X
Tap here to go to the mobile version of the site.

Support Forum

arrow moving after load webpage, malicious software

Posted

I have some sort of malware trying to send me to what MalwareBytes says are malicious sites. I'm working on that, but haven't been able to fix it. But my question is: a few days ago, after I load a webpage, the big download arrow moves up to the small arrow in the upper right, as if it is downloading something. Does that indicate that it has finished downloading that page, or is it something malicious?

I'm using the latest version for Firefox.

I have some sort of malware trying to send me to what MalwareBytes says are malicious sites. I'm working on that, but haven't been able to fix it. But my question is: a few days ago, after I load a webpage, the big download arrow moves up to the small arrow in the upper right, as if it is downloading something. Does that indicate that it has finished downloading that page, or is it something malicious? I'm using the latest version for Firefox.

Chosen solution

No, it does it in Safe Mode too. Earlier I changed all add-ons to "ask before starting".

It only does it on the first website I go to, unless I'm fast enough to go to another one in about 3 seconds - then it does it on that one. It does it once, 5 seconds or so after I start Firefox, regardless of the website.

And many thanks to all of you who are helping! I appreciate it.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 12.0 r0
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.06
  • Google Update
  • GEPlugin
  • VLC media player Web Plugin 2.1.0
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Enables the interaction of Mathematica content with the latest installed version of Mathematica.
  • A plugin to detect whether the Adobe Application Manager is installed on this machine.
  • iTunes Detector Plug-in
  • WinZip Courier Plugin for Mozilla Firefox
  • NPWLPG
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • Firefox 27.0
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
  • Support URL: https://support.mozilla.org/1/firefox/27.0/WINNT/en-US/

Extensions

  • AVG SafeGuard toolbar 17.3.2.113 (avg@toolbar)
  • Cutyfox URL Shortener (bit.ly, is.gd, goo.gl) 1.4.1 (cutyfox@apps.metzweb.net)
  • Easy YouTube Video Downloader 7.0 ({c0c9a2c7-2e5c-4447-bc53-97718bc91e1b})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • VideoDownloadConverter 5.71.2.58327 (4zffxtbr@VideoDownloadConverter_4z.com)
  • Whilokii 1.0.0 ({fed5e6b2-4fc4-43ba-8e95-001d959d8008})
  • WinZip Courier 3.5 ({74c841e3-b59f-479e-8d7a-e26a942a87c8})
  • SmartPrintButton 1.0 (quickprint@hp.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: AMD Radeon HD 5450
  • adapterDescription2:
  • adapterDeviceID: 0x68f9
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 1024
  • adapterRAM2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 400
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: False
  • directWriteVersion: 6.3.9600.16384
  • driverDate: 9-10-2013
  • driverDate2:
  • driverVersion: 13.152.1.1000
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon HD 5450 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.newtab.url: about:blank
  • browser.places.smartBookmarksVersion: 4
  • browser.search.param.yahoo-fr: w3i&type=W3i_DS,136,0_0,Search,20130832,19890,0,68,0
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140127194636
  • browser.startup.homepage: http://www.google.com/advanced_search
  • browser.startup.homepage_override.buildID: 20140127194636
  • browser.startup.homepage_override.mstone: 27.0
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 27.0
  • font.internaluseonly.changed: True
  • font.minimum-size.x-western: 14
  • font.name.monospace.x-western: Lucida Console
  • font.size.fixed.x-western: 16
  • gfx.direct2d.disabled: True
  • gfx.direct3d.last_used_feature_level_idx: 0
  • gfx.direct3d.prefer_10_1: True
  • keyword.URL: http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=C8AD8DBB-6A78-486D-A072-7D5C6130DCE1&n=77fd2d50&ind=2013080912&p2=^HJ^xdm003^YYA^us&si=CKj035nq8LgCFcJj7AodyGUA2A&searchfor=
  • layers.acceleration.disabled: True
  • network.cookie.cookieBehavior: 1
  • network.cookie.prefsMigrated: True
  • network.http.max-connections-per-server: 8
  • network.protocol-handler.warn-external.dnupdate: False
  • places.database.lastMaintenance: 1391977602
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.flash: 1
  • plugin.state.npadobeaamdetect: 1
  • plugin.state.npauthz: 1
  • plugin.state.npgeplugin: 1
  • plugin.state.npgoogleupdate: 1
  • plugin.state.npitunes: 1
  • plugin.state.npmathplugin: 1
  • plugin.state.nppdf: 1
  • plugin.state.npqtplugin: 1
  • plugin.state.npsitesafety: 0
  • plugin.state.npspwrap: 1
  • plugin.state.npvlc: 1
  • plugin.state.npwlpg: 1
  • plugin.state.npwzwmc: 1
  • privacy.cpd.offlineApps: True
  • privacy.cpd.siteSettings: True
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True
  • security.mixed_content.block_active_content: False
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1391115024

