firefox initiates malicious outbound attempts frequently when accessing other sites...cdn-apl.skim.gs 72.21.91.8 for example why? and how do I remove it.
just recently firefox allows through the firefox(x86) an outbound attemp to contact malicious website which is then blocked by malwarebytes, an example is listed above but they are various and it seems to happen most often if there's a video attached to whatever i click to read...any ideas as to why this just started doing it...I removed/reinstalled firefox, did safe test/restart without add ons, ran evry virus/rootkit/malware scan i have(norton 360/malwarebytes premium/ccleaner, etc to no avail...
All Replies (9)
Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
- Microsoft Safety Scanner
- MalwareBytes' Anti-Malware
- Anti-Rootkit Utility - TDSSKiller
- AdwCleaner (for more info, see this alternate AdwCleaner download page)
- Hitman Pro
- ESET Online Scanner
Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Windows 8 has antivirus built-in already.
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Did this fix your problems? Please report back to us!
Personally, I find that AdwCleaner works the best and that is what I use to clean my computer of any infections.
It seems that many sites might share that server: https://www.virustotal.com/en/ip-address/72.21.91.8/information/
Could you test in Firefox's Safe Mode? That's a standard diagnostic tool to deactivate extensions and some advanced features of Firefox. More info: Diagnose Firefox issues using Troubleshoot Mode.
If Firefox is not running: Hold down the Shift key when starting Firefox.
If Firefox is running: You can restart Firefox in Safe Mode using either:
- "3-bar" menu button > "?" button > Restart with Add-ons Disabled
- Help menu > Restart with Add-ons Disabled
and OK the restart.
Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).
Any improvement?
When you reinstalled, did you...
Clean Reinstall
We use this name, but it's not about removing your settings, it's about making sure the program files are clean (no inconsistent, corrupted, or alien code files). As described below, this process does not disturb your existing settings. Do NOT uninstall Firefox, that's not needed.
(A) Download a fresh installer for Firefox 40.0.3 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.)
(B) Exit out of Firefox (if applicable).
(C) Rename the program folder, either:
(64-bit Windows folder names)
C:\Program Files (x86)\Mozilla Firefox
to
C:\Program Files (x86)\OldFirefox
(32-bit Windows folder names)
C:\Program Files\Mozilla Firefox
to
C:\Program Files\OldFirefox
(D) Run the installer you downloaded in (A). It should automatically connect to your existing settings.
Any improvement?
Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders:
- \OldFirefox\Plugins
- \OldFirefox\browser\plugins
Your system details shows you are using multiple anti-virus programs. This could cause a problem.
Separate Issue; Your System Details shows;
Installed Plug-ins
Shockwave Flash 18.0 r0
Shockwave Flash 12.0 r0
Having more than one version of a program may cause issues.
You must remove the older programs. Then get the current full installer.
Note: Edge on Win10 does not use ActiveX version but its own Flash.
Flash: Grab the uninstaller from here: Uninstall Flash Player | Windows Uninstall Flash Player | Mac
Then reinstall the latest version.
Flash Player Version 18.0.0.232
https://www.adobe.com/products/flashplayer/distribution3.html
Note: Windows users must download the “Internet Explorer”
and “Plugin-based browsers” installers.
ok did some of those, but it turns out this action crosses all browsers, ff/ie/chrome. so that seems to suggest its a deeper issue. any thoughts?
the thing is trying to phone home every time i change a web page (very annoying) malwarebytes id's it and blocks so it's visible to a degree, but nothing has located the source yet.
Do you (knowingly) use any proxy server, private VPN, Tor, or other kind of indirect method of accessing websites?
Have your Windows DNS settings been changed? You can check the IE network settings under LAN: http://windows.microsoft.com/en-us/windows/change-internet-explorer-proxy-server-settings
As suggested earlier, you may want to supplement your regular security software with some additional cleaning tools. You can find links in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
ok I'll try some now...thanks