Firefox tries to connect to Crypto mining website at startup and shutdown
When I start firefox 63.0 32-bit version in Safe mode as well as in normal mode Firefox tries to make a connection to the website cnhv.co. After reading from various malware forums it appears that cnhv.co has links to crypto mining software and as well as the notorious conhive.com. Firefox does not attempt to connect to any other website apart from cnhv.co. When firefox starts on my laptop it creates 4 processes. One parent/main process and 3 child processes. All the 3 processes try to connect to cnhv.co website. Starting the firefox in safe mode or after resetting it still leads to the same behaviour. Only firefox exhibits this behaviour when I try to launch it and when I shut it down. Other browsers do not.
So my question is as follows 1) How do I determine which process or what setting or the location of the infection that is causing Firefox to connect to cnhv.co? 2) How do I fix this? How do I clean Firefox such that it does not connect to any crypto website at startup and shutdown?
Soluzione scelta
Alright I got fed up and reinstalled Firefox and all of its addons. I Also reset my laptop and then downloaded all the patches using my mobile hotspot. Then installed Firefox and other softwares. So it has gone now. I was however not able to determine what caused the issue and what was the problem. In all of this what I found was that there is a dearth of tools for the end users which will allow one to monitor and drill down to packet level what is being sent and received. These tools are there in the enterprise level, I checked with my companies IT department, but not for consumer level. For example I have found that SVCHOST opens a lot of connections and also listens to a lot of connections. But SVCHOSTS is a generic placeholder which most of the services use to open connections. Which service or which thread is opening which connection is not there. Also why is the connection being opened is also not there. And finally what triggered the connection to open is also not provided.
Leggere questa risposta nel contesto 👍 0Tutte le risposte (5)
Time to uninstall firefox completely and deleting the Mozilla folder to fix your malware infections. And then reinstall firefox new.
Yes I am tending towards the same. For that to happen I need to know the following things 1) What are the folders that Mozilla Firefox uses to store each uses preferences, files, cache, etc? 2) What are the Registry entry that Firefox uses or creates? I would like to delete them. 3) What are the Registry entries that Firefox does not create but influences the functioning and configuration of Firefox.
Since the connection happens even when the addons are not loaded that implies that the possible infection is deeper in the Mozilla Firefox. Mabye in the extensions or in the other default addons, xpi files which browser uses.
Also it would be good where this infection is coming from in Firefox. Such that other users can prevent this and also cure this if it is happening to them using their Firefox browsers.
Finally is there a mechanism to run Firefox in a sandbox such that whatever happens on browser after a session is not persisted in any condition what so ever?
Modificato da addverma il
Hello addverma,
Would you please read this article : https://hotvirusmalwareremoval.com/instruction-get-rid-cnhv-co/
and : https://pcthreatskiller.com/steps-to-remove-cnhv-co-virus-completely/
If there are no suspicious extensions in Add-ons => Extensions, then please also check in Windows Control Panel.
Then read this please :
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. They all work differently - what one program doesn't pick up, the other might.
I tried the steps given in the articles. I do not have any process which is suspicious and related to cnhv.co running in my computer. Only legitimate software like Firefox tries to connect to cnhv.co website when it starts, when it shutsdown and when it is running. I do not think that this is a virus nor an adware. It seems to me to be a malware which has infected my computer and is probably doing cyrpto mining. I will run MalwareBytes and then update this thread to see if it found anything suspicious or not.
Soluzione scelta
Alright I got fed up and reinstalled Firefox and all of its addons. I Also reset my laptop and then downloaded all the patches using my mobile hotspot. Then installed Firefox and other softwares. So it has gone now. I was however not able to determine what caused the issue and what was the problem. In all of this what I found was that there is a dearth of tools for the end users which will allow one to monitor and drill down to packet level what is being sent and received. These tools are there in the enterprise level, I checked with my companies IT department, but not for consumer level. For example I have found that SVCHOST opens a lot of connections and also listens to a lot of connections. But SVCHOSTS is a generic placeholder which most of the services use to open connections. Which service or which thread is opening which connection is not there. Also why is the connection being opened is also not there. And finally what triggered the connection to open is also not provided.