What is jhmkxr@ehsehsdmgaq.com? Found it in Mozilla FF extensions
Windows 7 FF Version 20.0 Was looking up in Roboform (Password Mgr) why my Firefox Bookmarks weren't importing into the program and I was searching for where my FF bookmarks are actually stored on my computer and I came upon this email address that took me to some DNS site. Can you shed any light on why someone's email address is in my extensions folder? And can you tell me where my FF bookmarks are actually stored?
All Replies (2)
Short version:
1. Install, update, then perform a full system scan with MalwareBytes' Antimalware. If it doesn't get rid of the unwanted software, post in the specialized malware removal forum below.
2. Once the above is sorted out, use the Reset Firefox feature to discard all add-ons — including the malicious ones — and start with a fresh profile with just your essential data.
Your bookmarks and history are stored in the places.sqlite file in your profile folder.
Long version:
That's the RapidFinda extension (see these system details). It's a malicious add-on that's normally blocked in the Add-ons Manager.
I don't see it in your list of add-ons, so it's probably been renamed. Based on your address bar search engine setting, I'd guess BasicServe is the culprit in your case. BrowserAdditions also looks suspicious, and the 1Click Downloader rogue software is most likely the source of the problems.
You can find which add-on ID corresponds to which add-on by opening the Help menu (either from the Firefox button or directly from the menu bar), then clicking Troubleshooting Information.
You may have a file called prefs.js under the C:\Program Files\Mozilla Firefox\defaults\pref folder. If you or a system administrator didn't use the file to set or lock default preferences in Firefox, then delete this file while Firefox is closed.
"jhmkxr@ehsehsdmgaq.com" looks like an email address but if you found a folder with this name inside your Firefox profile's extensions folder, it's an extension ID. If it's the "RapidFinda" extension, then it's malware that Firefox has blocked and should have disabled (the blocklist entry links to the block request, if you're interested). Part of the extension may be globally installed inside the Firefox installation directory so you may want to do a clean reinstall after first removing the Firefox program files - see Troubleshoot and diagnose Firefox problems under 5. Reinstall Firefox
For more information on clearing your system of malicious software, see Troubleshoot Firefox issues caused by malware