You are not logged in.

#1 2019-05-06 12:24:36

pamir
Member
Registered: 2018-02-02
Posts: 40

AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

Not sure why this began, i cleared cookies in browsing history.

In any webpage an advert appears covering most of the webpage in Firefox.

I ran ps-e and this is output.

What can i do, its horrible to see the pc compromised.

Thank you in advance !

---Mod edit: added code tags! ---

home@laptop:~$ ps -e
  PID TTY          TIME CMD
    1 ?        00:00:01 systemd
    2 ?        00:00:00 kthreadd
    3 ?        00:00:00 ksoftirqd/0
    5 ?        00:00:00 kworker/0:0H
    7 ?        00:00:03 rcu_sched
    8 ?        00:00:00 rcu_bh
    9 ?        00:00:00 migration/0
   10 ?        00:00:00 lru-add-drain
   11 ?        00:00:00 watchdog/0
   12 ?        00:00:00 cpuhp/0
   13 ?        00:00:00 cpuhp/1
   14 ?        00:00:00 watchdog/1
   15 ?        00:00:00 migration/1
   16 ?        00:00:00 ksoftirqd/1
   18 ?        00:00:00 kworker/1:0H
   19 ?        00:00:00 cpuhp/2
   20 ?        00:00:00 watchdog/2
   21 ?        00:00:00 migration/2
   22 ?        00:00:00 ksoftirqd/2
   24 ?        00:00:00 kworker/2:0H
   25 ?        00:00:00 cpuhp/3
   26 ?        00:00:00 watchdog/3
   27 ?        00:00:00 migration/3
   28 ?        00:00:00 ksoftirqd/3
   30 ?        00:00:00 kworker/3:0H
   31 ?        00:00:00 kdevtmpfs
   32 ?        00:00:00 netns
   33 ?        00:00:00 khungtaskd
   34 ?        00:00:00 oom_reaper
   35 ?        00:00:00 writeback
   36 ?        00:00:00 kcompactd0
   38 ?        00:00:00 ksmd
   39 ?        00:00:00 khugepaged
   40 ?        00:00:00 crypto
   41 ?        00:00:00 kintegrityd
   42 ?        00:00:00 bioset
   43 ?        00:00:00 kblockd
   47 ?        00:00:00 devfreq_wq
   48 ?        00:00:00 watchdogd
   49 ?        00:00:00 kswapd0
   50 ?        00:00:00 vmstat
   62 ?        00:00:00 kthrotld
   64 ?        00:00:00 ipv6_addrconf
   95 ?        00:00:00 acpi_thermal_pm
  100 ?        00:00:00 ata_sff
  138 ?        00:00:00 scsi_eh_0
  139 ?        00:00:00 scsi_tmf_0
  140 ?        00:00:00 scsi_eh_1
  141 ?        00:00:00 scsi_tmf_1
  142 ?        00:00:00 scsi_eh_2
  143 ?        00:00:00 scsi_tmf_2
  147 ?        00:00:00 bioset
  149 ?        00:00:00 kworker/2:1H
  150 ?        00:00:00 kworker/0:1H
  166 ?        00:00:00 bioset
  170 ?        00:00:00 kworker/3:1H
  203 ?        00:00:00 kworker/1:1H
  205 ?        00:00:00 jbd2/sda2-8
  206 ?        00:00:00 ext4-rsv-conver
  241 ?        00:00:01 systemd-journal
  244 ?        00:00:00 kauditd
  260 ?        00:00:00 lvmetad
  266 ?        00:00:00 systemd-udevd
  314 ?        00:00:00 asus_wireless_w
  329 ?        00:00:00 irq/279-mei_me
  337 ?        00:00:00 cfg80211
  348 ?        00:02:07 irq/280-iwlwifi
  377 ?        00:00:00 i915/signal:0
  378 ?        00:00:00 i915/signal:1
  379 ?        00:00:00 i915/signal:2
  380 ?        00:00:00 i915/signal:4
  391 ?        00:00:00 hci0
  392 ?        00:00:00 hci0
  393 ?        00:00:03 kworker/u9:1
  394 ?        00:00:01 kworker/u9:2
  396 ?        00:00:00 led_workqueue
  424 ?        00:00:23 irq/109-ELAN120
  426 ?        00:00:00 irq/95-FTSC1000
  495 ?        00:00:00 rsyslogd
  497 ?        00:00:00 avahi-daemon
  498 ?        00:00:00 iio-sensor-prox
  499 ?        00:00:02 dbus-daemon
  503 ?        00:00:00 avahi-daemon
  511 ?        00:00:04 NetworkManager
  512 ?        00:00:00 cron
  513 ?        00:00:00 cupsd
  514 ?        00:00:00 cups-browsed
  515 ?        00:00:00 ModemManager
  517 ?        00:00:00 bluetoothd
  519 ?        00:00:00 systemd-logind
  520 ?        00:00:00 smartd
  574 ?        00:00:00 polkitd
  631 ?        00:00:00 colord
