Questions

Firefox pop up led to pc uploading system files to ??

+
1 Votes
Locked

Firefox pop up led to pc uploading system files to ??

blayson
Using Firefox ver 9 yesterday got a pop up box saying I needed to upgrade Firefox. I clicked the button.

The screen didn't change but after a few seconds, I noticed an area upper right with scrolling file names. %Windows% caught my eye. I switched off my wireless antenna quickly.

The address line showed www.softochck.org. I quickly closed the window.

Is There any way to see what was uploaded, and why or by who?

Windows xp sp3, wireless connection to Internet in our office.
I run paid version of avg, it did nothing, no prompt or question.

Any advice appreciated.
  • +
    1 Votes
    cmiller5400

    I'd run some Malware scans, I'd even go so far as to boot to UBCD4Win and run the malware scans from the live CD...

    +
    0 Votes
    blayson

    Where canon I find thu UBCD4Win?
    I am not a real tech, just a user.

    +
    1 Votes
    databaseben

    definitely sounds like malware.

    there is no way of seeing what got uploaded. but it is odd that it would be system files, especially since most system files are tied to the physical system they were set up on, due to microsoft's anti piracy engineering.

    in any case, try looking for cookies with that name "softochck" via the firefox tools option.

    if its search results show them in a list, then delete them all.

    next, double check add-on and extensions via firefox tools option and disable / remove any of them that are not typical, like acrobat.

    next, run hijackthis and remove any entries that refer to that name above.

    also on the list there will be r1 and r0 lines. study the lines carefully and be sure that the ones for msn and microsoft and blank html pages remain as your standard defaults, and delete the rest of the others that reference different pages.

    next, search your disk drive for that name and delete any folders for it.

    next, search your registry for that file name and delete any registry keys for it.

    next, run autoruns or runanalyzer and hunt around for drivers or entries with that name.

    you may also want to enter that site in your hosts file to keep it off limits for your browser.

    if you want to spy on the site without feeling compromised or vulnerable and figure out what they are about, try using the "tor" browser system.

    +
    1 Votes
    blayson

    Just to let you guys know I'm using your help.
    Have downloaded the ubcd to USB stick, copying my Toshiba disk to desktop, getting ready to slipstream, whatever that means. I'm following the instructions.

    +
    0 Votes
    OH Smeg

    http://www.techrepublic .com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    +
    0 Votes
    echo9

    Hi there!
    Try using Malwarebytes Anti-Malware! :)
    Scan your system by updating its virus definitions to the latest version and try running full system scan.

    Its a freeware, check CNET's website (software section).
    Its the most widely used, trusted, deployed anti-malware software..
    Trust me :)

  • +
    1 Votes
    cmiller5400

    I'd run some Malware scans, I'd even go so far as to boot to UBCD4Win and run the malware scans from the live CD...

    +
    0 Votes
    blayson

    Where canon I find thu UBCD4Win?
    I am not a real tech, just a user.

    +
    1 Votes
    databaseben

    definitely sounds like malware.

    there is no way of seeing what got uploaded. but it is odd that it would be system files, especially since most system files are tied to the physical system they were set up on, due to microsoft's anti piracy engineering.

    in any case, try looking for cookies with that name "softochck" via the firefox tools option.

    if its search results show them in a list, then delete them all.

    next, double check add-on and extensions via firefox tools option and disable / remove any of them that are not typical, like acrobat.

    next, run hijackthis and remove any entries that refer to that name above.

    also on the list there will be r1 and r0 lines. study the lines carefully and be sure that the ones for msn and microsoft and blank html pages remain as your standard defaults, and delete the rest of the others that reference different pages.

    next, search your disk drive for that name and delete any folders for it.

    next, search your registry for that file name and delete any registry keys for it.

    next, run autoruns or runanalyzer and hunt around for drivers or entries with that name.

    you may also want to enter that site in your hosts file to keep it off limits for your browser.

    if you want to spy on the site without feeling compromised or vulnerable and figure out what they are about, try using the "tor" browser system.

    +
    1 Votes
    blayson

    Just to let you guys know I'm using your help.
    Have downloaded the ubcd to USB stick, copying my Toshiba disk to desktop, getting ready to slipstream, whatever that means. I'm following the instructions.

    +
    0 Votes
    OH Smeg

    http://www.techrepublic .com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    +
    0 Votes
    echo9

    Hi there!
    Try using Malwarebytes Anti-Malware! :)
    Scan your system by updating its virus definitions to the latest version and try running full system scan.

    Its a freeware, check CNET's website (software section).
    Its the most widely used, trusted, deployed anti-malware software..
    Trust me :)