![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#1 2019-05-06 12:24:36
- pamir
- Member
- Registered: 2018-02-02
- Posts: 43
AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
Not sure why this began, i cleared cookies in browsing history.
In any webpage an advert appears covering most of the webpage in Firefox.
I ran ps-e and this is output.
What can i do, its horrible to see the pc compromised.
Thank you in advance !
---Mod edit: added code tags! ---
home@laptop:~$ ps -e
PID TTY TIME CMD
1 ? 00:00:01 systemd
2 ? 00:00:00 kthreadd
3 ? 00:00:00 ksoftirqd/0
5 ? 00:00:00 kworker/0:0H
7 ? 00:00:03 rcu_sched
8 ? 00:00:00 rcu_bh
9 ? 00:00:00 migration/0
10 ? 00:00:00 lru-add-drain
11 ? 00:00:00 watchdog/0
12 ? 00:00:00 cpuhp/0
13 ? 00:00:00 cpuhp/1
14 ? 00:00:00 watchdog/1
15 ? 00:00:00 migration/1
16 ? 00:00:00 ksoftirqd/1
18 ? 00:00:00 kworker/1:0H
19 ? 00:00:00 cpuhp/2
20 ? 00:00:00 watchdog/2
21 ? 00:00:00 migration/2
22 ? 00:00:00 ksoftirqd/2
24 ? 00:00:00 kworker/2:0H
25 ? 00:00:00 cpuhp/3
26 ? 00:00:00 watchdog/3
27 ? 00:00:00 migration/3
28 ? 00:00:00 ksoftirqd/3
30 ? 00:00:00 kworker/3:0H
31 ? 00:00:00 kdevtmpfs
32 ? 00:00:00 netns
33 ? 00:00:00 khungtaskd
34 ? 00:00:00 oom_reaper
35 ? 00:00:00 writeback
36 ? 00:00:00 kcompactd0
38 ? 00:00:00 ksmd
39 ? 00:00:00 khugepaged
40 ? 00:00:00 crypto
41 ? 00:00:00 kintegrityd
42 ? 00:00:00 bioset
43 ? 00:00:00 kblockd
47 ? 00:00:00 devfreq_wq
48 ? 00:00:00 watchdogd
49 ? 00:00:00 kswapd0
50 ? 00:00:00 vmstat
62 ? 00:00:00 kthrotld
64 ? 00:00:00 ipv6_addrconf
95 ? 00:00:00 acpi_thermal_pm
100 ? 00:00:00 ata_sff
138 ? 00:00:00 scsi_eh_0
139 ? 00:00:00 scsi_tmf_0
140 ? 00:00:00 scsi_eh_1
141 ? 00:00:00 scsi_tmf_1
142 ? 00:00:00 scsi_eh_2
143 ? 00:00:00 scsi_tmf_2
147 ? 00:00:00 bioset
149 ? 00:00:00 kworker/2:1H
150 ? 00:00:00 kworker/0:1H
166 ? 00:00:00 bioset
170 ? 00:00:00 kworker/3:1H
203 ? 00:00:00 kworker/1:1H
205 ? 00:00:00 jbd2/sda2-8
206 ? 00:00:00 ext4-rsv-conver
241 ? 00:00:01 systemd-journal
244 ? 00:00:00 kauditd
260 ? 00:00:00 lvmetad
266 ? 00:00:00 systemd-udevd
314 ? 00:00:00 asus_wireless_w
329 ? 00:00:00 irq/279-mei_me
337 ? 00:00:00 cfg80211
348 ? 00:02:07 irq/280-iwlwifi
377 ? 00:00:00 i915/signal:0
378 ? 00:00:00 i915/signal:1
379 ? 00:00:00 i915/signal:2
380 ? 00:00:00 i915/signal:4
391 ? 00:00:00 hci0
392 ? 00:00:00 hci0
393 ? 00:00:03 kworker/u9:1
394 ? 00:00:01 kworker/u9:2
396 ? 00:00:00 led_workqueue
424 ? 00:00:23 irq/109-ELAN120
426 ? 00:00:00 irq/95-FTSC1000
495 ? 00:00:00 rsyslogd
497 ? 00:00:00 avahi-daemon
498 ? 00:00:00 iio-sensor-prox
499 ? 00:00:02 dbus-daemon
503 ? 00:00:00 avahi-daemon
511 ? 00:00:04 NetworkManager
512 ? 00:00:00 cron
513 ? 00:00:00 cupsd
514 ? 00:00:00 cups-browsed
515 ? 00:00:00 ModemManager
517 ? 00:00:00 bluetoothd
519 ? 00:00:00 systemd-logind
520 ? 00:00:00 smartd