  646 ?        00:00:00 iprt-VBoxWQueue
  655 tty1     00:00:00 agetty
  659 ?        00:00:00 iprt-VBoxTscThr
  666 ?        00:00:00 lightdm
  675 tty7     00:15:44 Xorg
  720 ?        00:00:00 wpa_supplicant
  724 ?        00:00:00 lightdm
  729 ?        00:00:00 systemd
  730 ?        00:00:00 (sd-pam)
  732 ?        00:00:04 openbox
  776 ?        00:00:00 dbus-launch
  777 ?        00:00:01 dbus-daemon
  795 ?        00:00:00 ssh-agent
  798 ?        00:00:00 gnome-keyring-d
  812 ?        00:00:00 xcape
  814 ?        00:00:00 polkit-gnome-au
  817 ?        00:00:00 at-spi-bus-laun
  821 ?        00:00:00 gvfsd
  826 ?        00:00:00 gvfsd-fuse
  834 ?        00:00:00 dbus-daemon
  844 ?        00:00:01 at-spi2-registr
  850 ?        00:03:12 compton
  860 ?        00:00:04 tint2
  864 ?        00:00:00 pnmixer
  866 ?        00:00:17 clipit
  870 ?        00:00:00 thunar
  874 ?        00:00:00 geany
  878 ?        00:00:01 terminator
  879 ?        00:13:49 x-www-browser
  880 ?        00:00:01 gnome-calculato
  881 ?        00:00:02 thunar
  882 ?        00:04:19 transmission-gt
  883 ?        00:04:58 pavucontrol
  885 ?        00:01:04 chrome
  896 ?        00:00:00 cat
  897 ?        00:00:00 cat
  905 ?        00:12:13 wire-desktop
  906 ?        00:00:00 blueman-applet
  908 ?        00:00:02 applet.py
  910 ?        00:00:03 nm-applet
  911 ?        00:00:53 alarm-clock-app
  914 ?        00:00:01 xfce4-power-man
  918 ?        00:00:00 wire-desktop
  923 ?        00:00:00 chrome-sandbox
  926 ?        00:00:00 chrome
  929 ?        00:00:00 chrome-sandbox
  930 ?        00:00:00 nacl_helper
  932 ?        00:00:00 chrome
  946 ?        00:00:00 dhclient
  964 ?        00:04:37 pulseaudio
  966 ?        00:00:00 gconfd-2
  969 ?        00:00:00 xfconfd
 1006 ?        00:00:00 gvfs-udisks2-vo
 1031 ?        00:00:01 udisksd
 1047 ?        00:00:00 upowerd
 1050 ?        00:00:00 ntpd
 1096 ?        00:00:00 gvfs-goa-volume
 1111 ?        00:00:00 gvfs-mtp-volume
 1119 ?        00:00:00 krfcommd
 1122 ?        00:00:00 gvfs-afc-volume
 1146 ?        00:00:00 gvfs-gphoto2-vo
 1163 ?        00:08:36 chrome
 1189 ?        00:00:18 chrome
 1220 ?        00:00:00 chrome
 1252 ?        00:00:00 gvfsd-metadata
 1257 ?        00:00:00 gvfsd-trash
 1270 ?        00:00:00 obexd
 1273 ?        00:00:00 chrome
 1277 ?        00:08:11 chrome
 1355 pts/0    00:00:00 bash
 1373 ?        00:00:00 wire-desktop
 1387 ?        00:00:01 wire-desktop
 1421 ?        00:23:10 Web Content
 1470 ?        00:19:47 wire-desktop
 1814 ?        00:06:18 Web Content
 2003 ?        00:05:00 Web Content
 2237 ?        00:00:08 chrome
 2269 ?        00:00:00 chrome
 2770 ?        00:05:19 Web Content
 3644 ?        00:00:00 kworker/2:2
 3664 ?        00:00:00 gvfsd-network
 3671 ?        00:00:00 gvfsd-smb-brows
 3679 ?        00:00:00 gvfsd-dnssd
 3686 ?        00:00:00 dconf-service
 3786 ?        00:00:00 kworker/3:1
 4292 ?        00:00:00 kworker/1:0
 4399 ?        00:00:00 kworker/u8:1
 4425 ?        00:00:00 kworker/3:2
 4442 ?        00:00:00 kworker/2:1
 4445 ?        00:00:00 kworker/0:1
 4464 ?        00:00:00 kworker/1:1
 4537 ?        00:00:00 kworker/u8:2
 4557 ?        00:00:00 kworker/0:0
 4623 ?        00:00:00 kworker/3:0
 4638 ?        00:00:00 kworker/u8:0
 4666 pts/0    00:00:00 ps

Last edited by damo (2019-05-06 16:33:14)

Offline

#2 2019-05-06 13:42:04

earlybird
ほやほや
Registered: 2015-12-16
Posts: 684
Website

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

Create a new Firefox profile (launch with firefox -P and click on new profile). If it cannot be reproduced there, check for malicious extensions in the dirty profile on the about:addons page.

