Suspicious behavior, possibly a FF extension
I had a popup from my firewall saying rundll32.exe was trying to connect to IP address 85.10.195.247. I looked in Task Manager & saw this was being initiated by C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll. I looked at msconfig and saw it was starting with argument rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum.
I noticed that the file creation date for i18mapIde.dll was today, but I have not installed anything. I looked up the IP address & it is owned by your-server dot de & read that they have been host to malware & dubious practises, such as spam attacks.
When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this?
I have these extensions installed:
- Always on Top
- CookieCuller
- CSS Usage
- deskCut
- Download Sort
- DownloadHelper
- Firebug
- Firecookie
- FireQuery
- FireRainbow
- GoogleEnhancer
- Greasemonkey
- Html Validator
- HttpFox
- IE Tab+
- Inline Code Finder for Firebug
- Launchy
- Menu Editor
- Page Speed
- Personal Menu
- Save Link
- Tab Mix Plus
- Thumbs
- ViewInFirefox
- Web Developer
- Yslow
I have a few more that are disabled, so I assume they would not be able to do this.
Bewerkt door simple9 op
Alle antwoorden (1)
If you suspect its a malware issue, Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
- http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site