574 ? 00:00:00 polkitd
631 ? 00:00:00 colord
646 ? 00:00:00 iprt-VBoxWQueue
655 tty1 00:00:00 agetty
659 ? 00:00:00 iprt-VBoxTscThr
666 ? 00:00:00 lightdm
675 tty7 00:15:44 Xorg
720 ? 00:00:00 wpa_supplicant
724 ? 00:00:00 lightdm
729 ? 00:00:00 systemd
730 ? 00:00:00 (sd-pam)
732 ? 00:00:04 openbox
776 ? 00:00:00 dbus-launch
777 ? 00:00:01 dbus-daemon
795 ? 00:00:00 ssh-agent
798 ? 00:00:00 gnome-keyring-d
812 ? 00:00:00 xcape
814 ? 00:00:00 polkit-gnome-au
817 ? 00:00:00 at-spi-bus-laun
821 ? 00:00:00 gvfsd
826 ? 00:00:00 gvfsd-fuse
834 ? 00:00:00 dbus-daemon
844 ? 00:00:01 at-spi2-registr
850 ? 00:03:12 compton
860 ? 00:00:04 tint2
864 ? 00:00:00 pnmixer
866 ? 00:00:17 clipit
870 ? 00:00:00 thunar
874 ? 00:00:00 geany
878 ? 00:00:01 terminator
879 ? 00:13:49 x-www-browser
880 ? 00:00:01 gnome-calculato
881 ? 00:00:02 thunar
882 ? 00:04:19 transmission-gt
883 ? 00:04:58 pavucontrol
885 ? 00:01:04 chrome
896 ? 00:00:00 cat
897 ? 00:00:00 cat
905 ? 00:12:13 wire-desktop
906 ? 00:00:00 blueman-applet
908 ? 00:00:02 applet.py
910 ? 00:00:03 nm-applet
911 ? 00:00:53 alarm-clock-app
914 ? 00:00:01 xfce4-power-man
918 ? 00:00:00 wire-desktop
923 ? 00:00:00 chrome-sandbox
926 ? 00:00:00 chrome
929 ? 00:00:00 chrome-sandbox
930 ? 00:00:00 nacl_helper
932 ? 00:00:00 chrome
946 ? 00:00:00 dhclient
964 ? 00:04:37 pulseaudio
966 ? 00:00:00 gconfd-2
969 ? 00:00:00 xfconfd
1006 ? 00:00:00 gvfs-udisks2-vo
1031 ? 00:00:01 udisksd
1047 ? 00:00:00 upowerd
1050 ? 00:00:00 ntpd
1096 ? 00:00:00 gvfs-goa-volume
1111 ? 00:00:00 gvfs-mtp-volume
1119 ? 00:00:00 krfcommd
1122 ? 00:00:00 gvfs-afc-volume
1146 ? 00:00:00 gvfs-gphoto2-vo
1163 ? 00:08:36 chrome
1189 ? 00:00:18 chrome
1220 ? 00:00:00 chrome
1252 ? 00:00:00 gvfsd-metadata
1257 ? 00:00:00 gvfsd-trash
1270 ? 00:00:00 obexd
1273 ? 00:00:00 chrome
1277 ? 00:08:11 chrome
1355 pts/0 00:00:00 bash
1373 ? 00:00:00 wire-desktop
1387 ? 00:00:01 wire-desktop
1421 ? 00:23:10 Web Content
1470 ? 00:19:47 wire-desktop
1814 ? 00:06:18 Web Content
2003 ? 00:05:00 Web Content
2237 ? 00:00:08 chrome
2269 ? 00:00:00 chrome
2770 ? 00:05:19 Web Content
3644 ? 00:00:00 kworker/2:2
3664 ? 00:00:00 gvfsd-network
3671 ? 00:00:00 gvfsd-smb-brows
3679 ? 00:00:00 gvfsd-dnssd
3686 ? 00:00:00 dconf-service
3786 ? 00:00:00 kworker/3:1
4292 ? 00:00:00 kworker/1:0
4399 ? 00:00:00 kworker/u8:1
4425 ? 00:00:00 kworker/3:2
4442 ? 00:00:00 kworker/2:1
4445 ? 00:00:00 kworker/0:1
4464 ? 00:00:00 kworker/1:1
4537 ? 00:00:00 kworker/u8:2
4557 ? 00:00:00 kworker/0:0
4623 ? 00:00:00 kworker/3:0
4638 ? 00:00:00 kworker/u8:0
4666 pts/0 00:00:00 psLast edited by damo (2019-05-06 16:33:14)
Offline
#2 2019-05-06 14:20:41
- pamir
- Member
- Registered: 2018-02-02
- Posts: 43
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
Installed clamav to search for viruses, there are non.
