but there might be more is the mozilla default home page for google having the infections named displayed.  I did find out this infection might be caused by yandex and checked to see if I had anything with its name located on my computer or in registry also and cleared any occurrences.  I am attaching a screenshot of the homepage. 

I am going run a boot time scan with my antivirus to see it locates anything additional with the settings set to the max to detect any and everything that it is capable of detecting. I will also try to run other scans in safe mode.


Also below is the current configuration of firefox.  



  Application Basics

        Name
        Firefox

        Version
        13.0.1

        User Agent
        Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1

        Profile Folder

          Show Folder

        Enabled Plugins

          about:plugins

        Build Configuration

          about:buildconfig

        Crash Reports

          about:crashes

        Memory Use

          about:memory

  Extensions

        Name

        Version

        Enabled

        ID

        Add-on Compatibility Reporter
        1.1
        true
        compatibility@addons.mozilla.org

        All-in-One Sidebar
        0.7.16
        true
        {097d3191-e6fa-4728-9826-b533d755359d}

        BetterPrivacy
        1.68
        true
        {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

        Bitdefender QuickScan
        0.9.9.119
        true
        {e001c731-5e37-4538-a5cb-8168736a2360}

        DownloadHelper
        4.9.9
        true
        {b9db16a4-6edc-47ec-a1f4-b86292ed211d}

        DownThemAll!
        2.0.13
        true
        {DDC359D1-844A-42a7-9AA1-88A850A938A8}

        FEBE
        7.0.3.5
        true
        {4BBDD651-70CF-4821-84F8-2B918CF89CA3}

        FireShot
        0.98.11
        true
        {0b457cAA-602d-484a-8fe7-c1d894a011ba}

        Flash Video Downloader Youtube Downloader
        3.6.2
        true
        artur.dubovoy@gmail.com

        Google Translator for Firefox
        2.1.0.2
        true
        translator@zoli.bod

        IE Tab 2 (FF 3.6+)
        4.1.3.1
        true
        {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

        ImTranslator
        4.17
        true
        {9AA46F4F-4DC7-4c06-97AF-5035170634FE}

        Java Console
        6.0.33
        true
        {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

        LastPass
        2.0.0
        true
        support@lastpass.com

        NoScript
        2.4.8
        true
        {73a6fe31-595d-460b-a920-fcc0f8843232}

        OpenDownload²
        3.2.1
        true
        {210249CE-F888-11DD-B868-4CB456D89593}

        pdfit
        1.17
        true
        service@touchpdf.com

        Restart Firefox
        0.5
        true
        restart@restart.org

        Session Manager
        0.7.9
        true
        {1280606b-2510-4fe0-97ef-9b5a22eafe30}

        TinEye Reverse Image Search
        1.1
        true
        tineye@ideeinc.com

        Toolbar Buttons
        1.0
        true
        {03B08592-E5B4-45ff-A0BE-C1D975458688}

        TooManyTabs
        1.3.7
        true
        TooManyTabs@visibotech.com

        WOT
        20120515
        true
        {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

        Ad-Aware Security Toolbar
        2.1
        false
        {87934c42-161d-45bc-8cef-ef18abe2a30c}

        Ant Video Downloader
        2.4.7.1
        false
        anttoolbar@ant.com

        Awesome screenshot: Capture and Annotate
        2.3.7
        false
        jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack

        ColorfulTabs
        12.4
        false
        {0545b830-f0aa-4d7e-8820-50a4629a56fe}

        CoolPreviews
        3.5
        false
        {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

        Copy Link URL
        1.5
        false
        copylinkurl@bluelightdev.com

        Download Manager Tweak
        0.9.5
        false
        {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

        Exif Viewer
        1.800000000001
        false
        exif_viewer@mozilla.doslash.org

        Fasterfox Lite
        3.9.7Lite
        false
        FasterFox_Lite@BigRedBrent

        Flagfox
        4.1.17
        false
        {1018e4d6-728f-4b20-ad56-37578a4de76b}

        Flash and Video Download
        1.12
        false
        {bee6eb20-01e0-ebd1-da83-080329fb9a3a}

        Forecastfox
        2.2.1
        false
        {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

        FoxClocks
        2.10.85
        false
        {d37dc5d0-431d-44e5-8c91-49419370caa1}

        FoxTab
        1.4.5
        false
        {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

        Image Zoom
        0.4.6
        false
        {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

        Lavasoft Search Plugin
        0.5
        false
        jid1-yZwVFzbsyfMrqQ@jetpack

        Linky
        3.0.0
        false
        linky@gemal.dk

        Media Converter
        1.0.3
        false
        {6e764c17-863a-450f-bdd0-6772bd5aaa18}

