Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Icon Background is Red


  • Please log in to reply
4 replies to this topic

#1 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:03:11 AM

Posted 19 December 2017 - 01:28 PM

https://www.bleepingcomputer.com/forums/t/665662/firefox-icon-background-is-red/



BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:11 PM

Posted 21 December 2017 - 08:31 AM

Original Post:

 

 

Windows 7, 64 bit.

 

I have been experiencing unusual problems on my laptop for some time now.  I recently ran it through a series of malware detection tests and it came back clean.  I also had the computer in the shop two weeks ago and all the hardware checks out.

 

I use Firefox and have the latest version.  Recently I logged into Yahoo/Flickr, did some activity, and logged out.  An hour later I logged back in but my password did not take, the same password.  It is about forty characters of random letters, numbers and symbols, and I had just changed it a few weeks before.  Somewhere in trying to login, a screen popped up with a link that seemed to be challenging my password.  I have a screen capture of the link but am unable to upload the jpg.

 

Twice yesterday when I was logging into Flickr, a "Bad Panda" screen popped up, indicating server errors.  Then when I refresh the page, I am into my account.

 

I've experienced a lot of difficulty logging into Flickr lately, getting a "Bad Panda" screen (notifying me there is an issue and Flickr is aware of the problem) and then when I refresh the page, I'm into my Flickr account.  I also got a "502 Bad Gateway - nginx/1.7.6" screen.

 

A few days ago I installed a program called Glasswire, which documents any internet activity from my computer.  I was hoping to find suspicious activities, but lacking technical knowledge, I don't know what to look for.  However, this morning upon booting up, the first two activities noted were the removal of two items, Microsoft ISATAP adaptor and MBAMSwissarmyknife.  It struck me as odd that these would be removed at startup.

 

And I found this odd...my Firefox icon in the quick launch bar at the bottom of my screen has a red background when I hover the mouse over it.  I had a friend check his computer and his turned a different shade of gray.  I doubt this is normal.

 

About ten days ago, I was totally unable to send email (Yahoo) or upload photos to Flickr.

 

Yesterday while writing email in Protonmail, a message popped up stating that it could not connect to the server.  And a few months ago while in Protonmail, my screen suddenly changed to a state where the text area was boxed off and I was able to add text, and the rest of the screen was a hazy whitish color and I could not access the buttons. 

 

I am using the wi-fi from my office.  The building owner grants me that privilege.

 

Am I infected?

 

Edited by LittleGreenDots, 16 December 2017 - 01:34 AM.

 

 

 

 

**********************************************************************************************************************************

 

 

 

G'day,

 

 

I need to advise you that I am a Standard Member, like you. I am NOT a Trained Malware Removal Expert. If anything I suggest concerns you, please contact me or a Moderator before actioning it. I have been working on and with computers since the 1970s.

 

 

 

Let's start relatively simply.....

 

 

 

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

 

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

Then.......

 

 

Please download Security Check Tool   (by screen317) from HERE & save it to your Desktop.

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

 

Then.......

 

 

Download and run the ESET Free Online Virus Scanner from:  HERE

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • Click Back, then Finish to exit ESET Online Scanner.
  • ​Do NOT delete the ESET scanner at this stage please.

Please re-enable your antivirus when the scan is complete.

 

Let me know if you encounter any problems.

 

 

After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File to your desktop.
  • Post the Log File contents in your Reply, assuming there was one.
  • Close down any other open programs.
  • Reboot.

 

​I'll look over your log file(s.)

 

Log back in to your thread for further instructions please.

 

We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post in the Topic at the "Top of the Am I Infected..." Forum.

 

I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......

 

 

 

Cheers,

 

 

 

Kilt :thumbup2: 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


Edited by Unworn_Kilt, 21 December 2017 - 08:32 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:03:11 AM

Posted 21 December 2017 - 04:44 PM

Thanks.  I prefer to work with a member of the staff.  No offense.  I just feel better that way,

 

I friend (programmer) thinks I have a keylogger and I found a YouTube video that explained how to check established connections of ports and I found a few that were in the netstat -ano list but not listed in processes of task manager.  Is this normal, or is that indicating that something is hiding from being listed in the processes?

 

I have two TABs open and Firefox (the browser I am using) is listed five times on the Task Manager Process list.  Is this uncommon? 



#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:11 PM

Posted 21 December 2017 - 11:37 PM

G'day Dots,
 
 
As you feel better working with a member of staff, I'll leave the answering of questions to them.
 
Thanks and have a great Christmas!

 

If you are sure you're infected, consider posting at the link below.

 

 

 

  Virus, Trojan, Spyware, and Malware Removal Logs

 

 

 

 

Cheers,

 

 

 

Kilt :thumbup2: 

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:

 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:03:11 AM

Posted 22 December 2017 - 12:33 PM

I was talking to a friend (a programmer) and he suspects my problem is a keylogger.  It explains many things.  I was hacked a few years ago and the hacker stole hundreds of my files.  I suspected that s/he might have left a backdoor somewhere in my files.  I obliged by infecting the other computers with a common USB stick,  I saw a video on how to find keyloggers.  I am not a technical person, but I followed his instructions.  First step was opening Processes and View > PID (or was POD?) and then pulling up a CMD and typing netstat -ano and I checked the processes with established connections and a few were listed in the Netstat list but did not in the processes.

 

What I'm most concerned about are if my files are infected with something hidden in a jpg file.  I have thousands of pictures.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users