X
Tap here to go to the mobile version of the site.

Support Forum

Passive hijacking still taking place (v48)

Posted

I try to open a page, but the cursor does not change from pointer to hand when mousing over a link, which makes me suspicious... the suspicion is confirmed if I just click it anyway, as it opens a new window, usually with some phony ad saying I NEED to download some alleged security fix.

I don't have a lot of different security screening products here, but I do have the latest Malwarebytes, and have run it through at least three times in the last two days, the most recent coming through cleanly. The HKCU\Software key in the registry shows a bunch of suspicious keys (all literal strings) I'm not sure should be there:

TM with value "0106" U_DT, "20160615" U_SDT, null string U_TM, "0106" and U_VER, "3.21"

There's nothing out-of-the-ordinary in either the Run or RunOnce keys under ...\Windows\CurrentVersion.

I'll delete the above values and see if it solves anything.

dL

I try to open a page, but the cursor does not change from pointer to hand when mousing over a link, which makes me suspicious... the suspicion is confirmed if I just click it anyway, as it opens a new window, usually with some phony ad saying I NEED to download some alleged security fix. I don't have a lot of different security screening products here, but I do have the latest Malwarebytes, and have run it through at least three times in the last two days, the most recent coming through cleanly. The HKCU\Software key in the registry shows a bunch of suspicious keys (all literal strings) I'm not sure should be there: TM with value "0106" U_DT, "20160615" U_SDT, null string U_TM, "0106" and U_VER, "3.21" There's nothing out-of-the-ordinary in either the Run or RunOnce keys under ...\Windows\CurrentVersion. I'll delete the above values and see if it solves anything. dL

Chosen solution

Turns out the problem was occurring in BOTH FF and IE.

For jscher2000: A couple of the sites mentioned phony 'patches', but I have also seen ones about the whole Windows system being polluted, and asking me to call someone about a 'cleaning,' and ones that are just cheesy sites with content aimed at preteen girls. I have all auto-downloads blocked, so nothing gets pumped onto this system regardless.

I've refreshed FF and reset IE, and placed the three or four site domains involved found in FF's history in restricted zone under internet options, and for now it's keeping away the baddies.

I'll pick up the other 'cleaning' products mentioned in the article FredMcD offered and make sure everything's OK.

dL

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 15.17.20050
  • Coupons, Inc. Coupon Printer 5.0.2.3
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.101.2 for Mozilla browsers
  • Shockwave Flash 22.0 r0
  • 5.1.50428.0
  • Winamp Application Detector
  • NPWLPG

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0

More Information

FredMcD
  • Top 10 Contributor
4271 solutions 59913 answers

You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

You may have ad / mal-ware. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
jscher2000
  • Top 10 Contributor
8794 solutions 71950 answers

Is the ad referring to a Firefox update or patch? There are a lot of phishing pages promoting malware as a Firefox patch and pushing a .js file or a .exe file. Definitely not safe.

Or is it some other kind of software?

Could you test in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

  • "3-bar" menu button > "?" button > Restart with Add-ons Disabled
  • Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

Any improvement?

Is the ad referring to a Firefox update or patch? There are a lot of phishing pages promoting malware as a Firefox patch and pushing a .js file or a .exe file. Definitely not safe. Or is it some other kind of software? Could you test in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem. ''If Firefox is not running:'' Hold down the Shift key when starting Firefox. ''If Firefox is running:'' You can restart Firefox in Safe Mode using either: * "3-bar" menu button > "?" button > Restart with Add-ons Disabled * Help menu > Restart with Add-ons Disabled and OK the restart. ''Both scenarios:'' A small dialog should appear. Click "Start in Safe Mode" (''not'' Refresh). Any improvement?

Chosen Solution

Turns out the problem was occurring in BOTH FF and IE.

For jscher2000: A couple of the sites mentioned phony 'patches', but I have also seen ones about the whole Windows system being polluted, and asking me to call someone about a 'cleaning,' and ones that are just cheesy sites with content aimed at preteen girls. I have all auto-downloads blocked, so nothing gets pumped onto this system regardless.

I've refreshed FF and reset IE, and placed the three or four site domains involved found in FF's history in restricted zone under internet options, and for now it's keeping away the baddies.

I'll pick up the other 'cleaning' products mentioned in the article FredMcD offered and make sure everything's OK.

dL

Turns out the problem was occurring in BOTH FF and IE. For jscher2000: A couple of the sites mentioned phony 'patches', but I have also seen ones about the whole Windows system being polluted, and asking me to call someone about a 'cleaning,' and ones that are just cheesy sites with content aimed at preteen girls. I have all auto-downloads blocked, so nothing gets pumped onto this system regardless. I've refreshed FF and reset IE, and placed the three or four site domains involved found in FF's history in restricted zone under internet options, and for now it's keeping away the baddies. I'll pick up the other 'cleaning' products mentioned in the article FredMcD offered and make sure everything's OK. dL