Windows 7: How can I detect, whether the Firefox Browser is "Infected" by A Crypto miner or not?

0

My Parents own since a couple of years a Computer with Windows 7, and everything worked fine, until about three or nine months ago. That's when their PC started to lag! I recognized it, but didn't know what the exact Problem was. Now I know about all this bitcoin etc.! And I read some articles about those viral Crypto miners appearing on some Websites that are persistent.

I already looked Into the taskmanager, resource monitor etc. and I found raised activity, about 20 per cent CPU usage above the normal level. Yes, I closed All Apps and background tasks like steam etc.! RAM usage is also Raised about 1.5 GB. Besides, the network activity shows about average 55% all filled with the Firefox PID 3280, although it's closed. The IP addresses they're communicating with aren' t XxX.XxX.XxX.XxX but Like mac adresses Xx:xX:Xx:xX.

So, I think it could be a crypto miner. How can I confirm whenever it's is or not? If it is, how do I remove it?

Dominique the Gamer

Posted 2018-02-08T10:55:46.220

Reputation: 1

Create a new Firefox Profile. Also if no Firefox process is running but you're seeing network traffic for it something is wrong. The addresses you're seeing are likely IPv6 addresses an example for Facebook would be 2a03:2880:f11c:8183:face:b00c:0:1. – Seth – 2018-02-08T11:21:58.603

Ok What do You mean by Create a New Firefox Profile, And what should I do with the old one, how does this work? – Dominique the Gamer – 2018-02-08T11:24:47.527

By the way, Our Router does not support IPv6, so it's even More Strange, That there are showing up that IPv6 adresses – Dominique the Gamer – 2018-02-08T11:27:34.677

Use the Profile Manager to create and remove Firefox profiles - it's up to you to decide what to do with the old profile. I'd first check whenever creating and using a new profile helps. How old is your router? Are you sure? What is the actual address you're seeing? – Seth – 2018-02-08T11:32:34.807

According to the German Website https://www.wieistmeineip.de/ipv6-test/ That Tells, telling me, IPv6 Adress: Not Available

– Dominique the Gamer – 2018-02-08T11:34:57.507

Our Router model Is Fritz!Box 7560 – Dominique the Gamer – 2018-02-08T11:35:46.630

You might be using IPv6 internally on that model.

– Seth – 2018-02-08T11:51:19.417

Seems Working, Whatever it was, Now CPU says, 3% Usage RAM is only 2GB (Before 3.35 GB) Network tab is Almost empty (No Firefox Process at all, Before that change about 20 - 40 Processes Firefox.exe – Dominique the Gamer – 2018-02-08T11:52:36.513

Profile change Seems to be working I'll try out a Benchmark test to go 4 Sure, If it will be an obviously Much better result than yesterday I'll Close The question – Dominique the Gamer – 2018-02-08T11:55:17.950

Answers

-1

pretty sure firefox stops such programs from running in tracking protection.. unless you have unticked the box in those settings. If a cpu miner has indeed been running then you must have granted it access at somepoint otherwise it would not get past firefox and your firewall

check your firewall for what apps you have granted permission recently. clear cookies in firefox and go through all security options and tailor to your needs.

Most firewalls have a purge option, comodo for example. should get rid of it.

I recommend you install "https everywhere" and "noscript". these are the only 2 tools you need to stop such things without need for firewall or firefox settings. the cpu miners cant get past noscript at all. you can test this on thepiratebay.org ;)

R00dNet

Posted 2018-02-08T10:55:46.220

Reputation: 1

Asked: 2018-02-08T10:55:46.220

Viewed: 173 times

Active: 2019-12-17T12:45:20.863