X
Tap here to go to the mobile version of the site.

Support Forum

Issue is infection of FireFox for access to my BANK, scanning does not find any issue.

Posted

Accessed my bank on line as usual for about the last fifteen (15) YEARS and after entering my access code and password plus a security question, with all ICONS and clickable items to give me access another LOGIN box came up for another login with none of the icons required were shown as before. They all were shown as a vertical rectangle with an X inside, I halted there and removed that webpage. Took my desktop off line to start to investigate my system as well as many scans including RootKit scans finding NOTHING. Very security conscious with over 25 years of not ever having this issue nor anything like this.

Before retirement was the Manager of a small/medium sized computer system for the Federal Government with approximately eighty (80) million dollars worth of Test Equipment for Calibration and maintenance for the U.S. Air Force World Wide at our Type II PMEL (Precision Measurement Equipment Laboratory) for about ten (10) years.

I know this is a problem on my desktop as I also have a laptop and it works as they both should, got my access to my bank and took care of business. To keep this as short as possible will await any questions you may want to ask. One last pont, am not schooled in any knowledge that I have, just from the "shool-of-hard-knocks" starting out working in BTOS (Boroughs Task Operating System) and what knowledge gained from that work was transferred over to Microsoft's DOS and Windows.

TIA, CU L8R, NTLS "LoneWanderer" Win7 Professional SP1 64bit (desktop) Dell Inspiron 960, Win7 Home Premium SP1 64 bit (laptop) Dell 1564 AND have had several system that were built up by some of the local Computer shops running DOS3,3 through my current system. Journeyman Electronics Technician with over 65 years experience.

Accessed my bank on line as usual for about the last fifteen (15) YEARS and after entering my access code and password plus a security question, with all ICONS and clickable items to give me access another LOGIN box came up for another login with none of the icons required were shown as before. They all were shown as a vertical rectangle with an X inside, I halted there and removed that webpage. Took my desktop off line to start to investigate my system as well as many scans including RootKit scans finding NOTHING. Very security conscious with over 25 years of not ever having this issue nor anything like this. Before retirement was the Manager of a small/medium sized computer system for the Federal Government with approximately eighty (80) million dollars worth of Test Equipment for Calibration and maintenance for the U.S. Air Force World Wide at our Type II PMEL (Precision Measurement Equipment Laboratory) for about ten (10) years. I know this is a problem on my desktop as I also have a laptop and it works as they both should, got my access to my bank and took care of business. To keep this as short as possible will await any questions you may want to ask. One last pont, am not schooled in any knowledge that I have, just from the "shool-of-hard-knocks" starting out working in BTOS (Boroughs Task Operating System) and what knowledge gained from that work was transferred over to Microsoft's DOS and Windows. TIA, CU L8R, NTLS "LoneWanderer" Win7 Professional SP1 64bit (desktop) Dell Inspiron 960, Win7 Home Premium SP1 64 bit (laptop) Dell 1564 AND have had several system that were built up by some of the local Computer shops running DOS3,3 through my current system. Journeyman Electronics Technician with over 65 years experience.
Quote

Question owner

Well I see there is NOT any assistance with this issue, some how there has been a bogus profile created on my system and is not removable as per your instructions using 'about:profiles', as there are NOT any other profiles listed, "*.default" is the only profile shown. That method will NOT remove said profile.

TIA, CU L8R, 'd' NTLS "LoneWanderer"

Well I see there is NOT any assistance with this issue, some how there has been a bogus profile created on my system and is not removable as per your instructions using 'about:profiles', as there are NOT any other profiles listed, "*.default" is the only profile shown. That method will NOT remove said profile. TIA, CU L8R, 'd' NTLS "LoneWanderer"
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
7237 solutions 58925 answers

Let's recap the first page of this thread:

  • about:profiles shows only 1 profile -- this page reflects the contents of the Profiles.ini file at AppData\Roaming\Mozilla\Firefox; it is possible for other folders to be present that are not listed in this file
  • when you check under AppData\Roaming\Mozilla\Firefox\Profiles you now find only one profile folder, which corresponds to your currently active profile on the about:profiles page -- true?
  • when you check under AppData\Local\Mozilla\Firefox\Profiles you earlier found mystery folders, and you removed all but the one which corresponds to your currently active profile on the about:profiles page -- true?

