Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

Adware keeps Taking Over Firefox, Firefox@helper2

  • 47 wotmołwy
  • 2 matej tutón problem
  • 1 napohlad
  • Poslednja wotmołwa wot falaniz

more options

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day.

After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there.

Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day. After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there. Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

Wšě wotmołwy (7)

more options

New approach...

FreeFixer:

Delete - "Beta Software Worker" - scheduled task

Delete - Firefox Helper2 c:\users\frank\appdata\roaming\mozilla\firefox\profiles\iipxbbs7.default-1462029000861\extensions\firefox@helper2\install.rdf – Mozilla Firefox extensions

Registry

Search and remove astask.exe

HKEY_CURRENT_USER->SOFTWARE->MICROSOFT

more options

Its been 5 days and since removing the folder that housed astask.exe, C:\Program Files (x86)\Beta Software, and removing astask,exe from the registry and since then I have not seen the popups return.

Although I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

more options

falaniz said

I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

You were able to remove whatever keeps re-adding the task, or is that still mystery process possibly running on the system?

more options

Initially I disabled the task in Task Scheduler View but since have deleted the task in Windows Task Scheduler. I checked this and there are no signs of the astask.exe executable or the Beta Software scheduled task. I may have the infection under control.

more options

Been going good for some time now, up until today. Helper2 is back and I can not put my finger on what triggered it.

more options

Is it a coincidence that it's June 1st -- is there any "first of month" scheduled task that we might have missed?

If you didn't download anything intentionally, and no existing malware reinstalled it, I would suspect a "drive by" installation through a vulnerable plugin, but that's just a guess. We don't have a lot of data points to go on.

more options

No tasks the are scheduled at the being of each month. "Beta Software Worker" was back as a scheduled task and I removed it once again. No downloads lately, I am pretty cautions with downloading. Currently checking malware with ZOEZK

  1. 1
  2. 2
  3. 3