Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website won't load anymore with Noscript; possible rfihub malware?


  • Please log in to reply
16 replies to this topic

#1 postingapost

postingapost

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 01 December 2017 - 01:29 AM

I'm using Windows 7.

I was on a website which was working fine using Firefox with Noscript. After closing the browser, I wanted to double check my account, but now the page won't load. Besides the website itself which is trusted, Noscript is showing Doublclick.net (seems to be safe) and also rfihub.com and rhihub.net.

A google search says that rfihub is malware, but when I run Malwarebytes, it's says my PC is fine. Why will the page not load anymore?

Could Malwarebytes have said there is no problem because there really isn't one? I have tried using the same site in Chrome (without Noscript, obviously) with seemingly no issue; at least I can't tell if it had any interaction with rfihub. Did I just make things worse by doing that?



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 01 December 2017 - 05:03 PM

I use Firefox 56 with the original NoScript...waiting for more development on NoScript.

 

It would help to know which website is the "problem". You may not want to reveal that for personal reasons...that's okay.

 

QUOTE FROM THE WEB: A.rfihub.com redirect is usually caused by adware installed on your computer

 

Suggest, just to be sure there is no adware on the computer, I suggest you scan with AdwCleaner and use CCleaner to clean the computer.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Do you have an ad blocker installed such as Adblock Plus in your browsers?

 

You should block the install of third party cookies....also known as ad and tracking cookies such as Doubleclick which is part of Google ads.

Once you have blocked the third party cookies from installing, run CCleaner to remove the existing ones.

How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 04 December 2017 - 03:33 PM

Busy weekend, sorry

 

So before I do the other steps you mentioned, the website is my Spectrum/Time Warner Cable account. Does that affect what I should do?



#4 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 04 December 2017 - 04:02 PM

Run CCleaner and scan with AdwCleaner. Report per instructions what AdwCleaner found.

 

Are you able to access this Spectrum site and your account after entering your Username and password?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 04 December 2017 - 06:11 PM

I can access that page. Should I try to log in? I haven't done the Cleaner stuff yet.

 

I will note that the usual address I use is from Spectrum.com (which I still can't connect to) as opposed to the Spectrum.net address you provided



#6 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 04 December 2017 - 06:15 PM

I suggest running the programs first...just in case AdwCleaner finds something and CCleaner will delete all the cookies. A corrupt cookie

or corrupt bookmark/ shortcut could be the problem, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 04 December 2017 - 08:37 PM

"Uncheck offers for toolbars": I didn't see any offers, is that normal? Did I miss it?

 

Can I keep my internet history while still clearing the rest, or does the history need to go



#8 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 04 December 2017 - 09:08 PM

CCleaner is bundled with Google Chrome or Google Toolbar. I forget which one but if you have Chrome installed it won't install it again.

 

It's best to clean history. I allow Firefox to delete history everytime I shut it down. Up to you....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 04 December 2017 - 09:13 PM

This is how an Eset scan describes what is bundled with CCleaner.....Downloads\ccsetup537.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting

AdwCleaner may remove it if you installed it. If not, check your add-ons/ extensions in your browsers for it and delete it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 04 December 2017 - 10:23 PM

AdwCleaner found nothing. Do I still need to press "Clean"?

 

I didn't see any toolbar offer, I don't see any add on/extension in any of my browsers, and as mentioned Adw didn't find anything. So it's probably not there or do I need another scan from Eset or something for that



#11 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 05 December 2017 - 08:39 AM

If you have a bookmark used to access Spectrum then delete that and try using the link I gave to access your account.

 

No, you don't click on clean if nothing was found.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 05 December 2017 - 07:44 PM

I've tried it out and the link you provided takes me to a Spectrum streaming service. From here, attempting to access the account itself (for support, billing, etc) takes me to the same address as the link in my bookmarks and still gets stuck.



#13 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 05 December 2017 - 08:02 PM

Have you tried using a different browser that you have installed? Have you tried disabling NoScript...Allowi Scripts Globally?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 postingapost

postingapost
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 07 December 2017 - 04:19 AM

My concern is mainly around Noscript detecting rfihub which google says is malware, so I haven't tried to allow scripts globally in Firefox.

 

As I mentioned in the first post, I have successfully logged into that site via Chrome, but I wasn't sure if me doing that was good idea or not. I can't tell if Chrome

1. is not connecting to rfihub at all,

2. is connecting to rfihub, but it isn't actually harmful unlike what google says, or

3. is connecting to rfihub and it is harmful like google says and it's doing something I can't see ie in the background or whatnot

 

Then, doing all the Cleaner stuff detects nothing, but is that because my computer is fine or is there malware bypassing detection


Edited by postingapost, 07 December 2017 - 04:23 AM.


#15 buddy215

buddy215

  • BC Advisor
  • 12,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:26 AM

Posted 07 December 2017 - 06:46 AM

I see no harm in allowing scripts globally while at the sign in page. Sometimes pages don't refresh...so once you have

allowed scripts globally...refresh that sign in page.

 

EDIT: I don't have an account at Spectrum...but I used my sister's account to test what scripts want to run when attempting to

sign in. Yes, one of those scripts is rfihub along with other ad/ tracking scripts such as doubleclick. I did not allow that script and other known

ad/ tracking scripts. I successfully signed in. Once signed out...I revoked temporary permissions in NoScript.


Edited by buddy215, 07 December 2017 - 07:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users