If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Who is messing with my file
This isn't really about Firefox -- at leat I think it's more about the OS** - or I would likely not post it here. You don't have to read too carefullly because when you get to the end, the problem is solved. **Or some terrible flaw in the latest release of FF, but if that were the case, I'd expect to see more complaints in the FF newsgroup. Ffirefox lost all its profiles except the one I never use, called default. Here is how I discovered FF didn't work, and what I did to fix it. From an earlier thread called Someone is screwing with me. 3) Then just now I noticed that something changed the setting in Firefox, when opening the program, From: Bring up windows and tabs from last time. TO Home Page. I don't know when this happened. Well, I figured out this one. Firefox had a good system for Options but they changed it to look like webpages, and they changed my option here. 4) And the file I dl'd successfully a couple hours ago, which crashes during installation, I've tried to dl again, and the FF Downloads page says it completed but it's not in the downloads folder, even though that is still where FF says it puts it. So where did it go? Same thing here. Though it still said Downloads, it meant My Documents \ Downloads, not C:\Downloads. So they had changed it -- shame on them -- to this location they don't even describe well -- double shame. Well, it's possible something else happened. I have FF open, and I clicked on a start-up icon for it, and the Profile manager opens up, and all there is is the default. I used to have 3, that is, 4 profiles, one of which was named default. All my stuff was in the other profiles. I looked in Documents and Settings and it looks like I remember it, to the best of my memory. I had been looking at it yesterday and earlier today, but I don't think I could have deleted anything accidentally. Well, afaict now, all of the files really are there, and one, only one, had been tampered with, profiles.ini . The mozilla.support.firefox group doesn't seem as technical as the ngs here have been, (though maybe I'm rushing to judgment). Anyhow googling for help I found a url http://kb.mozillazine.org/Recovering...ly_disappeared that says it's about FF and Thunderbird, but was clearly written for Thunderbird. I don't know how well it fits, but it does make reference to profiles.ini. So that's where I started. I actually have a backup partition so I Search in my backup drive for profiles.ini and find 5 of them, one for Sea Monkey, one for CompoZer, one for Firefox back when I had WinME, one named Firefox-8-19-12, and one for Firefox: This last one is copied below. D: is my system drive. Back when I understood how things worked, I moved some of my FF profile stuff to my own D:\Data, but I seem to have missppelled the directory as Profiiles. I wonder what effect that has had, but it coudn't be the source of the recent problem because I did this years ago. [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/fkz5hp8p.default Default=1 [Profile1] Name=TestSess IsRelative=0 Path=D:\Data\Firefox\Profiiles Default=1 [Profile2] Name=TessSessomBeta IsRelative=0 Path=D:\Data\Firefox\Profiiles [Profile3] Name=OneShot IsRelative=1 Path=Profiles/8lx8697h.OneShot Then I looked in my actual D: drive and only the first two sections were there, nohing past the Profile0 section. I copied over the rest from the backup to make the original match the backup, but I assumed I'd have to find everything needed to support the other three sections. Then I saved the D: profiles.ini, clicked on the FF icon, and up popped a list of 4 profiles (instead of only one like I've gotten for the last two days) But like I say, I figured whatever supported them would be missing. I clicked on Testsess, the one I use the most, and -- though I hate the new format that seems to have begun coincidentally -- or is it a coincidence??? -- I got the Restore Session page for Firefox from 2 nights ago! And I checked and the history and passwords are there too. I havent' checked the other two profiles but they probably work and they're less importanr anyhow. So, what damaged my profiles.ini ????? I never edited it, and I never told the program that displays a list of them to delete a profile, and certainly not 3 of them It strikes me that it was a bug in the install of version 38 of FF. Any better ideas? But if that is the case, how come I havent' seen loads of complaints? Profiles.ini wasn't garbled or illegible. It was edited or truncated. That doesn't seem like something a problem harddrive could do. Plus I seem to find other urls about damaged profiles.ini. How was an average user to have found this problem. If I didn't have a bacikup, how would I know what lines to put back in? |
Ads |
#2
|
|||
|
|||
Who is messing with my file
micky wrote:
