On application run of Firefox my firewall blocks access to "mirror.mirror-files.com/tnt2/10252/FindWide_16.ico" and flags it as a 'Mal/HTMLGen-A' threat.
I'm running Sophos Endpoint Protection on my PC and have 2 android devices synced to firefox. Also have LastPass on the PC. I recently installed and then very quickly uninstalled open office (due to adverts from Yula), following that uninstall I used ccleaner to tidy up the registry etc. Need your help with the process of elimination, if its a genuine firefox function then I'll open it up otherwise its time to hunt waskally waabits!
Below is the antivirus log for today (when the issue arose): 20140627 010456 Blocked web request to "mirror.mirror-files.com/tnt2/10252/FindWide_16.ico" for user Bane_2\BillyBoof. 'Mal/HTMLGen-A' has been found at this website, reference ID 124416537. 20140627 011044 Blocked web request to "mirror.mirror-files.com/tnt2/10252/FindWide_16.ico" for user Bane_2\BillyBoof. 'Mal/HTMLGen-A' has been found at this website, reference ID 124416537.
Firewall log (extract): 09:10:45 firefox.exe OUT TCP localhost 49511 IM outbound client connection (TCP) 09:10:44 svchost.exe OUT UDP 10.0.0.138 DNS Allow DNS resolving (UDP) 09:10:44 system OUT TCP 157.56.141.114 HTTPS Browser HTTPS connection 09:10:44 firefox.exe OUT TCP 184.86.223.112 HTTP Browser HTTP connection 09:10:44 firefox.exe IN TCP localhost 49500 Localhost Connection 09:10:44 firefox.exe OUT TCP localhost 49499 IM outbound client connection (TCP) 09:10:41 svchost.exe OUT TCP 157.56.141.114 HTTPS IM outbound client connection (TCP) 09:04:57 firefox.exe IN TCP localhost 49309 Localhost Connection 09:04:56 firefox.exe IN TCP localhost 49290 Localhost Connection 09:04:56 firefox.exe OUT TCP localhost 49289 IM outbound client connection (TCP) 09:04:56 svchost.exe OUT UDP 10.0.0.138 DNS Allow DNS resolving (UDP) 09:04:56 firefox.exe OUT TCP 98.137.250.95 HTTPS Browser HTTPS connection 09:04:56 firefox.exe IN TCP localhost 49296 Localhost Connection 09:04:56 firefox.exe OUT TCP localhost 49295 IM outbound client connection (TCP) 09:04:56 svchost.exe OUT UDP 10.0.0.138 DNS Allow DNS resolving (UDP) 09:04:56 firefox.exe OUT TCP localhost 9050 IM outbound client connection (TCP) 09:04:56 firefox.exe IN TCP localhost 49293 Localhost Connection 09:04:56 firefox.exe OUT TCP localhost 49292 IM outbound client connection (TCP) 09:04:56 firefox.exe OUT TCP 184.86.223.121 HTTP Browser HTTPS connection 09:04:55 svchost.exe OUT UDP 10.0.0.138 DNS Allow DNS resolving (UDP)
Wšě wotmołwy (1)
Not sure why the times on the antivirus log have skewed, here's the screenshot http://imgur.com/pNTI1Qq