Hello,
I have something strange new phenomenon occurring here, which I suspect is related to my primary problem, and/or Essexboy’s last OTL customized script.
First off, I notice a split second image of a black page with white writing as Windows boots up, that was not there before today (or perhaps yesterday). It is on screen too briefly to read. This is not a problem, but it is a recent change, so I mentioned it.
More importantly, when I boot up my computer now, there is a minimized application button on my task bar at the bottom of my screen. On it, there is a Firefox logo, and the words; “about:memory - Mozilla Firefox”
The words on this button intermittently changes to different strange websites.
When I clicked on it - it would not open into a page or application.
When I checked the Windows Task Manager - it listed “about:memory - Mozilla Firefox” as a running application. When I right clicked on this application, a drop down menu appeared. One of the options was “Go to Process”. When I clicked this option it took me to the Processes window in the Task Manager, and highlighted “update.exe”
I then went back to the Applications tab in the Windows Task Manager and right clicked on the “about:memory - Mozilla Firefox” running application again. This time, I selected “Maximize”. (I hope this was not a mistake). A web page opened. It had the following headings, but no information;
Memory Usage
Overview
Memory mapped:
Memory in use:
Other Information
Description
I tried re-booting the computer to see if the task bar button appeared again. It did. When I maximized the button, I briefly saw a window that was titled; “Welcome Humans”. When this window was open, the name on the task bar button was; “Gort! Klaatu barada nikto!”
Here is the website that I found when I did a web search for this name. This webpage shows the same window that I saw, titled; “Welcome Humans”
http://mozillalinks.org/2008/12/gort-klaatu-barada-nikto/
I don’t know if this specific site has significance, but I wonder if a “Mozilla Links” application may be implicated?
Then, I noticed a Firefox minimized application button on my task bar called “Download”. However,
-
There were no downloads showing on my Firefox Download list.
-
Clicking on it did nothing.
-
When the button was visible, it was shown in Windows Task Manager – Applications, with the Process path (also) leading to update.exe
-
Then, a few mins later, the “about:memory” button/application kept changing to the names of different porn sites (unknown to me), but now Firefox web pages also opened – with a new tab opening each time the tab name/application changed. Two of the websites that opened were “iphone porn and Android porn” and “Hole Movies”.
Avast has made no attempt to block any of these sites, but they are not the animal sex porn sites that Avast had been blocking before.
Could I have opened the door to these connections being able to open Firefox web pages when I maximized the “about:memory” button, or the “Download” button, using the Windows Task Manager?
As I typed this post, I noticed that additional (usually porn) websites were opening with other names. Eventually, Avast gave the same old familiar warning and blocked a connection to an animal sex porn site (as per the usual problem).
Here are a few other things I noticed:
-
After I would “End Task” in the applications window of the Windows Task manager (to get rid of the button, and close the website), the first spontaneous re-appearance of the application (with a corresponding opening web page)was usually the about:memory button.
-
If the button/application changes and other actual web pages begin to open, it is usually either the Gortu page, or, a porn page that is not animal sex porn (and that Avast does not block), but if I do not “end task” for the application, I presume it may only be a matter of time until the application tries to connect to a malicious animal sex site - which Avast blocks from opening.
-
One of the names of the porn sites in the Applications window of Windows Task manager is “Yes Porn - Mozilla Firefox”, even when an Avast pop-up calls the site a different name (such as one of the typical animal sex porn sites).
-
Sometimes the task bar button name & web pages change quite quickly. Other times, the about:memory button stays the same for significant periods. Sometimes, a porn site name appears, and then the button name changes back to “about:memory - Mozilla Firefox”, all by itself. I have no idea what dictates the frequency or order of the changes.
-
Seemingly related, my entire screen now “blinks” quite periodically. This is also quite new within the last day or two. It was not doing this before, even when I was getting Avast pop-up warnings and site blocks.
I presume these new appearances may have something to do with Essexboy’s script – which apparently has acted to make behind the scenes activity more visible, but I am just speculating here.
I am also speculating, that the same connections (as described above) may have been occurring since my problem started – but without the buttons on the task bar, and without the connections actually opening web pages. Thus, the only time I was aware that any such background connections were occurring, was when a connection was attempted to a malicious site - which Avast blocked and notified me of – with a pop-up.
This mechanism could seemingly explain the background connection mechanism to the Internet, but what is directing my computer to make these connections? And how or why are these particular websites (non-malicious, and malicious and blocked by Avast) being selected for connection?
And, what next?
Thank-you again.