Now...

(A) Have any mystery folders returned recently?

(B) If so, can you glean any information about their source or purpose by viewing files inside?

I realize that most of the files are in unreadable formats but perhaps their creation or modification dates correspond to an event on the system such as startup, installation of new software, a scheduled task, etc.

(C) You previously implied that your Firefox profile is under a "Limited User" account.

I don't know whether there are some circumstances under which Firefox might create a new profile due to a permissions issue in such an account. If this started happening very recently, can you associate it with a particular version of Firefox or a new/updated add-on?

Let's recap the first page of this thread: * about:profiles shows only 1 profile -- this page reflects the contents of the Profiles.ini file at AppData\'''Roaming'''\Mozilla\Firefox; it is possible for other folders to be present that are not listed in this file * when you check under AppData\'''Roaming'''\Mozilla\Firefox\Profiles you now find only one profile folder, which corresponds to your currently active profile on the about:profiles page -- true? * when you check under AppData\'''Local'''\Mozilla\Firefox\Profiles you earlier found mystery folders, and you removed all but the one which corresponds to your currently active profile on the about:profiles page -- true? Now... (A) Have any mystery folders returned recently? (B) If so, can you glean any information about their source or purpose by viewing files inside? I realize that most of the files are in unreadable formats but perhaps their creation or modification dates correspond to an event on the system such as startup, installation of new software, a scheduled task, etc. (C) You previously implied that your Firefox profile is under a "Limited User" account. I don't know whether there are some circumstances under which Firefox might create a new profile due to a permissions issue in such an account. If this started happening very recently, can you associate it with a particular version of Firefox or a new/updated add-on?
Was this helpful to you?
Quote

Question owner

jscher2000 said

Let's recap the first page of this thread:
  • about:profiles shows only 1 profile -- this page reflects the contents of the Profiles.ini file at AppData\Roaming\Mozilla\Firefox; it is possible for other folders to be present that are not listed in this file THIS IS TRUE AT THIS TIME, THE ADDITIONAL PROFILE IS NOT THERE ANY LONGER.
  • when you check under AppData\Roaming\Mozilla\Firefox\Profiles you now find only one profile folder, which corresponds to your currently active profile on the about:profiles page -- true? THIS IS ALSO TRUE!
  • when you check under AppData\Local\Mozilla\Firefox\Profiles you earlier found mystery folders, and you removed all but the one which corresponds to your currently active profile on the about:profiles page -- true? AGAIN TRUE!
Now... (A) Have any mystery folders returned recently? HAVE NOT FOUND ANY! (B) If so, can you glean any information about their source or purpose by viewing files inside? I realize that most of the files are in unreadable formats but perhaps their creation or modification dates correspond to an event on the system such as startup, installation of new software, a scheduled task, etc. NONE OF THE FILES REPORTED PREVIOUSLY ARE FOUND! (C) You previously implied that your Firefox profile is under a "Limited User" account. TRUE! I don't know whether there are some circumstances under which Firefox might create a new profile due to a permissions issue in such an account. If this started happening very recently, can you associate it with a particular version of Firefox or a new/updated add-on? NONE THAT ARE PRESENT AT THIS TIME! THIS ISSUE STARTED ABOUT A MONTH AND A HALF AGO.

jscher2000,

I have embedded my present situation, not prior to, in BOLD all CAPS. There were no answer for some were no replies as above. Do not know when this situation changed, have been busy out of my home on other issues that took much time and travel. Am free tis week-end and will answer any questions to my best knowledge at this time.

Not sure when nor how I managed to remove those other unauthorized Profiles. My Profiles.ini file had my original (coded).default also included within yet was being sent to the unauthorized profile. As per your instructions, to use "about:profiles" would not allow me to remove any as they were both "~.default" and that function would not allow the removal. If you would like there can be an attempt to give you what all that was done by me to try to get them removed, hopefully my guessing may give some clues.

Thank you for these requests to clarify the data.

