My TB just got hacked, tried to sync with online accounts, and now my mail toolbar tabs are messed up/missing.
Hi guys. I've been having trouble lately with hackers coming into my pc via my IP, ISP, and e-mail accounts.
Todays latest activity: TB (without my input) ran a sync command that tried to upload data and connect/setup to various chat accounts, news feeds etc. I managed to catch it in time and cancelled the process but things had already been done. 1. The chat was enabled to display when I was online. I've never setup/touched chat on TB. Hopefully I've turned this off. 2. My messages were set to check every 10 minutes. I've reset this back to 1 min. 3. The menu bar was turned off. I've managed to turn it on again. 4. The mail toolbar has been altered and now I'm missing standard default buttons. (reply, reply to all, send/receive, forward etc.) A chat button has appeared. Just so you know what it looked like, in my initial setup I ran the "classic view" default layout/settings. How do I get the original tabs back? I like the classic view.
Solutions/options I've tried/looked at. 1. Restarting windows. = no change 2. Running TB in safe mode = no change 3. toggling show/hide toolbars in menu command = no change 4. investigating my profile file. = I have no backup profile to restore it to. 5. resetting tb to an earlier config = no earlier profile/backup available 6. reinstalling tb = no change 7. resetting toolbar to defaults = no change
Specifically chosen settings I selected during install.
automatically check and install updates.
I've also turned tracking cookies off in tb. During my malware scans I've been battling detection, automatic re-installation, and removal of tracking cookies/adware. I think/hope I've got this sorted as it was mainly firefox based.
During my reinstall attempt of TB I noticed it trying to use the regsvr32.exe file. In my malware scans this file is being detected but the program classifies it as safe and ignores it. It's also picking up my systempropertiesperformance.exe file and reporting the same thing. Could all this be related?
Okay guys, I'm open to suggestions. And I've also included a couple of files to help you.
I tried to copy a TB diagnostic as an image file for you guys but it won't let me so here's a screendump of the diagnostic. (Sorry if the formats out if whack but its the best I could do)
Application Basics Name Thunderbird Version 31.7.0 User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 Profile Folder Show Folder (Local drive) Application Build ID 20150507114201 Enabled Plugins about:plugins
Build Configuration about:buildconfig
Memory Use about:memory
Mail and News Accounts ID Incoming server Outgoing servers Name Connection security Authentication method Name Connection security Authentication method Default? account1 (pop3) pop3.iinet.net.au:110 alwaysSTARTTLS passwordCleartext smtp.iinet.net.au:587 alwaysSTARTTLS passwordCleartext true account2 (none) Local Folders plain passwordCleartext Crash Reports Report ID Submitted Extensions Name Version Enabled ID Important Modified Preferences Name Value accessibility.typeaheadfind.flashBar 0 browser.cache.disk.capacity 358400 browser.cache.disk.smart_size_cached_value 358400 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size.use_old_max false extensions.lastAppVersion 31.7.0 font.internaluseonly.changed true font.name.monospace.el Consolas font.name.monospace.tr Consolas font.name.monospace.x-baltic Consolas font.name.monospace.x-central-euro Consolas font.name.monospace.x-cyrillic Consolas font.name.monospace.x-unicode Consolas font.name.monospace.x-western Consolas font.name.sans-serif.el Calibri font.name.sans-serif.tr Calibri font.name.sans-serif.x-baltic Calibri font.name.sans-serif.x-central-euro Calibri font.name.sans-serif.x-cyrillic Calibri font.name.sans-serif.x-unicode Calibri font.name.sans-serif.x-western Calibri font.name.serif.el Cambria font.name.serif.tr Cambria font.name.serif.x-baltic Cambria font.name.serif.x-central-euro Cambria font.name.serif.x-cyrillic Cambria font.name.serif.x-unicode Cambria font.name.serif.x-western Cambria font.size.fixed.el 14 font.size.fixed.tr 