X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Where is the history folder location

Kuphostiwe

A user on my workstation uses Firefox and has visited a site that installed "Win 7 Internet Security 2011" on this machine. I successfully identified and removed the Trojan virus software. The browsers where neutralized by this virus and are inoperable. I created a new user account for this person. This user has been reinfected with the new account.

I want to find out where this user has been to identify where this Trojan virus is coming from. The only way I know how to do this is by reviewing the history log file to see where this person has been. I want to review the history location as the administrator of the machine; not use the infected user account. If there is a better way to do this outside of the infected user account, I am open to suggestions.

A user on my workstation uses Firefox and has visited a site that installed "Win 7 Internet Security 2011" on this machine. I successfully identified and removed the Trojan virus software. The browsers where neutralized by this virus and are inoperable. I created a new user account for this person. This user has been reinfected with the new account. I want to find out where this user has been to identify where this Trojan virus is coming from. The only way I know how to do this is by reviewing the history log file to see where this person has been. I want to review the history location as the administrator of the machine; not use the infected user account. If there is a better way to do this outside of the infected user account, I am open to suggestions.

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 3.5.20706; .NET CLR 3.5.21022; Media Center PC 5.0; SLCC1; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E; Zune 4.7; InfoPath.3)

Eminye Imininingwane

cor-el
  • Top 10 Contributor
  • Moderator
17859 izisombululo 161596 izimpendulo
Kuphostiwe

Did that user use IE or only Firefox?

Did that user download on installed any new software?

Chances are fairly low to get infected with Firefox by visiting websites, provided that all plugins (Java, Flash, Adobe Reader) are up to date.


Firefox stores the history in an SQLite database file places.sqlite in the Firefox Profile Folder.

Did that user use IE or only Firefox? Did that user download on installed any new software? Chances are fairly low to get infected with Firefox by visiting websites, provided that all plugins (Java, Flash, Adobe Reader) are up to date. ---- Firefox stores the history in an SQLite database file places.sqlite in the Firefox Profile Folder. *http://kb.mozillazine.org/Profile_folder_-_Firefox *SQLite Manager: https://addons.mozilla.org/firefox/addon/sqlite-manager/

Umnikazi wombuzo

The user only uses Firefox. I have version 4.0.1 installed. This user does not like IE.

From Malwarebytes' log the virus was located here the first time here: c:\Users\<user id>b\AppData\Local\sll.exe (Trojan.FakeAlert). I am still not sure how the virus was able to install the first time around since I have this user locked down - not able to install without admin privileges.

The second time here: c:\Users\<user id>\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\IUFEUHVK\info[1].exe (Trojan.FakeAlertRP.Gen) . This did not get installed.

I try to keep everything current with the latest version.

I still want to review the history logs to record the sites visited. Then try each site one at a time to see if virus appears. I know this is a painful process, but how else do I determine where the virus came from? Back to my original question, how do I reveiw Firefox history log by using the admin account?

The user only uses Firefox. I have version 4.0.1 installed. This user does not like IE. From Malwarebytes' log the virus was located here the first time here: c:\Users\<user id>b\AppData\Local\sll.exe (Trojan.FakeAlert). I am still not sure how the virus was able to install the first time around since I have this user locked down - not able to install without admin privileges. The second time here: c:\Users\<user id>\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\IUFEUHVK\info[1].exe (Trojan.FakeAlertRP.Gen) . This did not get installed. I try to keep everything current with the latest version. I still want to review the history logs to record the sites visited. Then try each site one at a time to see if virus appears. I know this is a painful process, but how else do I determine where the virus came from? Back to my original question, how do I reveiw Firefox history log by using the admin account?
cor-el
  • Top 10 Contributor
  • Moderator
17859 izisombululo 161596 izimpendulo
Kuphostiwe

You will have to copy the file places.sqlite from that user account to a Firefox profile folder in your account then you can see the history in the Library.


The locations where you found that trojan are not locations used by Firefox.

The file \Local\sll.exe is most likely placed there by running an installer.

The file in "temporary internet files\Content.IE5\IUFEUHVK\i" in the IE cache is either from using IE or saved from using a MS plugin like WMP or Silverlight.

You will have to copy the file places.sqlite from that user account to a Firefox profile folder in your account then you can see the history in the Library. ---- The locations where you found that trojan are not locations used by Firefox. The file \Local\sll.exe is most likely placed there by running an installer. The file in "temporary internet files\Content.IE5\IUFEUHVK\i" in the IE cache is either from using IE or saved from using a MS plugin like WMP or Silverlight.