'd' NTLS "LoneWanderer"

''jscher2000 [[#answer-1088121|said]]'' <blockquote> Let's recap the first page of this thread: * about:profiles shows only 1 profile -- this page reflects the contents of the Profiles.ini file at AppData\'''Roaming'''\Mozilla\Firefox; it is possible for other folders to be present that are not listed in this file '''THIS IS TRUE AT THIS TIME, THE ADDITIONAL PROFILE IS NOT THERE ANY LONGER.''' * when you check under AppData\'''Roaming'''\Mozilla\Firefox\Profiles you now find only one profile folder, which corresponds to your currently active profile on the about:profiles page -- true? '''THIS IS ALSO TRUE!''' * when you check under AppData\'''Local'''\Mozilla\Firefox\Profiles you earlier found mystery folders, and you removed all but the one which corresponds to your currently active profile on the about:profiles page -- true? '''AGAIN TRUE!''' Now... (A) Have any mystery folders returned recently? '''HAVE NOT FOUND ANY!''' (B) If so, can you glean any information about their source or purpose by viewing files inside? I realize that most of the files are in unreadable formats but perhaps their creation or modification dates correspond to an event on the system such as startup, installation of new software, a scheduled task, etc. '''NONE OF THE FILES REPORTED PREVIOUSLY ARE FOUND!''' (C) You previously implied that your Firefox profile is under a "Limited User" account. '''TRUE!''' I don't know whether there are some circumstances under which Firefox might create a new profile due to a permissions issue in such an account. If this started happening very recently, can you associate it with a particular version of Firefox or a new/updated add-on? '''NONE THAT ARE PRESENT AT THIS TIME! THIS ISSUE STARTED ABOUT A MONTH AND A HALF AGO.''' </blockquote> jscher2000, I have embedded my present situation, not prior to, in BOLD all CAPS. There were no answer for some were no replies as above. Do not know when this situation changed, have been busy out of my home on other issues that took much time and travel. Am free tis week-end and will answer any questions to my best knowledge at this time. Not sure when nor how I managed to remove those other unauthorized Profiles. My Profiles.ini file had my original (coded).default also included within yet was being sent to the unauthorized profile. As per your instructions, to use "about:profiles" would not allow me to remove any as they were both "~.default" and that function would not allow the removal. If you would like there can be an attempt to give you what all that was done by me to try to get them removed, hopefully my guessing may give some clues. Thank you for these requests to clarify the data. 'd' NTLS "LoneWanderer"
Was this helpful to you?
Quote
Pkshadow
  • Top 10 Contributor
685 solutions 8101 answers

Could you please make your issues in point form. That way we can go over each issue with out going through a lot of text. It makes working on this more effective for you. Thank You.

Could you follow up on this please : Please use more than 1 scanner as each uses diff tech :

Save your Report and google each before deleting anything as do not want to delete something you need, If need help :

Post in only 1 forum, then wait.

Fyi as this effects you : https://www.howtogeek.com/345946/microsoft-blocks-all-windows-7-security-updates-unless-you-have-antivirus/

Please let us know if this solved your issue or if need further assistance.

Could you please make your issues in point form. That way we can go over each issue with out going through a lot of text. It makes working on this more effective for you. Thank You. Could you follow up on this please : Please use more than 1 scanner as each uses diff tech : *https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware Save your Report and google each before deleting anything as do not want to delete something you need, If need help : *https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Post in only 1 forum, then wait. Fyi as this effects you : https://www.howtogeek.com/345946/microsoft-blocks-all-windows-7-security-updates-unless-you-have-antivirus/ Please let us know if this solved your issue or if need further assistance.
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
7237 solutions 58925 answers

Helpful Reply

Hi NTLS, I don't think there's anything to look at if the problem doesn't come back. I don't know how you would reconstruct what triggered this a month and a half ago. Not that you would want to, except that mysteries are bothersome.

Hi NTLS, I don't think there's anything to look at if the problem doesn't come back. I don't know how you would reconstruct what triggered this a month and a half ago. Not that you would want to, except that mysteries are bothersome.
Was this helpful to you? 1
Quote

Question owner

Pkshadow,

In reference to your post:

Reference 'ad popups display' PopUps are NOT an issue upon my system.

Non-Social Networking participant.

Actually NONE of these are a part of my issue!

From this LINK below:

https://www.howtogeek.com/345946/microsoft-blocks-all-windows-7-security-updates-unless-you-have-antivirus/


Required Registry KEY for Win7 SP1 security updates to be installed.