14 font.size.fixed.x-baltic 14 font.size.fixed.x-central-euro 14 font.size.fixed.x-cyrillic 14 font.size.fixed.x-unicode 14 font.size.fixed.x-western 14 font.size.variable.el 17 font.size.variable.tr 17 font.size.variable.x-baltic 17 font.size.variable.x-central-euro 17 font.size.variable.x-cyrillic 17 font.size.variable.x-unicode 17 font.size.variable.x-western 17 gfx.direct3d.last_used_feature_level_idx 0 mail.openMessageBehavior.version 1 mail.winsearch.firstRunDone true mailnews.database.global.datastore.id 89c46215-2557-4ce3-a652-3570730c7b0 network.cookie.prefsMigrated true places.database.lastMaintenance 1432866777 places.history.expiration.transient_current_max_pages 93360 plugin.importedState true plugin.state.flash 0 plugin.state.java 0 plugin.state.np32dsw 0 plugin.state.npadblockplugin 0 plugin.state.npauthz 0 plugin.state.npctrl 0 plugin.state.npdeployjava 0 plugin.state.nppdf 0 plugin.state.nppicasa 0 plugin.state.nppl 0 plugin.state.npqtplugin 0 plugin.state.nprndlhtml5videoshim 0 plugin.state.nprpplugin 0 plugin.state.npspwrap 0 plugin.state.npwlpg 0 plugin.state.npystate 0 privacy.donottrackheader.enabled true Graphics Adapter Description AMD Radeon HD 7520G Vendor ID 0x1002 Device ID 0x9990 Adapter RAM 512 Adapter Drivers aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64 Driver Version 8.941.1.0 Driver Date 2-9-2012 Direct2D Enabled true DirectWrite Enabled true (6.2.9200.17292) ClearType Parameters ClearType parameters not found WebGL Renderer false GPU Accelerated Windows 1/1 Direct3D 10 AzureCanvasBackend direct2d AzureSkiaAccelerated 0 AzureFallbackCanvasBackend cairo AzureContentBackend direct2d JavaScript Incremental GC 1 Accessibility Activated 0 Prevent Accessibility 0 Library Versions Expected minimum version Version in use NSPR 4.10.6 4.10.6 NSS 3.16.2.3 Basic ECC 3.16.2.3 Basic ECC NSS Util 3.16.2.3 3.16.2.3 NSS SSL 3.16.2.3 Basic ECC 3.16.2.3 Basic ECC NSS S/MIME 3.16.2.3 Basic ECC 3.16.2.3 Basic ECC
All Replies (10)
Guys I just looked at my screendump message text and it looks horrible. Instead I created a pdf and converted it into jpgs for you. hope it helps.
1. The chat was enabled to display when I was online. I've never setup/touched chat on TB. Hopefully I've turned this off. 2. My messages were set to check every 10 minutes. I've reset this back to 1 min. 3. The menu bar was turned off. I've managed to turn it on again. 4. The mail toolbar has been altered and now I'm missing standard default buttons. (reply, reply to all, send/receive, forward etc.) A chat button has appeared.
Actually, this sounds like the standard Thunderbird. it does not sound like anything is amiss.
Re Menu bar turned off The default out of the box TB starts Thunderbird with Menu Bar disabled because it starts with a 'Menu icon' showing instead. I know, this seems not intuitive and not user friendly as more tools are available via the Toolbars and virtually all help refers to the toolbar menus. But at least the original toolbars can be enabled. Replacing toolbars with the menu icon (icon with 3 horizontal lines) was done because so many people are getting tablets etc with small screens and the design needed to offer more space for emails. Yes, I know, this should have been an option not the default.
re :missing standard default buttons. (reply, reply to all, send/receive, forward etc.) You should see : 'Menu icon', 'Get Messages', 'Write', 'Address Book', 'Chat' and 'Search box'.
You can remove 'Chat' via 'View' > 'Toolbars' > 'Customise'. Drag 'chat' off toolbar onto 'Customise' window. Click on 'Done'.
'Reply, Reply-all, Forward, Archive, Junk and Delete, buttons are now located in the Message Header area. When you select to view an email, you will see those buttons in the area where the 'FROM, Subject, TO' headers are displayed. This was a good idea as those buttons are now with each email. When the 'Mail Toolbar' was moved to reside within the tab (It used to be above the tab below the Menu Bar.), real estate space for buttons became difficult hence why they were removed. you can add them back, but I would not advise it because the Mail toolbar will get really messy and squished.
