Why did I start getting BlueScreens when I first set Firefox as default browser?
My PC is 2 yrs old, 16 GB RAM, running under Win7 Professional, formerly using IE 11, using MS Security Essentials
PHASE 1: 10/18/18 - virus took over browser; CMD available, so I got rid of virus. Then 01/01/19 - 02/12/19 seven virus attacks even tho' I installed McAfee. 02/13 - Installed Firefox 65.0.2 -- NOT as DEFAULT browser.
PHASE 2: 02/15 - virus 02/16 - made Ffx DEFAULT browser 02/17 - "Firefox Update" virus; later same day, 1st BSOD. 02/18 - "Firefox Update" virus; later same day, 2nd BSOD. 02/19 - "Firefox Update" virus; UNINSTALLED Firefox. NOTE: I manually deleted many Ffx files left behind after uninstall (incl Ffx ID).
02/20, 02/22, 03/03, 3 addtl BSODs. 03/04 Reinstalled Ffx (Why not?); set it to default browser.
PHASE 3: No BSOD until 03/14, then none 'til 03/27. 03/28, 29, 31, BSODs; little use of machine; 04/09 legit UPDATE of Ffx. Still 65.0.2
PHASE 4: 04/12 BlueScreen; uninstalled Firefox; wiped everything I could: caches, dumps, internet Temp files 04/14 Full install of Firefox 66.0.3, set as default browser. Ghostery Add-on. 04/15, 04/16 -- viruses 04/19 BlueScreen. Made IE default browser -- it's a duenna -- but I'm using Firefox.
All Replies (10)
Hello!
I can't be entirely sure without having log files or scan results from the antivirus software, but I would say that there are leftovers of the virus or there may be quarantined files needed by the browser (IE).
If you haven't done so, do a boot time scan (a scan done before the files needed for the O.S to boot are loaded). Avast has that feature available even with the free version.
I hope it helps :).
AVAST sounds really promising, BUT ...
The default setting was for automatic "fixing" of any found problem, so I have no idea whether or not malware was found when I performed the disk scan. (The how-to articles all showed a display where the user would be asked for preferred disposition of the malware, and I misinterpreted the critical statement.) I've set Firefox to be my default browser, and I'll wait and see.
13 days is my record elapsed time between BlueScreens, so if I make it past that, Skaparate, I'll post a cautious "Success."
No matter the outcome I really appreciate your help.
Big P.S. I found Avast's scan history. No "infected files" were found, and full scans by McAfee and MS Security Essentials all along have similarly failed to find anything.
I hope Avast will protect me from those incoming viruses - McAfee doesn't - but the real problem source is too obscure for me: even tho' I close Office every night and usually Hibernate, I have at least once had a BScreen as soon as the logon screen disappeared. Event log verified that the machine was "inactive."
Did you check the Windows Event log to see whether more detail is available about the BSOD ?
Have you checked your event logs, specifically the ones related to the system?
To open the event viewer, press Windows key + R, type eventvwr and press Enter. There you must find the System logs and filter them by date to the date when the blue screen happened (and only the errors and critical errors). You can export them by right clicking on the key and Save all events as... and post them here to check them.
The APPLICATION log Event Name was always "BlueScreen". It yielded some fault bucket info sometimes, but not always. Let's see what I compiled:
Fault bucket , type 0 // (on ea 2/17, 2/18, 2/20, 2/22, 3/3,3/29) // X64_IP_MISALIGNED_SynTP.sys, type 0 // (on 3/14) // X64_0x19_3_nt! ExDeferredFreePool+ca6, type 0 // (3/27) // X64_MEMORY_CORRUPTION_LARGE, type 0 // (3/31) // (this one is linked in a complicated way to the BS of 3/28 that occurred during a MS Backup. Nice, hmm?)
Sometimes a message appeared on the BScrn but scrolled out of sight before I collected my wits:
BAD_POOL_HEADER // SYSTEM_SERVICE_EXCEPTION // (got this 2x) // DRIVER_IRQL_NOT_LESS_OR_EQUAL // (got this 2x) //
You don't seriously want me to post ALL these APP log events, do you? The SYSTEM log was much less interesting:
Always an expression of surprise: The previous system shutdown at xx on yy was unexpected. & "The computer has rebooted from a bugcheck." + BCCode & 4 parameters // altho' often there was no such SYS entry. I'll go back and check the log to verify after I post this.
Don't think I ever got the same Code value twice. Is it an error code, or simply a pointer along with the 1st 4 register values?
As long as I'm going thru the logs again, I'll go ahead and save them. Do you think MS Support might help? If I could point to a single error message or two, I could search their diagnostic msg DB, but "BlueScreen"? Don't think so.
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
https://www.malwarebytes.com/ - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
https://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
https://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
https://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
https://support.kaspersky.com/viruses/disinfection/5350
That's some homework assignment, but I on it!
Thanks for giving me the links.
Question for cor-el: Is it best for me to uninstall each tool after using it (before going on to the next one), or will it be OK to disable it when possible?
Windows Defender doesn't run under Windows 7, so far as I know, but there are lots of others in your list. Happily malwarebyes offers a limited free trial. Hope the others are as generous.
By the way, I'm on the East Coast and won't start this til tomorrow a.m. Much as I like tracking down bugs and am eager to solve my problem, my eyes feel burned out.
I have gone down the list of programs that Cor-el gave me yesterday.
AdwCleaner found a registry entry, thebrighttag.com, which it quarantined & I deleted.
SuperAntispyware found 653 Mozilla adware items & deleted them.
Two hours run time for MS Safety Scanner to scan more than 1.6 million items (incl memory) and found nothing.
I didn't run Spybot because it had no free access & seemed to be anti-tracking software rather than malware removal.
Neither Kaspersky Free Security (full awa rootkit scans) nor TDSSKiller reported any problems.
============
I just logged onto the Microsoft support (Community) site, and at the top of the queue - posted yesterday - was my problem, in Win 10 not 7. (The poster was upset that the mini-dump address given in the Event logs was always empty. It's an erroneous msg. Dump exists elsewhere.) Anyway, I'm going to post my problem. Maybe I can confirm that it was a coincidence that this all began when I set Firefox to be my default browser.
I'll keep checking in here in case something occurs to any of you that I could try. Thanks so much for giving me your time.