This isn't really about Firefox -- at leat I think it's more about the OS** - or I would likely not post it here. You don't have to read too carefullly because when you get to the end, the problem is solved. **Or some terrible flaw in the latest release of FF, but if that were the case, I'd expect to see more complaints in the FF newsgroup. Ffirefox lost all its profiles except the one I never use, called default. Here is how I discovered FF didn't work, and what I did to fix it. From an earlier thread called Someone is screwing with me. 3) Then just now I noticed that something changed the setting in Firefox, when opening the program, From: Bring up windows and tabs from last time. TO Home Page. I don't know when this happened. Well, I figured out this one. Firefox had a good system for Options but they changed it to look like webpages, and they changed my option here. 4) And the file I dl'd successfully a couple hours ago, which crashes during installation, I've tried to dl again, and the FF Downloads page says it completed but it's not in the downloads folder, even though that is still where FF says it puts it. So where did it go? Same thing here. Though it still said Downloads, it meant My Documents \ Downloads, not C:\Downloads. So they had changed it -- shame on them -- to this location they don't even describe well -- double shame. Well, it's possible something else happened. I have FF open, and I clicked on a start-up icon for it, and the Profile manager opens up, and all there is is the default. I used to have 3, that is, 4 profiles, one of which was named default. All my stuff was in the other profiles. I looked in Documents and Settings and it looks like I remember it, to the best of my memory. I had been looking at it yesterday and earlier today, but I don't think I could have deleted anything accidentally. Well, afaict now, all of the files really are there, and one, only one, had been tampered with, profiles.ini . The mozilla.support.firefox group doesn't seem as technical as the ngs here have been, (though maybe I'm rushing to judgment). Anyhow googling for help I found a url http://kb.mozillazine.org/Recovering...ly_disappeared that says it's about FF and Thunderbird, but was clearly written for Thunderbird. I don't know how well it fits, but it does make reference to profiles.ini. So that's where I started. I actually have a backup partition so I Search in my backup drive for profiles.ini and find 5 of them, one for Sea Monkey, one for CompoZer, one for Firefox back when I had WinME, one named Firefox-8-19-12, and one for Firefox: This last one is copied below. D: is my system drive. Back when I understood how things worked, I moved some of my FF profile stuff to my own D:\Data, but I seem to have missppelled the directory as Profiiles. I wonder what effect that has had, but it coudn't be the source of the recent problem because I did this years ago. [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/fkz5hp8p.default Default=1 [Profile1] Name=TestSess IsRelative=0 Path=D:\Data\Firefox\Profiiles Default=1 [Profile2] Name=TessSessomBeta IsRelative=0 Path=D:\Data\Firefox\Profiiles [Profile3] Name=OneShot IsRelative=1 Path=Profiles/8lx8697h.OneShot Then I looked in my actual D: drive and only the first two sections were there, nohing past the Profile0 section. I copied over the rest from the backup to make the original match the backup, but I assumed I'd have to find everything needed to support the other three sections. Then I saved the D: profiles.ini, clicked on the FF icon, and up popped a list of 4 profiles (instead of only one like I've gotten for the last two days) But like I say, I figured whatever supported them would be missing. I clicked on Testsess, the one I use the most, and -- though I hate the new format that seems to have begun coincidentally -- or is it a coincidence??? -- I got the Restore Session page for Firefox from 2 nights ago! And I checked and the history and passwords are there too. I havent' checked the other two profiles but they probably work and they're less importanr anyhow. So, what damaged my profiles.ini ????? I never edited it, and I never told the program that displays a list of them to delete a profile, and certainly not 3 of them It strikes me that it was a bug in the install of version 38 of FF. Any better ideas? But if that is the case, how come I havent' seen loads of complaints? Profiles.ini wasn't garbled or illegible. It was edited or truncated. That doesn't seem like something a problem harddrive could do. Plus I seem to find other urls about damaged profiles.ini. How was an average user to have found this problem. If I didn't have a bacikup, how would I know what lines to put back in? I don't think I can put all that evidence together well enough to give a root cause. I'll just make a few general comments. Thunderbird is a "copy of Firefox plus a small number of mail/newsgroup specific files". A guess is, the appearance and panes you see