        MP4 Downloader
        1.3.2
        false
        mp4downloader@jeff.net

        NetVideoHunter
        1.9.1
        false
        netvideohunter@netvideohunter.com

        Skype Click to Call
        6.0.0.10297
        false
        {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

        Tab Scope
        1.1.6
        false
        tabscope@xuldev.org

        URL Link
        2.04.1
        false
        {139a120b-c2ea-41d2-bf70-542d9f063dfd}

        User Agent Switcher
        0.7.3
        false
        {e968fc70-8f95-4ab9-9e79-304de2a71ee1}

        Vuze Remote Community Toolbar
        3.13.0.6
        false
        {ba14329e-9550-4989-b3f2-9732e92d17cc}

        Webmail Ad Blocker
        3.6
        false
        gmailnoads@mywebber.com

  Important Modified Preferences

      Name

      Value

        accessibility.blockautorefresh
        true

        accessibility.typeaheadfind.flashBar
        0

        browser.cache.disk.capacity
        1048576

        browser.cache.disk.smart_size.first_run
        false

        browser.cache.disk.smart_size_cached_value
        849920

        browser.display.background_color
        #C0C0C0

        browser.display.use_system_colors
        true

        browser.places.smartBookmarksVersion
        3

        browser.sessionstore.postdata
        -1

        browser.startup.homepage
        about:home

        browser.startup.homepage_override.buildID
        20120614114901

        browser.startup.homepage_override.mstone
        13.0.1

        dom.ipc.plugins.enabled.npietab2.dll
        true

        extensions.checkCompatibility
        false

        extensions.checkCompatibility.10.0
        false

        extensions.checkCompatibility.10.0.previous
        false

        extensions.checkCompatibility.10.0a
        false

        extensions.checkCompatibility.10.0a.previous
        false

        extensions.checkCompatibility.11.0.previous
        false

        extensions.checkCompatibility.11.0a
        false

        extensions.checkCompatibility.11.0a.previous
        false

        extensions.checkCompatibility.12.0
        false

        extensions.checkCompatibility.12.0a
        false

        extensions.checkCompatibility.3.6
        false

        extensions.checkCompatibility.3.6.previous
        false

        extensions.checkCompatibility.3.6b
        false

        extensions.checkCompatibility.3.6b.previous
        false

        extensions.checkCompatibility.3.6p
        false

        extensions.checkCompatibility.3.6p.previous
        false

        extensions.checkCompatibility.3.6pre
        false

        extensions.checkCompatibility.3.6pre.previous
        false

        extensions.checkCompatibility.3.7a
        false

        extensions.checkCompatibility.3.7a.previous
        false

        extensions.checkCompatibility.4.0
        false

        extensions.checkCompatibility.4.0.previous
        false

        extensions.checkCompatibility.4.0b
        false

        extensions.checkCompatibility.4.0b.previous
        false

        extensions.checkCompatibility.4.0p
        false

        extensions.checkCompatibility.4.0p.previous
        false

        extensions.checkCompatibility.4.0pre
        false

        extensions.checkCompatibility.4.0pre.previous
        false

        extensions.checkCompatibility.4.2
        false

        extensions.checkCompatibility.4.2.previous
        false

        extensions.checkCompatibility.4.2a
        false

        extensions.checkCompatibility.4.2a.previous
        false

        extensions.checkCompatibility.4.2b
        false

        extensions.checkCompatibility.4.2b.previous
        false

        extensions.checkCompatibility.4.2p
        false

        extensions.checkCompatibility.4.2p.previous
        false

        extensions.checkCompatibility.4.2pre
        false

        extensions.checkCompatibility.4.2pre.previous
        false

        extensions.checkCompatibility.5.0
        false

        extensions.checkCompatibility.5.0.previous
        false

        extensions.checkCompatibility.5.0a
        false

        extensions.checkCompatibility.5.0a.previous
        false

        extensions.checkCompatibility.5.0b
        false

        extensions.checkCompatibility.5.0b.previous
        false

        extensions.checkCompatibility.5.0p
        false

        extensions.checkCompatibility.5.0p.previous
        false

        extensions.checkCompatibility.5.0pre
        false

        extensions.checkCompatibility.5.0pre.previous
        false

        extensions.checkCompatibility.6.0
        false

        extensions.checkCompatibility.6.0.previous
        false

        extensions.checkCompatibility.6.0a
        false

        extensions.checkCompatibility.6.0a.previous
        false

        extensions.checkCompatibility.7.0
        false

        extensions.checkCompatibility.7.0.previous
        false

        extensions.checkCompatibility.7.0a
        false

        extensions.checkCompatibility.7.0a.previous
        false

        extensions.checkCompatibility.8.0
        false

        extensions.checkCompatibility.8.0.previous
        false

        extensions.checkCompatibility.8.0a
        false

        extensions.checkCompatibility.8.0a.previous
