Adware keeps Taking Over Firefox, Firefox@helper2
Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day.
After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there.
Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.
Сви одговори (7)
New approach...
FreeFixer:
Delete - "Beta Software Worker" - scheduled task
Delete - Firefox Helper2 c:\users\frank\appdata\roaming\mozilla\firefox\profiles\iipxbbs7.default-1462029000861\extensions\firefox@helper2\install.rdf – Mozilla Firefox extensions
Registry
Search and remove astask.exe
HKEY_CURRENT_USER->SOFTWARE->MICROSOFT
Its been 5 days and since removing the folder that housed astask.exe, C:\Program Files (x86)\Beta Software, and removing astask,exe from the registry and since then I have not seen the popups return.
Although I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.
falaniz said
I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.
You were able to remove whatever keeps re-adding the task, or is that still mystery process possibly running on the system?
Initially I disabled the task in Task Scheduler View but since have deleted the task in Windows Task Scheduler. I checked this and there are no signs of the astask.exe executable or the Beta Software scheduled task. I may have the infection under control.
Been going good for some time now, up until today. Helper2 is back and I can not put my finger on what triggered it.
Is it a coincidence that it's June 1st -- is there any "first of month" scheduled task that we might have missed?
If you didn't download anything intentionally, and no existing malware reinstalled it, I would suspect a "drive by" installation through a vulnerable plugin, but that's just a guess. We don't have a lot of data points to go on.
No tasks the are scheduled at the being of each month. "Beta Software Worker" was back as a scheduled task and I removed it once again. No downloads lately, I am pretty cautions with downloading. Currently checking malware with ZOEZK