We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Adware keeps Taking Over Firefox, Firefox@helper2

  • 47 பதிலளிப்புகள்
  • 2 இந்த பிரச்னைகள் உள்ளது
  • 5 views
  • Last reply by falaniz

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day.

After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there.

Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

Starting back about two weeks ago, I got a weird series of pop-ups on Mozilla Firefox's latest version. I figured it was something easily nukable with MalwareBytes, so I had it do its job, and it seemed to stop... for about a day. After that, the Malware reasserted itself, and soon, MalwareBytes wasn't getting rid of it, even with a rootkit scan. So, I downloaded and ran the Kaspersky Labs rescue disc, let it run overnight. I start up Firefox, and lo and behold... it is still there. Firefox Helper 2 comes back the very next day. Malwarebytes detects nothing.

All Replies (7)

New approach...

FreeFixer:

Delete - "Beta Software Worker" - scheduled task

Delete - Firefox Helper2 c:\users\frank\appdata\roaming\mozilla\firefox\profiles\iipxbbs7.default-1462029000861\extensions\firefox@helper2\install.rdf – Mozilla Firefox extensions

Registry

Search and remove astask.exe

HKEY_CURRENT_USER->SOFTWARE->MICROSOFT

Its been 5 days and since removing the folder that housed astask.exe, C:\Program Files (x86)\Beta Software, and removing astask,exe from the registry and since then I have not seen the popups return.

Although I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

falaniz said

I have seen the scheduled task re-enable itself in the scheduled tasks. It points to C:\Program Files (x86)\Beta Software\astask.exe but since the folder is not there my guess is its failing. This prompted me to locate the task in Windows Task Scheduler and completely remove it.

You were able to remove whatever keeps re-adding the task, or is that still mystery process possibly running on the system?

Initially I disabled the task in Task Scheduler View but since have deleted the task in Windows Task Scheduler. I checked this and there are no signs of the astask.exe executable or the Beta Software scheduled task. I may have the infection under control.

Been going good for some time now, up until today. Helper2 is back and I can not put my finger on what triggered it.

Is it a coincidence that it's June 1st -- is there any "first of month" scheduled task that we might have missed?

If you didn't download anything intentionally, and no existing malware reinstalled it, I would suspect a "drive by" installation through a vulnerable plugin, but that's just a guess. We don't have a lot of data points to go on.

No tasks the are scheduled at the being of each month. "Beta Software Worker" was back as a scheduled task and I removed it once again. No downloads lately, I am pretty cautions with downloading. Currently checking malware with ZOEZK

  1. 1
  2. 2
  3. 3