        false

        extensions.checkCompatibility.9.0
        false

        extensions.checkCompatibility.9.0.previous
        false

        extensions.checkCompatibility.9.0a
        false

        extensions.checkCompatibility.9.0a.previous
        false

        extensions.checkCompatibility.nightly
        false

        extensions.checkCompatibility.nightly.previous
        false

        extensions.checkCompatibility.previous
        false

        extensions.lastAppVersion
        13.0.1

        gfx.direct2d.disabled
        true

        keyword.URL
        http://yandex.ru/yandsearch?win=28&clid=1855511&text=

        layers.acceleration.disabled
        true

        network.cookie.lifetimePolicy
        2

        network.cookie.prefsMigrated
        true

        network.dnsCacheEntries
        512

        network.dnsCacheExpiration
        3600

        network.http.max-connections-per-server
        16

        network.http.max-persistent-connections-per-proxy
        12

        network.http.pipelining
        true

        network.http.pipelining.maxrequests
        6

        network.http.pipelining.ssl
        true

        network.http.proxy.pipelining
        true

        places.database.lastMaintenance
        1342293873

        places.frecency.bookmarkVisitBonus
        1

        places.frecency.unvisitedBookmarkBonus
        1

        places.history.expiration.transient_current_max_pages
        104858

        places.history.expiration.transient_optimal_database_size
        167772160

        plugin.disable_full_page_plugin_for_types
        video/x-ms-wmv,application/pdf

        privacy.clearOnShutdown.downloads
        false

        privacy.clearOnShutdown.offlineApps
        true

        privacy.clearOnShutdown.passwords
        true

        privacy.clearOnShutdown.siteSettings
        true

        privacy.cpd.cookies
        false

        privacy.cpd.extensions-sessionmanager
        false

        privacy.cpd.offlineApps
        true

        privacy.cpd.sessions
        false

        privacy.cpd.siteSettings
        true

        privacy.sanitize.migrateFx3Prefs
        true

        privacy.sanitize.sanitizeOnShutdown
        true

        privacy.sanitize.timeSpan
        0

        security.csp.enable
        false

        security.warn_viewing_mixed
        false

  Graphics

        Adapter Description
        NVIDIA GeForce GTX 560M

        Vendor ID
        0x10de

        Device ID
        0x1251

        Adapter RAM
        3072

        Adapter Drivers
        nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um

        Driver Version
        8.17.12.9616

        Driver Date
        3-4-2012

        Direct2D Enabled
        false

        DirectWrite Enabled
        false (6.1.7601.17789)

        ClearType Parameters
        ClearType parameters not found

        WebGL Renderer
        Google Inc. -- ANGLE (NVIDIA GeForce GTX 560M   ) -- OpenGL ES 2.0 (ANGLE 1.0.0.963)

        GPU Accelerated Windows
        0

  JavaScript

        Incremental GC
        1

  Library Versions

        Expected minimum version

        Version in use

        NSPR
        4.9
        4.9

        NSS
        3.13.4.0 Basic ECC
        3.13.4.0 Basic ECC

        NSS Util
        3.13.4.0
        3.13.4.0

        NSS SSL
        3.13.4.0 Basic ECC
        3.13.4.0 Basic ECC

        NSS S/MIME
        3.13.4.0 Basic ECC
        3.13.4.0 Basic ECC 


Expected results:

Well my settings should not of changed.

Comment 1

6 years ago
Use the enduser support https://support.mozilla.org/en-US/questions for troubleshooting, Bugzilla is about bugs in Mozilla products, not current user issues related to your profile/OS.

You should change your profile to new one (with the feature in about:support)
And read: http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
I'd suggest resetting your Profile:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Apart of that

        keyword.URL
        http://yandex.ru/yandsearch?win=28&clid=1855511&text=

        security.csp.enable
        false

changed looks suspicious if you didn't change those yourself.
That text is just Yandex, that was the default search engine for ru locale, no virus or malware there.
(Reporter)

Comment 4

6 years ago
Well to respond to Marco there was some kind of infection since something changed my settings and added things to my computer that weren't there prior.  I backed up my firefox settings using FEBE and manually backing up my toomanytabs and bookmarks just in case. However I think I resolved this issue by first trying to reset firefox which still left "Яндекс" on my default firefox home page.  So then I just uninstalled and reinstalled firefox and used FEBE to bring back most of my settings but did have a few issues with it not bringing back all of my addons for some reason so there was another bug and also my toomanytabs backup I did manually would not implement which was more updated than the FEBE backup of my toomanytabs extension.  However everything seems okay now for the most part and I am using 2 profiles and probably will resort to 3-4 profiles to prevent this issue in the future and safeguard one safe profile and one profile for guest.
You need to log in before you can comment on or make changes to this bug.