During your cleanup of cookies and all sorts of other stuff, it is possible you removed old session file which contained your default windows layout etc.
The following issues have nothing to do with Thunderbird, so this forum is not the place to get into much detail. But I located some info for you. re; the regsvr32.exe file. In my malware scans this file is being detected but the program classifies it as safe and ignores it
re; systempropertiesperformance.exe file generally, no issue here either. Depends on whether you are getting an error with it.
I notice the top title bar which had the TB icon on left is not enabled - also one of those side effects of adapting for those using small screens.
Tools > Options > Advanced > General tab click on 'config Editor ' button it will tell you to be careful In top search type : title look for this line mail.tabs.drawInTitlebar; Value = false if Value = true double click on the line to toggle the Value from 'True' to 'False' close config editor - top right X Click on OK
Modified by Toad-Hall
Regarding position of toolbar, I've also located this addon which may be of use - you could try it:
How to install: download the addon .xpi file to your desktop or downloads folder.
in Thunderbird
- Tools > Addons
- click on gear wheel icon and select: 'Install addon from file'
- locate the file you downloaded and click on 'Open'.
When you click on 'Write' button to open a new message, you may find the TO fields look 'disabled' or blue'd out until you actually select them.
If you do not like this there is a way to change it. This may seem daunting, but it is not as hard as you think, You have to be able to follow instructions, create folders and copy paste. You do not need to actually write any code.
First - Make hidden files and folders visible:
In Thunderbird
- Help > Troubleshooting Information
- click on 'show folder' button
a new window opens showing your Profile folder name contents.
- Close Thunderbird now - this is important.
- In Profile folder create a new folder and call it chrome - note the spelling. It should be in the same location as the 'Mail folder - see first image below.
- Open Notepad
- Copy all the code shown between the two lines below and paste into Notepad.
- save the file as userChrome.css - note spelling in the chrome folder which you just created. See second image below.
/*
* Do not remove the @namespace line -- it's required for correct functioning
*/
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/*Changes Write window look after v31 update*/
/* ::::: From: msgIdentity box ::::: */
#msgIdentity {
background-color: -moz-Field !important;
transition: border .0s, background-color .0s !important;
border-radius: 2px !important;
}
@media not all and (-moz-windows-default-theme) {
#msgIdentity {
border-width: 0px !important;
}
#msgIdentity:hover,
#msgIdentity[focused="true"] {
background-color: -moz-Field !important;
border-width: 0px !important;
}
}
/* ::::: To, Cc, Bcc button ::::: */
@media not all and (-moz-windows-default-theme) {
.aw-menulist {
margin-top: 0px !important;
-moz-margin-end: 4px !important;
border-width: 0px !important;
background-color: rgba(128, 128, 128, .15) !important;
transition: background-color .05s ease-in !important;
}
.aw-menulist:hover {
background-color: rgba(128, 128, 128, .3) !important;
}
.aw-menulist[open="true"] {
background-color: rgba(128, 128, 128, .05) !important;
}
.aw-menulist:-moz-window-inactive {
opacity: .7 !important;
}
}
.aw-menulist > .menulist-label-box {
margin: 1px 0 -1px 0 !important;
}
/* ::::: addressing widget ::::: */
#textcol-addressingWidget {
background-color: -moz-Field !important;
border-width: 0px !important;
}
.textbox-addressingWidget {
margin-bottom: 0px !important;
margin-bottom: 0px !important;
transition: border .0s, background-color .0s !important;
}
.dummy-row-cell:not(:first-child) {
margin-bottom: 0px !important;
}
@media not all and (-moz-windows-default-theme) {
.textbox-addressingWidget {
background-color: transparent !important;
border-width: 0px !important;
}
.dummy-row-cell:not(:first-child) {
background-color: transparent !important;
border-width: 0px !important;
}
.textbox-addressingWidget:hover,
.textbox-addressingWidget[focused="true"] {
background-color: transparent !important;
border-width: 0px !important;
}
}
/* ::::: subject box ::::: */
#subject-box {
margin-top: 1px !important;
}
#msgSubject {
background-color: -moz-Field !important;
transition: border .0s, background-color .0s !important;
border-width: 0px !important;
}
@media not all and (-moz-windows-default-theme) {
#msgSubject {
border-width: 0px !important;
}
#msgSubject:hover,
#msgSubject[focused="true"] {
background-color: -moz-Field !important;
border-width: 0px !important;
}
}
Modified by Toad-Hall
Thanks Toady. (Or would you prefer Mole or Badger? - good book)
I've had a read of your solutions and had a little bit of a play as well.
