Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

Adware keeps Taking Over Firefox, Firefox@helper2

  • 47 Mbohovái
  • 2 oguereko ko apañuãi
  • 5 Hecha
  • Mbohovái ipaháva falaniz

more options

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day.

After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there.

Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day. After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there. Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

Opaite Mbohovái (7)

more options

New approach...

FreeFixer:

Delete - "Beta Software Worker" - scheduled task

Delete - Firefox Helper2 c:\users\frank\appdata\roaming\mozilla\firefox\profiles\iipxbbs7.default-1462029000861\extensions\firefox@helper2\install.rdf – Mozilla Firefox extensions

Registry

Search and remove astask.exe

HKEY_CURRENT_USER->SOFTWARE->MICROSOFT

more options

Its been 5 days and since removing the folder that housed astask.exe, C:\Program Files (x86)\Beta Software, and removing astask,exe from the registry and since then I have not seen the popups return.

Although I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

more options

falaniz said

I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

You were able to remove whatever keeps re-adding the task, or is that still mystery process possibly running on the system?

more options

Initially I disabled the task in Task Scheduler View but since have deleted the task in Windows Task Scheduler. I checked this and there are no signs of the astask.exe executable or the Beta Software scheduled task. I may have the infection under control.

more options

Been going good for some time now, up until today. Helper2 is back and I can not put my finger on what triggered it.

more options

Is it a coincidence that it's June 1st -- is there any "first of month" scheduled task that we might have missed?

If you didn't download anything intentionally, and no existing malware reinstalled it, I would suspect a "drive by" installation through a vulnerable plugin, but that's just a guess. We don't have a lot of data points to go on.

more options

No tasks the are scheduled at the being of each month. "Beta Software Worker" was back as a scheduled task and I removed it once again. No downloads lately, I am pretty cautions with downloading. Currently checking malware with ZOEZK

  1. 1
  2. 2
  3. 3