in Thunderbird, are built on Firefox browser. (In fact, the Thunderbird three-pane normal view turns to a large yellow window announcing an "XML parsing error", when the wheels fall off this scheme.) And when you use the Thunderbird build setup, there is a setting when compiling Thunderbird, that says whether you want a mail tool or a browser instead. Thunderbird has more files than Firefox, because it uses the files of Firefox, plus some of its own. Your profiles.ini has two Default=1 items. I suspect it should have only one. With no Profile Manager involved, it's likely to snag the first instance of Default=1 it finds. And I don't know what your StartWithLastProfile does, since it would need to store that information somewhere. And it's not in the profile.ini file itself. Maybe prefs.js, a favorite exploit location ? The alternate profiles are only likely to matter, if you launch the Profile Manager at startup (via command line option). Otherwise, the Mozilla tool is most likely to grab the Default=1 one. ******* I think WinXP doesn't support ASLR (a good option on the very latest OS, for randomizing executable layout at launch time). WinXP has DEP, and there is a danger Firefox and Thunderbird aren't protected by default A possible danger, is a redirection event, which seems to (eventually) attack some code. Like, something gets overwritten and any notion of protections Firefox might have, are overcome. Someone here, is told by what I assume is PM (Private Message) that TalkBack affects the DEP status of the programs. (TalkBack is an addon for logging crashes or something, with Mozilla.) http://forums.mozillazine.org/viewto...?f=38&t=633325 Of course, it's a little late to be adding armor, if something got through. The only infection I've had under Windows, was acquired via Firefox, and it took the trial version of Kaspersky a number of reboots, to get rid of it. And it was a jolly great redirect attack, with a ton of Firefox windows opening until the OS was exploited. How they do these, is they hack a legitimate site, they only change a line or two of code on the site, sending you to a site with a metric ton of stuff to run. So the owners of the legit site might not notice, unless they regularly scan their filesystem for changes or something (TripWire). The URLs of the infection sites, use almost totally random names ceis4.citvke.com if you catch the traffic in a packet sniffer. The tool Adwcleaner, checks the "prefs.js" file for added lines. If Firefox has adware, sometimes a lot of extra stuff is added to that file (the file ends up 30x bigger than an uninfected prefs.js). So you can look in there for unusual content. On Seamonkey, there is a single file which contains a cache of startup items. I've had some sort of attack done on Seamonkey, where "startupCache.4.little" becomes bigger than normal. Right now, mine is 1,894,547 bytes. The nice thing about that file, is it can be deleted and it will regenerate itself on the next startup. The size is likely proportional to the number of addons you have in Seamonkey. So in addition to "prefs.js", that "startupCache.4.little" file can be attacked as well. You could try a scan with this tool. You don't have to click the "clean" option if you don't want to. The scan may give you some idea whether adware is present. I find it strange that your machine hasn't been "tipped over", with more obvious malware symptoms. Rather than just "playing around" with a few files. Which would not be a normal size effect of attempted exploitation. http://www.bleepingcomputer.com/download/adwcleaner/ Obviously, you can scan with the "usual tools" if you want. I use the Kaspersky offline scanner CD after something like this, to see if it sees anything. I keep a USB key with this on it. (I've burned several CDs with older versions, but that's just a waste of CDs. The USB key makes more sense, even if it's writable.) http://support.kaspersky.com/8092 I've had stuff that sits in the browser cache, and continues to mess around. Simply cleaning the cache is enough to stop that, although sometimes I do such cleaning manually to make sure everything in the cache is gone. Rather than most everything. I've had a file sitting in the cache, that was running some sort of timer 12 hours after the file was first downloaded. There's no question, that a significant number of issues on computers can be explained via malware. It's unusual though, for so few (insignificant) things to be affected. If I wanted to get your attention, I might set the "hide" bit on all your data files. I might go "Cryptolocker" and encrypt all your data files (so your Dropbox uploads the encrypted files and overwrites your backup copies too). Effective Malware is like Ebola - it doesn't fool around. I don't really know how to explain trivial or minor damage. Who would waste their time doing that ? A mental case ? Paul |
Thread Tools | |
Display Modes | |
|
|