Misc

  • User JS: Yes
  • Accessibility: No
Diego Victor 658 solutions 4175 answers

Did you see if was download anything?

An Idea: Some software during the install process there are some options to install other addons, and when the installations finish they try download that addons, can be it or yes can be malwares too.

Try scan your PC:

Did you see if was download anything? An Idea: Some software during the install process there are some options to install other addons, and when the installations finish they try download that addons, can be it or yes can be malwares too. Try scan your PC: *[https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware Problems caused by malwares]

Question owner

I have downloads I start going to a download folder, and there is nothing there. I've done scans with MalwareBytes, Windows Defender, Microsoft Safety Scanner, and MS Malware Removal Tool, but none of them find the problem. In Firefox, when I go most websites, either MalwareBytes says that it blocked two malicious sites or I can see it trying to connect to something else. The last thing happens in IE too. Also, very suspicious popups appear telling me about browser extensions or tp speed up my connection.

I have downloads I start going to a download folder, and there is nothing there. I've done scans with MalwareBytes, Windows Defender, Microsoft Safety Scanner, and MS Malware Removal Tool, but none of them find the problem. In Firefox, when I go most websites, either MalwareBytes says that it blocked two malicious sites or I can see it trying to connect to something else. The last thing happens in IE too. Also, very suspicious popups appear telling me about browser extensions or tp speed up my connection.
Diego Victor 658 solutions 4175 answers

Hmm try use a pop up/ads block, this popup are ads

Hmm try use a pop up/ads block, this popup are ads *[https://addons.mozilla.org/en-us/firefox/addon/adblock-plus-pop-up-addon Adblock Plus Pop-up Addon] *[https://addons.mozilla.org/en-us/firefox/addon/adblock-plus Adblock Plus] *[https://addons.mozilla.org/en-us/firefox/search/?q=block More results]

Modified by Diego Victor

Question owner

I had already run MalwareBytes and MS Safety Scanner. I ran SuperAntispyware and that found some more stuff - one was critical. I had it remove everything it found. So far, that seemed to fix the attempts to go to other websites. I still have the problem with the popups and the strange thing about the download arrow.

I had already run MalwareBytes and MS Safety Scanner. I ran SuperAntispyware and that found some more stuff - one was critical. I had it remove everything it found. So far, that seemed to fix the attempts to go to other websites. I still have the problem with the popups and the strange thing about the download arrow.

Question owner

And I'm still going through the other possible solutions, thanks.

...later

TDSSKiller didn't find anything. ADWCleaner found a lot of stuff, but didn't fix the problem.

AddBlock Plus seems to have fixed the popup problem.

I still have the suspicious download arrow symptom. (but only on some websites now. This page is one that has the suspicious download arrow.)

And I'm still going through the other possible solutions, thanks. ...later TDSSKiller didn't find anything. ADWCleaner found a lot of stuff, but didn't fix the problem. AddBlock Plus seems to have fixed the popup problem. I still have the suspicious download arrow symptom. (but only on some websites now. This page is one that has the suspicious download arrow.)

Modified by jMac

jscher2000
  • Top 10 Contributor
8880 solutions 72665 answers

Hi Judson, I don't understand what you mean about the download arrow toolbar button moving to a different location. Is it possible to capture a screen shot showing where it ends up and what it looks like there? This article has tips on that: How do I create a screenshot of my problem?

Hi Judson, I don't understand what you mean about the download arrow toolbar button moving to a different location. Is it possible to capture a screen shot showing where it ends up and what it looks like there? This article has tips on that: [[How do I create a screenshot of my problem?]]

