Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit FREE Tools > IObit Free Tools General Discussions
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

IObit Free Tools General Discussions Let's talk about , IObit Toolbox, IObit Uninstaller, IObit Unlocker, Random Password Generator, and other free IObit tools.

Reply
 
Thread Tools Display Modes
  #1  
Old Jan. 16th, 2012, 16:49
TheDude2012 TheDude2012 is offline
Junior Member
 
Join Date: 16 Jan 2012
Posts: 5
Lightbulb SWF Injected on Pages from IOBit Toolbar?

I just had the IOBit toolbar added to firefox somehow. I was going to disable it but started my dayhow and was going to remove it later.

I went to a page which had a password field on it and I noticed a small flashblock icon on it. Since I wrote the page I noticed something was amiss. I investigated with Firebug and sure enough, it looks like some program was injecting flash into my page. I tried some other pages and it appears to be injecting onto pages that have passwords fields. This raised the hair on the back of my kneck.

The URL that the macromedia was getting is "http://d3lvr7yuk4uaui.cloudfront.net/items/e6a00/storage.swf". Fortunately, flashblock was running and was showing me an icon.

I have no idea what this flash does but am way more concerned with whatever program was injecting it into my pages dymanically.

I went ahead and un-installed the IO Bit toolbar from Firefox and presto it went away.

I wish I had just disabled though as I now cannot find the installer for the toolbar to re-test this.

Question: Why would IOBit toolbar be related to swf injections into password pages?


Note, flashblock wraps the swf. There is _GPL_e6a00_div containing the swf is clearly injected by the script and not flashblock. This source did not come down from the source page but was injected dynamically.
Reply With Quote
  #2  
Old Jan. 20th, 2012, 09:29
EvertVd EvertVd is offline
Junior Member
 
Join Date: 20 Jan 2012
Posts: 1
Default

Hi,

I registered just so I could answer you. Today while updating a page for a client I noticed a strange gap below the footer. After investigating it showed exactly what you describe, a div containing a flash object pointing to the same url. I wasted a whole morning trying to figure out where it came from.
Your post helped by pointing me in the direction of a firefox add-on.
After disabling them one by one I found it was the Google+tweet add-on (installed via crossrider dot com).
So I removed that and changed all my important passwords. I just wanted to let you know, partly to thank you and partly so maybe you can double check your addons since it seems strange that we both have the same problem with different addons?
Reply With Quote
  #3  
Old Jan. 20th, 2012, 23:38
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default Hi TheDude2012!

Quote:
Question: Why would IOBit toolbar be related to swf injections into password pages?
Quote:
I just had the IOBit toolbar added to firefox somehow.
Quote:
I wish I had just disabled though as I now cannot find the installer for the toolbar to re-test this.
Iobit toolbar is only offered upon install. You will have to re-install the Iobit App to get the toolbar back if you want to test.


Sincerely,
-Mel
Live long and prosper!
__________________



Last edited by Melvin_Deal : Jan. 20th, 2012 at 23:42.
Reply With Quote
  #4  
Old Jan. 27th, 2012, 05:41
TheDude2012 TheDude2012 is offline
Junior Member
 
Join Date: 16 Jan 2012
Posts: 5
Default

Thanks Mel,

I actually installed the toolbar again and it looked completely different. It appears that some other rogue app installed a toolbar that spoofed itself as an IOBit toolbar.

Unfortunately, I could not dig up any history in windows or firefox showing what triggered the install.

Very fishy and something keeping an eye out for.

Cheers
- JsD
Reply With Quote
  #5  
Old Jan. 27th, 2012, 06:06
TheDude2012 TheDude2012 is offline
Junior Member
 
Join Date: 16 Jan 2012
Posts: 5
Default Google+Tweet (crossrider) is doing bad stuff

@EvertVd - I tried that Google+Tweet toolbar and for sure it added the same flash. It appears that either (a) crossrider dot com had its site hacked or (b) crossrider dot com is writing nasty stuff.

It does appear that (b) is the case as is shown http://securitywatch.eweek.com/socia...l_malware.html

Thanks for your post!
Reply With Quote
  #6  
Old Feb. 1st, 2012, 00:55
TheDude2012 TheDude2012 is offline
Junior Member
 
Join Date: 16 Jan 2012
Posts: 5
Default

I just noticed that the toolbar is back again. This time it installed but it was disabled by default. I enabled the IOBit toolbar (v4.9) and sure enough, the rogue flash re-appeared. When I disable the Toolbar, the flash goes away.

See the attached screenshot including toolbar and rogue flash (displayed with flashblock icon)

This appeared after I rebooted my computer and I noticed an error in my system icons in Windows 7. See attached picture.

I also found that two files were added to my Firefox addon at exactly the moment I saw the warning from Windows 7 (mybrowserbar_addon_entries.jpg).

I will try to track down the add-on and submit in another post in the form of a zip....
Attached Thumbnails
Click image for larger version

Name:	1-31-2012 8-34-40 PM.jpg
Views:	104
Size:	155.0 KB
ID:	9412  Click image for larger version

Name:	IMG-20120131-00015.jpg
Views:	66
Size:	53.7 KB
ID:	9413  Click image for larger version

Name:	mybrowserbar_addon_entries.jpg
Views:	50
Size:	49.1 KB
ID:	9414  
Reply With Quote
  #7  
Old Feb. 1st, 2012, 02:29
TheDude2012 TheDude2012 is offline
Junior Member
 
Join Date: 16 Jan 2012
Posts: 5
Default Issue Closed - Is the IOBit Toolbar (by spigot)

I have found that the IOBit toolbar being installed is the one that comes from http://iobit.mybrowserbar.com/ so this is definitely branded as an IOBit toolbar

I have no idea how this got installed on my PC but it auto injects the toolbar into firefox at computer startup. It is that toolbar which is injecting the swf into the web pages.

It may be worth while to investigate why this toolbar is doing such page alterations with such an suspect swf injection.

I appreciate any information you can supply.

For now, I have un-installed the IOBit toolbar installer by spigot.
Reply With Quote
  #8  
Old Feb. 1st, 2012, 02:49
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default Hi TheDude2012!

The link you have posted will take you directly to a screenshot on the Iobit Forum, It is only a link to your screenshot!!... It is not reflective of anything.

Toolbars are useless!! IN my opinion... never install them by any software publisher!

Most all add on toolbars are useless and compromise your system one way or the other... All you have to do is customize your Desktop, taskbar and FireFox anyway... why add a toolbar and another service on your system???? Not to mention that they are notorius for spying! It is a common revenue generator for software providers to add toolbars their applications (on install) to gain revenues. It doesn't mean that you should allow them just because the question pops up in the install. you must read carefully upon the install of every software and accept only the parts that you want!!!

The toolbar should be uninstalled.



If you need help removing it let me know.




Sincerely,
-Mel
Live long and prosper!
__________________



Last edited by Melvin_Deal : Feb. 1st, 2012 at 04:03.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Get FREE Online Help



Free Download IObit Products




Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iobit Toolbar eddytan95 IObit Free Tools General Discussions 1 Jan. 6th, 2012 07:16
Please help with searchqu.com rotorpowa Spyware-Malware Removal Help! 17 Jul. 11th, 2011 22:52
believe i have a virus or infection/ hijack log file johny30 IObit Security 360 8 Jul. 6th, 2011 23:42
Confused! nettie209 Spyware-Malware Removal Help! 15 Jan. 22nd, 2011 07:09
IObit Never Force Users to Install Toolbar Cicely NEWS & OFFERS 0 Jan. 16th, 2011 13:10


All times are GMT +0. The time now is 21:02.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.