This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Suspicious behavior, possibly a FF extension

more options

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address 85.10.195.247. I looked in Task Manager & saw this was being initiated by C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll. I looked at msconfig and saw it was starting with argument rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum.

I noticed that the file creation date for i18mapIde.dll was today, but I have not installed anything. I looked up the IP address & it is owned by your-server dot de & read that they have been host to malware & dubious practises, such as spam attacks.

When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this?

I have these extensions installed:

  • Always on Top
  • CookieCuller
  • CSS Usage
  • deskCut
  • Download Sort
  • DownloadHelper
  • Firebug
  • Firecookie
  • FireQuery
  • FireRainbow
  • GoogleEnhancer
  • Greasemonkey
  • Html Validator
  • HttpFox
  • IE Tab+
  • Inline Code Finder for Firebug
  • Launchy
  • Menu Editor
  • Page Speed
  • Personal Menu
  • Save Link
  • Tab Mix Plus
  • Thumbs
  • ViewInFirefox
  • Web Developer
  • Yslow

I have a few more that are disabled, so I assume they would not be able to do this.

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address '''85.10.195.247'''. I looked in Task Manager & saw this was being initiated by '''C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll'''. I looked at msconfig and saw it was starting with argument '''rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum'''. I noticed that the file creation date for '''i18mapIde.dll''' was today, but I have not installed anything. I looked up the IP address & it is owned by '''your-server''''' dot '''''de''' & read that they have been host to malware & dubious practises, such as spam attacks. When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this? I have these extensions installed: * Always on Top * CookieCuller * CSS Usage * deskCut * Download Sort * DownloadHelper * Firebug * Firecookie * FireQuery * FireRainbow * GoogleEnhancer * Greasemonkey * Html Validator * HttpFox * IE Tab+ * Inline Code Finder for Firebug * Launchy * Menu Editor * Page Speed * Personal Menu * Save Link * Tab Mix Plus * Thumbs * ViewInFirefox * Web Developer * Yslow I have a few more that are disabled, so I assume they would not be able to do this.

Modified by simple9

All Replies (1)

more options

If you suspect its a malware issue, Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.

See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site