- I managed to turn on the TB icon in the top title bar again. I thought I was going crazy and thought something was missing up there but didn't know what. Anyhoo I'm happy I've got my little icon back.
- I understand the logic of maximizing real estate for portable devices but as I'm used to the old layouts it irks me when changes are made for changes sake. Don't worry, I've built my bridge and have gotten over it.
- yeah I found the reply fwd etc. buttons in the header area. I'm used to them sitting in the toolbar though.
- I've customized the mail toolbar and removed the chat button and added the reply, reply all, and fwd buttons. It's not too squished.
- I downloaded the toolbar add-on and ran it. I didn't like the layout change (it looked very busy) so I turned it off again.
- with respect to customizing the new message screen, I'm kinda happy with it the way it is. Although I have done some coding in the past, and understand its a simple copy-paste dynamic, to me the benefits I would gain would be minimal in relation to the exercise. I am grateful for you composing the code though, so thanks for that.
- and thanks for sending me the links as well. I'll do a bit more digging on those by myself and try to identify which programs are loading those files.
So I think I've managed to sort my original problem. I've enclosed a screendump so you can see what I've done.
And as an aside, what settings do I need to turn on to avoid them accessing my pc through my e-mail?
Thanks for the solve guys. Damo
regsvr32.exe a standard windows component used to Register DLLs in the registry when a program is installed. Used manually sometimes to fix DLL registrations.
It is also the vehicle most malware uses to install itself for the same reason Thunderbird uses it. It registered the DLL.
systempropertiesperformance.exe another standard windows program that comes in Windows out of the box from Microsoft.
During my malware scans I've been battling detection, automatic re-installation, and removal of tracking cookies/adware. I think/hope I've got this sorted as it was mainly firefox based.
That sounds a lot like a Symantec product. Everyone else has basically accepted that tracking cookies are a part of the modern web and without them your user experience on most web sites is significantly degraded. It does make their products look like they actually do something if they find a "threat" on a daily basis. Every time you go to Google and sign in you get a new tracking cookie. Same for Live, Yahoo, Facebook, Twitter et al.
Yeah I knew about the benefit of having cookies enabled and their uses. My problem was that the tracking components/software were embedded within firefox adware components. There were 48 variants. I only draw attention to those 2 files cos in prior scans they were never detected and then suddenly they appeared. I had lots of funky stuff going on. I suspect they're corrupted (or running hidden programs) but I don't know how to fix them. In one of them it lists a win nt path when I'm running win7. Now a real player one has appeared. I'm also running other scanners in parallel and they don't pick this stuff up. I'm also worried about the "enabled" components as they weren't there the first couple of times as well. Oh, and should I be talking about this here? as it is a TB site... I don't want to hijack the thread...
As I am the moderator.... I don't think you will get into trouble.
A couple of observations.
Some years ago Microsoft bought an anti malware package (it as re-released as MSE) and in a matter of weeks it stopped detection a range of malware that it had previously detected. They reason was litigation by the adware people who were based in California. The result of that little salutatory lesson to me was that I no longer solely "trust" anti malware products that originate in the US. I look to source them on a more global scale.
So I use ESET anti virus... From Slovakia. Malwarebytes from the US.
For difficult cases, I suggest the Kaspersky Rescue Disk (from Russia) This boots your computer from a copy of Linux on a CD, and scans everything without windows running. It makes it much harder to hide of the operating system your hiding in is not running and your running from a read only media.
I chimed in here (off topic really) because I thought your original question was answered. Did I miss something?
Hi Matt. Outlook seems stable now.
well at least until I ran kaspersky. I ran it and my whole system went kablooey (not to mention it installing in russian).
So basically I'm in the process of rebuilding my system. So I dunno whats working and whats not. I lost a lot of drivers etc and need to reinstall them/rebuild their links.
I'll let you know how outlooks faring in a couple of days.
Cheers Damo