Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reoccuring Firefox Cookie, Storage & Malware Behavior


  • Please log in to reply
1 reply to this topic

#1 Semi-Novice

Semi-Novice

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 11 March 2017 - 07:04 AM

Hi Guys!

 

I'm using an HP 64-Bit system with Windows 10 Home Edition, Intel 1.6 GHz Quad Core, 4 GB memory, and 1 TB hard drive. I use Firefox as my main browser and only resort to Internet Explorer if I'm forced to. I use Ghostery and Avast.

 

To make this much easier, I should first mention that I've been planning to do a complete recovery to correct some minor issues anyway, so the following may be irrelevant. I'm just concerned the recovery may make the problem worse or mask it until the malware or virus nukes my whole system; and/or damages the recovery partition files. I had just finished backing up my data, so I'm concerned it may have infected both of those drives, as well. In that case, doing a recovery would be difficult as I REALLY can't afford to lose that data and don't want to reinfect the 'puter.

 

We've been binge watching Hulu, and I showed my son some SNL Jane Curtain and Gilda Radner videos on YouTube, NBC.com, and some other site I've never heard of but can't remember because I delete my history when I exit Firefox. After visiting each, I immediately deleted the cookies and cache--not that it helps if the damage is already done, it just sometimes slows down streaming if I don't.

 

I restarted the computer several times with no problem. For the past few weeks, Windows installer has repeatedly failed, despite re-registering it, etc. Windows stopped recognizing the printer about a week ago, even though it's listed in the installed devices.  The Logitech wireless mouse, but not the companion keyboard, stopped working. Logitech's software can't find the unifying receiver. Windows acknowledges it's there, but can't communicate with it. It was fine until just before the FBI notice and annoying cookie appeared. I reinserted it several times in different slots to no avail.

 

Also yesterday, my son received an FBI/Moneypak notice in Firefox one time, but it didn't lock the computer or prevent it from restarting, etc. It appears to be running normally, with the exception of the issues noted above and a re-occuring cookie labeled: da512f6b-b8f4-4eea-aa9a-53e45c75ad37; three unlabeled cookies appeared once but have not appeared again. There are no search results for that cookie. A storage file named timeshighereducation.com appeared in the Firefox profile, but we've never visited that site and I block third party cookies.

 

I deleted all cookies several times, manually and upon exit without success. I also deleted all of the local and roaming data in Mozilla and in C:\Users\{All Users}\AppData\Local\Temp; and the temporary internet files via the Control Panel-Internet Options. Some sites warned against switching to Admin if infected with the FBI ransomware, so I only deleted what I could without logging in to the Admin profile and/or changing the permissions of those files. I even resorted to deleting the cookie.sqlite files, all of the temporary, and some of the default and permanent storage data in both Firefox profiles. The cookie still restarts. But, I can delete it manually and it won't reappear unless I restart Firefox.

 

I've tried half a dozen+ tools: Housecall; Malwarebytes; Hijack This; Crypto Search; Ransom Note Cleaner; ADWCleaner; RKill; Super Anti-Spyware; Hitman Pro 3 {w/o using the boot USB because I'm not locked out, the notice only appeared once, and I was unsure if it would make it worse}; and Avast. All of the scans had zero results, except Super Anti-Spyware, which found a few ad cookies in Enterprise, but I don't use it and just deleted them. I did not try a System Restore and did not search the Registry because Super Anti-Spyware and other programs did and found nothing. I'm not sure I would know what to look for, anyway. I have not tried Safe Mode because some sites also warned about doing that, as well.

 

Mini Toolbox noted code integrity errors in the windows.old file, and a Connected Devices Platform Service error:
%%2147500037 = Unspecified error, then stopped listing them in subsequent scans after restart.

 

So, I can't find the stupid problem to save my life, but if you think I can get away with doing a complete recovery without damaging the recovery drive/partition; without reinfecting it with the backups; and if it will wipe out whatever hell has invaded my computer, I'm happy to do that rather than waste your valuable time trying to fix it. If it would be safer to write all zeros to the C: partition first, I can do that, too--whatever you think is easiest and most efficient. :orange:

 

THANKS IN ADVANCE!!

 



BC AdBot (Login to Remove)

 


#2 Semi-Novice

Semi-Novice
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 12 March 2017 - 01:25 AM

Update: After fighting with this for days, I added the following to my cookie block list: "da512f6b-b8f4-4eea-aa9a-53e45c75ad37" {The offending cookie label--Firefox added an "http:\\, but not a .com}; and "timeshighereducation.com." Voila, no more reappearing cookie. Since the .com address only appeared in Firefox's storage settings once, I didn't think either would work, but I was desperate as none of the massive number of malware or virus detection tools could find anything.

 

I can't possibly be that easy, right? The malware must still be somewhere in the registry and files, correct? The Windows issues remain, but I'm not convinced they're related.

 

As previously stated, if you think a recovery will wipe out the problems without damaging the recovery partition and files, and I won't reinfect it with the backups, I'm happy to do that.

 

Thanks!!

 

B. Paulsen


Edited by Semi-Novice, 12 March 2017 - 01:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users