Jump to content

Crossrider in Firefox prefs.js

troglodite
 Share

Recommended Posts

troglodite

troglodite

Posted
Posted

Malwarebytes Threats scan report shows two items quarantined - see below (made the report anonymous)  - but they are still there, and quarantined again at next scan.

1) Why two entries?

2) How do I get rid of whatever is inserting them?

3) Should I be using different settings?

Help?

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/3/17
Scan Time: 11:18 PM
Log File: c4d4700e-a888-11e7-9bcc-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2943
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User Name

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 574115
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 55 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.CrossRider, C:\USERS\UserName\APPDATA\ROAMING

\MOZILLA\FIREFOX\PROFILES\DQW4EJ6K.DEFAULT\PREFS.JS, Replaced,

[219], [301532],1.0.2943
PUP.Optional.CrossRider, C:\USERS\UserName\APPDATA\ROAMING

\MOZILLA\FIREFOX\PROFILES\DQW4EJ6K.DEFAULT\PREFS.JS, Replaced,

[219], [301532],1.0.2943

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I`ve merged your second thread to this your original thread, please keep all replies to this thread... Do not create any extras....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkite
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.
    'Could not load DDA driver'
     
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites
troglodite

troglodite

Posted
  • Author
Posted

I hope I've got everything for which you asked, apart from the JRT.txt file

Fixlog.txt;
AdwareCleaner[SO], which appeared at the end of the AdwCleaner Scan;
AdwareCleaner[CO], which appeared after the Restart; it had a little difficulty getting uploaded.
ExportedReport20171005 1344.txt, which shows entries for Trojans that haven't come up using Malwarebytes default settings, and the two PUPs that always seem to be 'Replaced' even though the prefs.js file contains "crossrider".

I'm sure you'll let me know if I've missed anything

Hoping that this helps you to help me.

How do I get rid of the two 'Upload Failed; messages?

Fixlog.txt

AdwCleaner[S0].txt

AdwCleaner[C0].txt

Exported Report 20171005 1344.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

It would seem the problem returns to firefox after being replaced... lets go for a clean install of Firefox, when complete run another threat scan with Malwarebytes..

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Remove all synced data from Firefox to stop possible re-infection or exploitation.

https://support.mozilla.org/t5/Sync-and-Save/How-do-I-set-up-Sync-on-my-computer/ta-p/21417

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
 
Thanks,
Kevin
Link to post
Share on other sites
troglodite

troglodite

Posted
  • Author
Posted

Download and save the latest version of Firefox isn't that easy - or so it seems.  If I use Firefox to follow your link to Mozilla, I get to a page that recognizes I'm using Firefox and offers mem the choice of <Free Download> or <Refresh Firefox>. If I choose <Free Download>, all I can download is Firefox Installer.

Will that do the job?

If I use Internet Explorer, I get to a slightly different page, but the only Download on offer is the Installer.  However, looking at Mozilla's kb/how-download-and install-firefox-windows has a section at the end for Advanced Users which points to the Systems and Language pages where the actual 39MB Firefox Setup.exe (in all languages for all systems) are available to Download - so I've downloaded the appropriate file.

Should I be trying to use this?

Getting rid of the current version of Firefox, the next task on your list, is proving to be difficult,

Following the procedure in the Mozilla instructions, having shut Firefox down,  and selected Mozilla Firefox from the List of Programs, the moment I hit the Uninstall button I get an Error Message saying:

Can't initialize plug-ins directory. Please try again later

I've tried again, later, several times.

Following the instructions from Mozilla I have tried to start the Uninstall Wizard manually by running  \uninstall\helper.exe, only to find that I get the same error message.

I'm stuck at this point in the process and wondered if you might have any suggestions.

If not, I'll start pestering Mozilla.

OK?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)
Use the following to uninstall Firefox:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option...
 
For the reinstall use the installer you`ve downloaded.....
Edited by kevinf80
typo
Link to post
Share on other sites
troglodite

troglodite

Posted
  • Author
Posted

Tried Uninstall in GeekUninstaller but it failed (Couldn't Initialise plug-in directory), so did Force Removal, which whirred away for a while, then displayed some 'left over traces' - 5353 in file system and 46 in registry.

It started deleting them but stopped just short of the end of the progress bar, and hadn't moved 20 minutes later, wasn't using any CPU, so I Ended it.

Moved on to 'remove all remaining data and profile information.  The only thing I could find was a Firefox folder with an installer inside.  When I tried to delete the file and the folder I was told I needed the Administrator's permission, which is odd because I AM the Administrator.

I had another couple of goes but kept getting the same message, and gave up, but when I eventually went back to look for the folder, it had gone.

Re-booted and tried to run the Firefox Installer but keep getting a 7-Zip message saying it can't create a temp archive folder.

I'm a little tired so I'll have to leave this until tomorrow.

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Right click on the Firefox installer file, select "Properties" go on the compatibility header, click on run compatibility troubleshooter...

when the troubleshooter opens

Select troubleshoot the program,  check the "I do not see my problem listed" box, click on next
You will be prompted about the version of the windows in which the particular program had worked before, select "I dont know" select next
Click on "test the program"
If it worked or not, click on next
If it had worked, click on "yes, save these settings for this program"
if it hadnt worked, click on "No, try using different settings" after that try from "test the program" again...

any good...

Link to post
Share on other sites
troglodite

troglodite

Posted
  • Author
Posted

No sign of 'Run Campatability Trouble Shooter' under Properties, but there is a 'Troubleshoot compatability' after right-clicking.

 Clicking there produces an Error message saying Trouble shooting Wizard cannot continue.  Error code : 0x80070005     Source : Temporary Files

I think it's time to give up.

Thank you for your help, but it's taking too much time to get Firefox back so I'll use something else.

It's about time I pensioned the Laptop off anyway.

Maybe go for Linux next time,

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.