$clamscan --recursive=yes --infected /home
----------- SCAN SUMMARY -----------
Known viruses: 4566249
Engine version: 0.100.3
Scanned directories: 1243
Scanned files: 39924
Infected files: 0
Data scanned: 5785.73 MB
Data read: 95866.37 MB (ratio 0.06:1)
Time: 435.673 sec (7 m 15 s)
Here is nasty screenshot of what is happening
and here is what the extensions looks like:
Last edited by pamir (2019-05-06 14:30:10)
Offline
#3 2019-05-07 05:07:48
- ohnonot
- ...again
- Registered: 2015-09-29
- Posts: 5,592
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
are you clearing temporary data, cookies etc. when closing firefox?
Offline
#4 2019-05-07 11:22:24
- pamir
- Member
- Registered: 2018-02-02
- Posts: 43
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
---Mod Edit. Please add code tags for terminal output, as requested previously
@nobody, Adverts appear from AdsKeeper.com on random webpages, Changing profile in Firefox did nothing, the adverts are different each time that pop up and cover the webpage like so:
Here is your curl results:
home@laptop:~$ curl [url]http://kelaino.bunsenlabs.org[/url]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style type="text/css">
body {
background-color:#272822;
color:#f6b620;
font-family:serif;
overflow-x:hidden;
margin: 20px 20px;
text-align:right;
text-rendering:optimizeLegibility;
}
</style>
<title>kelaino.bunsenlabs.org</title>
</head>
<body>
<p>The Road goes ever on and on<br> Down from the door where it began.<br> Now far ahead the Road has gone,<br> And I must follow, if I can, <br> Pursuing it with eager feet,<br> Until it joins some larger way<br> Where many paths and errands meet.<br> And whither then? I cannot say.</p>
<p>Still round the corner there may wait<br> A new road or a secret gate,<br> And though I oft have passed them by,<br> A day will come at last when I<br> Shall take the hidden paths that run<br> West of the Moon, East of the Sun.</p>
<p><i>J.R.R. Tolkien</i></p>
</body>
</html>
home@laptop:~$ curl [url]https://kelaino.bunsenlabs.org[/url]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style type="text/css">
body {
background-color:#272822;
color:#f6b620;
font-family:serif;
overflow-x:hidden;
margin: 20px 20px;
text-align:right;
text-rendering:optimizeLegibility;
}
</style>
<title>kelaino.bunsenlabs.org</title>
</head>
<body>
<p>The Road goes ever on and on<br> Down from the door where it began.<br> Now far ahead the Road has gone,<br> And I must follow, if I can, <br> Pursuing it with eager feet,<br> Until it joins some larger way<br> Where many paths and errands meet.<br> And whither then? I cannot say.</p>
<p>Still round the corner there may wait<br> A new road or a secret gate,<br> And though I oft have passed them by,<br> A day will come at last when I<br> Shall take the hidden paths that run<br> West of the Moon, East of the Sun.</p>
<p><i>J.R.R. Tolkien</i></p>
</body>
</html>Last edited by damo (2019-05-07 13:21:39)
Offline
#5 2019-05-07 11:47:08
- pamir
- Member
- Registered: 2018-02-02
- Posts: 43
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
ohnonot
Yes i have cookies cleared untill i close Firefox
Offline
#6 2019-05-07 15:54:26
- clusterF
- Member
- Registered: 2019-05-07
- Posts: 539
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
You may have visited a nasty website that your browser was not able to be secured from.
Offline
#7 2019-05-09 10:59:19
- pamir
- Member
- Registered: 2018-02-02
- Posts: 43
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
clusterF
So the onus is in fact the website and not the browser?
Offline
#8 2019-05-10 05:24:19
- ohnonot
- ...again
- Registered: 2015-09-29
- Posts: 5,592
Re: AdsKeeper.com pop ups on random webpages in Bunsenlabs in Firefox
pamir wrote:
So the onus is in fact the website and not the browser?
no, you now appear to have malware in your browser profile. educated guess; could still be sth else. to establish that claim please start FF with a new, blank profile and see if the problem goes away.
Offline