Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Suspicious behavior, possibly a FF extension

simple9
simple9
more options

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address 85.10.195.247. I looked in Task Manager & saw this was being initiated by C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll. I looked at msconfig and saw it was starting with argument rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum.

I noticed that the file creation date for i18mapIde.dll was today, but I have not installed anything. I looked up the IP address & it is owned by your-server dot de & read that they have been host to malware & dubious practises, such as spam attacks.

When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this?

I have these extensions installed:

  • Always on Top
  • CookieCuller
  • CSS Usage
  • deskCut
  • Download Sort
  • DownloadHelper
  • Firebug
  • Firecookie
  • FireQuery
  • FireRainbow
  • GoogleEnhancer
  • Greasemonkey
  • Html Validator
  • HttpFox
  • IE Tab+
  • Inline Code Finder for Firebug
  • Launchy
  • Menu Editor
  • Page Speed
  • Personal Menu
  • Save Link
  • Tab Mix Plus
  • Thumbs
  • ViewInFirefox
  • Web Developer
  • Yslow

I have a few more that are disabled, so I assume they would not be able to do this.

I had a popup from my firewall saying rundll32.exe was trying to connect to IP address '''85.10.195.247'''. I looked in Task Manager & saw this was being initiated by '''C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll'''. I looked at msconfig and saw it was starting with argument '''rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum'''. I noticed that the file creation date for '''i18mapIde.dll''' was today, but I have not installed anything. I looked up the IP address & it is owned by '''your-server''''' dot '''''de''' & read that they have been host to malware & dubious practises, such as spam attacks. When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this? I have these extensions installed: * Always on Top * CookieCuller * CSS Usage * deskCut * Download Sort * DownloadHelper * Firebug * Firecookie * FireQuery * FireRainbow * GoogleEnhancer * Greasemonkey * Html Validator * HttpFox * IE Tab+ * Inline Code Finder for Firebug * Launchy * Menu Editor * Page Speed * Personal Menu * Save Link * Tab Mix Plus * Thumbs * ViewInFirefox * Web Developer * Yslow I have a few more that are disabled, so I assume they would not be able to do this.

由simple9于修改

所有回复 (1)

Swarnava Sengupta
Swarnava Sengupta
  • Locale Leader
more options

If you suspect its a malware issue, Do a malware check with some malware scan programs. You need to scan with all programs because each program detects different malware. Make sure that you update each program to get the latest version of the database before doing a scan.

See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and Searches are redirected to another site