The above item is NOT needed, Microsoft Security Essentials installed. Plus MBAM Premium latest version also. Neither one detected any malware.

Farbar Recovery Scan Tool also known as FRST.exe is being BLOCKED by Microsoft Security Essentials as a Trojan and will not allow it to run. Neither will I.

TIA, CU L8R, NTLS "LoneWanderer"

Pkshadow, In reference to your post: Reference 'ad popups display' PopUps are NOT an issue upon my system. Non-Social Networking participant. Actually NONE of these are a part of my issue! From this LINK below: https://www.howtogeek.com/345946/microsoft-blocks-all-windows-7-security-updates-unless-you-have-antivirus/ Required Registry KEY for Win7 SP1 security updates to be installed. The above item is NOT needed, Microsoft Security Essentials installed. Plus MBAM Premium latest version also. Neither one detected any malware. Farbar Recovery Scan Tool also known as FRST.exe is being BLOCKED by Microsoft Security Essentials as a Trojan and will not allow it to run. Neither will I. TIA, CU L8R, NTLS "LoneWanderer"
Was this helpful to you?
Quote

Question owner

jscher2000 said

Hi NTLS, I don't think there's anything to look at if the problem doesn't come back. I don't know how you would reconstruct what triggered this a month and a half ago. Not that you would want to, except that mysteries are bothersome.

jscher2000,

To the best of my knowledge there is NOT any thing that can be done at this time. So far after my removal of the unauthorized Profile there has not been any issues.

I agree with your evaluation, even the fact that the "mysteries are bothersome." Will just need to live with them unless they return some time in the future.

TIA, CU L8R, NTLS "LoneWanderer"

''jscher2000 [[#answer-1089121|said]]'' <blockquote> Hi NTLS, I don't think there's anything to look at if the problem doesn't come back. I don't know how you would reconstruct what triggered this a month and a half ago. Not that you would want to, except that mysteries are bothersome. </blockquote> jscher2000, To the best of my knowledge there is '''NOT''' any thing that can be done at this time. So far after my removal of the unauthorized Profile there has not been any issues. I agree with your evaluation, even the fact that the "mysteries are bothersome." Will just need to live with them unless they return some time in the future. TIA, CU L8R, NTLS "LoneWanderer"
Was this helpful to you?
Quote

Question owner

Gentlemen that have been posting on my issue,

  • Seems the issue has been cleared by MS Security Essentials. In reviewing the History there was s record of two (2) "Trojan/W32-????" do not remember the full title. Both found on the same date 03/19/2018 and were quarantined. yet there was never any info after doing my scans. Checking all the time for any thing quarantined and there never was any shown as being found. These were in the bottom selection "All detected items" and I just removed, DELETED, them.

Please accept my apology for not getting to this sooner. My other issues, not related to computers, have kept me busy.

TIA, CU L8R, NTLS "LoneWanderer"

Gentlemen that have been posting on my issue, * Seems the issue has been cleared by MS Security Essentials. In reviewing the History there '''was''' s record of two (2) "Trojan/W32-????" do not remember the full title. Both found on the same date 03/19/2018 and were quarantined. yet there was never any info after doing my scans. Checking all the time for any thing quarantined and there never was any shown as being found. These were in the bottom selection "All detected items" and I just removed, DELETED, them. Please accept my apology for not getting to this sooner. My other issues, not related to computers, have kept me busy. TIA, CU L8R, NTLS "LoneWanderer"
Was this helpful to you?
Quote
Pkshadow
  • Top 10 Contributor
685 solutions 8101 answers

Advise to run these as suggested Please use more than 1 scanner as each uses diff tech :

Save your Report and google each before deleting anything as do not want to delete something you need, If need help :

Post in only 1 forum, then wait.

Then as per other question you opened, Mark these Both As Solved.

Please let us know if this solved your issue or if need further assistance.

Advise to run these as suggested Please use more than 1 scanner as each uses diff tech : *https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware Save your Report and google each before deleting anything as do not want to delete something you need, If need help : *https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Post in only 1 forum, then wait. Then as per other question you opened, Mark these Both As Solved. Please let us know if this solved your issue or if need further assistance.
Was this helpful to you? 0
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.