Edit: This is with certainty no bug caused by BL developers, therefore I'll move this topic to the issues forum.

Offline

#3 2019-05-06 14:20:41

pamir
Member
Registered: 2018-02-02
Posts: 40

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

Earlybird,

Installed clamav to search for viruses, there are non.

$clamscan --recursive=yes --infected /home

----------- SCAN SUMMARY -----------
Known viruses: 4566249
Engine version: 0.100.3
Scanned directories: 1243
Scanned files: 39924
Infected files: 0
Data scanned: 5785.73 MB
Data read: 95866.37 MB (ratio 0.06:1)
Time: 435.673 sec (7 m 15 s)

Here is nasty screenshot of what is happening

BUG

and here is what the extensions looks like:

Extensions

Last edited by pamir (2019-05-06 14:30:10)

Offline

#4 2019-05-06 18:15:50

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,390

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

Is it always the same ad? Does it happen only on HTTP (no SSL) sites? Are you sure these aren't just regular ads?

Please post the following outputs:

curl http://kelaino.bunsenlabs.org
curl https://kelaino.bunsenlabs.org

It would be interesting to see if your ISP is injecting the ads into plaintext HTTP sites.


A silent kite against the blue, blue sky

Offline

#5 2019-05-07 05:07:48

ohnonot
...again
Registered: 2015-09-29
Posts: 3,663
Website

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

are you clearing temporary data, cookies etc. when closing firefox?

Offline

#6 2019-05-07 11:22:24

pamir
Member
Registered: 2018-02-02
Posts: 40

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

---Mod Edit. Please add code tags for terminal output, as requested previously

twoion, Adverts appear from AdsKeeper.com on random webpages, Changing profile in Firefox did nothing, the adverts are different each time that pop up and cover the webpage like so:

BUGS

Here is your curl results:

home@laptop:~$ curl [url]http://kelaino.bunsenlabs.org[/url]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style type="text/css">
body {
background-color:#272822;
color:#f6b620;
font-family:serif;
overflow-x:hidden;
margin: 20px 20px;
text-align:right;
text-rendering:optimizeLegibility;
}
</style>
<title>kelaino.bunsenlabs.org</title>
</head>
<body>
<p>The Road goes ever on and on<br> Down from the door where it began.<br> Now far ahead the Road has gone,<br> And I must follow, if I can, <br> Pursuing it with eager feet,<br> Until it joins some larger way<br> Where many paths and errands meet.<br> And whither then? I cannot say.</p>
<p>Still round the corner there may wait<br> A new road or a secret gate,<br> And though I oft have passed them by,<br> A day will come at last when I<br> Shall take the hidden paths that run<br> West of the Moon, East of the Sun.</p>
<p><i>J.R.R. Tolkien</i></p>
</body>
</html>


home@laptop:~$ curl [url]https://kelaino.bunsenlabs.org[/url]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style type="text/css">
body {
background-color:#272822;
color:#f6b620;
font-family:serif;
overflow-x:hidden;
margin: 20px 20px;
text-align:right;
text-rendering:optimizeLegibility;
}
</style>
<title>kelaino.bunsenlabs.org</title>
</head>
<body>
<p>The Road goes ever on and on<br> Down from the door where it began.<br> Now far ahead the Road has gone,<br> And I must follow, if I can, <br> Pursuing it with eager feet,<br> Until it joins some larger way<br> Where many paths and errands meet.<br> And whither then? I cannot say.</p>
<p>Still round the corner there may wait<br> A new road or a secret gate,<br> And though I oft have passed them by,<br> A day will come at last when I<br> Shall take the hidden paths that run<br> West of the Moon, East of the Sun.</p>
<p><i>J.R.R. Tolkien</i></p>
</body>
</html>

Last edited by damo (2019-05-07 13:21:39)

Offline

#7 2019-05-07 11:47:08

pamir
Member
Registered: 2018-02-02
Posts: 40

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

ohnonot

Yes i have cookies cleared untill i close Firefox

Offline

#8 2019-05-07 15:54:26

clusterF
New Member
Registered: 2019-05-07
Posts: 4

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

You may have visited a nasty website that your browser was not able to be secured from.

https://www.linuxquestions.org/question … 175635201/

Offline

#9 2019-05-09 10:59:19

pamir
Member
Registered: 2018-02-02
Posts: 40

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

clusterF

So the onus is in fact the website and not the browser?

Offline

#10 2019-05-10 05:24:19

ohnonot
...again
Registered: 2015-09-29
Posts: 3,663
Website

Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox

pamir wrote:

So the onus is in fact the website and not the browser?

no, you now appear to have malware in your browser profile. educated guess; could still be sth else. to establish that claim please start FF with a new, blank profile and see if the problem goes away.

Offline

Board footer

Powered by FluxBB