Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Suspicious behavior, possibly a FF extension

  • 1 відповідь
  • 2 мають цю проблему
  • 1 перегляд
  • Остання відповідь від Swarnava Sengupta

more options

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address 85.10.195.247. I looked in Task Manager & saw this was being initiated by C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll. I looked at msconfig and saw it was starting with argument rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum.

I noticed that the file creation date for i18mapIde.dll was today, but I have not installed anything. I looked up the IP address & it is owned by your-server dot de & read that they have been host to malware & dubious practises, such as spam attacks.

When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this?

I have these extensions installed:

  • Always on Top
  • CookieCuller
  • CSS Usage
  • deskCut
  • Download Sort
  • DownloadHelper
  • Firebug
  • Firecookie
  • FireQuery
  • FireRainbow
  • GoogleEnhancer
  • Greasemonkey
  • Html Validator
  • HttpFox
  • IE Tab+
  • Inline Code Finder for Firebug
  • Launchy
  • Menu Editor
  • Page Speed
  • Personal Menu
  • Save Link
  • Tab Mix Plus
  • Thumbs
  • ViewInFirefox
  • Web Developer
  • Yslow

I have a few more that are disabled, so I assume they would not be able to do this.

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address '''85.10.195.247'''. I looked in Task Manager & saw this was being initiated by '''C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll'''. I looked at msconfig and saw it was starting with argument '''rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum'''. I noticed that the file creation date for '''i18mapIde.dll''' was today, but I have not installed anything. I looked up the IP address & it is owned by '''your-server''''' dot '''''de''' & read that they have been host to malware & dubious practises, such as spam attacks. When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this? I have these extensions installed: * Always on Top * CookieCuller * CSS Usage * deskCut * Download Sort * DownloadHelper * Firebug * Firecookie * FireQuery * FireRainbow * GoogleEnhancer * Greasemonkey * Html Validator * HttpFox * IE Tab+ * Inline Code Finder for Firebug * Launchy * Menu Editor * Page Speed * Personal Menu * Save Link * Tab Mix Plus * Thumbs * ViewInFirefox * Web Developer * Yslow I have a few more that are disabled, so I assume they would not be able to do this.

Змінено simple9

Усі відповіді (1)

more options

If you suspect its a malware issue, Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.

See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site