Helpful Reply

OK, I did a screenshot and cropped it. A couple of seconds after a webpage seems to have finished loading, the big arrow moves across the screen, as it does when I start a download. However, I haven't started a download. It moves to the upper right, where the small download indicator arrow is, as it does with a legitimate download.

OK, I did a screenshot and cropped it. A couple of seconds after a webpage seems to have finished loading, the big arrow moves across the screen, as it does when I start a download. However, I haven't started a download. It moves to the upper right, where the small download indicator arrow is, as it does with a legitimate download.
FredMcD
  • Top 10 Contributor
4335 solutions 61002 answers

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.

You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us!

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of. You can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility] * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Did this fix your problems? Please report back to us!

Question owner

I haven't tried Hitman Pro or ESET - I will. Thanks.

I haven't tried Hitman Pro or ESET - I will. Thanks.
cor-el
  • Top 10 Contributor
  • Moderator
17768 solutions 160708 answers

Try to disable hardware acceleration in Firefox (you need to close and restart Firefox).

Try to disable hardware acceleration in Firefox (you need to close and restart Firefox). *Tools > Options > Advanced > General > Browsing: "Use hardware acceleration when available" *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

Question owner

Hardware acceleration was already off. And the download arrow thing happens in Safe Mode too. Sometimes it is gray and sometimes green.

Hardware acceleration was already off. And the download arrow thing happens in Safe Mode too. Sometimes it is gray and sometimes green.

Modified by jMac

jscher2000
  • Top 10 Contributor
8880 solutions 72665 answers

Any chance that one of your add-ons creates this unusual display? To bypass extensions, you can try visiting the same pages in Firefox's Safe Mode.

You can restart Firefox in Safe Mode using

Help > Restart with Add-ons Disabled (Flash and other plugins still run)

In the dialog, click "Start in Safe Mode" (not Reset)

Any change?

Any chance that one of your add-ons creates this unusual display? To bypass extensions, you can try visiting the same pages in Firefox's Safe Mode. You can restart Firefox in Safe Mode using Help > Restart with Add-ons Disabled ''(Flash and other plugins still run)'' In the dialog, click "Start in Safe Mode" (''not'' Reset) Any change?

Chosen Solution

No, it does it in Safe Mode too. Earlier I changed all add-ons to "ask before starting".

It only does it on the first website I go to, unless I'm fast enough to go to another one in about 3 seconds - then it does it on that one. It does it once, 5 seconds or so after I start Firefox, regardless of the website.

And many thanks to all of you who are helping! I appreciate it.

No, it does it in Safe Mode too. Earlier I changed all add-ons to "ask before starting". It only does it on the first website I go to, unless I'm fast enough to go to another one in about 3 seconds - then it does it on that one. It does it once, 5 seconds or so after I start Firefox, regardless of the website. And many thanks to all of you who are helping! I appreciate it.

Modified by jMac

cor-el
  • Top 10 Contributor
  • Moderator
17768 solutions 160708 answers

You can check for problems with the sessionstore.js and sessionstore.bak files in the Firefox profile folder that store session data.

Rename (or delete) the sessionstore.js file and possible sessionstore-##.js files with a number and sessionstore.bak in the Firefox profile folder.

Deleting sessionstore.js will cause App Tabs and Tab Groups and open and closed (undo) tabs to get lost and you will have to recreate them (make a note or bookmark them if possible).

You can check for problems with the sessionstore.js and sessionstore.bak files in the Firefox profile folder that store session data. Rename (or delete) the sessionstore.js file and possible sessionstore-##.js files with a number and sessionstore.bak in the Firefox profile folder. *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox *http://kb.mozillazine.org/Multiple_profile_files_created Deleting sessionstore.js will cause App Tabs and Tab Groups and open and closed (undo) tabs to get lost and you will have to recreate them (make a note or bookmark them if possible).

Question owner

That didn't fix the suspicious arrow. BTW, it starts about 8 seconds after starting Firefox, not 5.

That didn't fix the suspicious arrow. BTW, it starts about 8 seconds after starting Firefox, not 5.