Computing desk
< October 2	<< Sep \| October \| Nov >>	October 4 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

October 3

A piece of malware?

We have Windows 7, Mozilla Internet Browser and msn.com as the home page. Lately I've noticed pop-ups asking to upgrade the browser because it is "outdated." I avoided doing it but my wife did upgrade. It is her computer actually.

As a result a new browser appeared. It is unclear if it is Mozilla or IE, there are no signs. The only hint of the origin is a stamp: ask.com. The "upgrade" also changed the Internet options dramatically. I cannot now enter the home page. That option disappeared. So, there is this commercial ask.com with an option to click on a few buttons, Ebay, etc. The address of this malware browser starts with this: http://www.search.ask.com/?tpid=REAL1-. It is a very long address actually and I posted a small fraction of it.

I cannot find this ask.com anywhere. It should sit somewhere but the search does not give any result. I cannot uninstall it because there is no such name in the Control Panel==>Uninstall a program.

What can I do about it? I want to get rid of the sucker.

Thanks, --AboutFace 22 (talk) 00:45, 3 October 2014 (UTC)[reply]

Ask.com is a default web search engine that is often installed by default when you upgrade the McAfee security update. It isn't strictly speaking malware, more like junk mail. It doesn't harm your system per se, but it sure can be annoying. There is an option at the beginning of the update process to skip this. On another note, your browser, if produced by Mozilla, is actually called Firefox. That's the product. Mozilla is the company that produces it. I'll leave the instructions on how to fix it to someone else, I'm afraid. Mingmingla (talk) 01:44, 3 October 2014 (UTC)[reply]

This was apparently installed by a deceptive ad promising a "browser upgrade", not as part of an actual upgrade of McAfee/Java/whatever, so there's no telling what it might be. -- BenRG (talk) 01:56, 3 October 2014 (UTC)[reply]

By "Mozilla Internet Browser" do you mean Firefox? How did you launch Firefox and how do you launch the new browser? Are you sure it is a new browser? I can't find any information online about an ask.com branded browser, just the ask.com toolbar (which would hijack your existing browser). If that's what it is, the removal instructions are here.

You may have better luck asking for help at the bleepingcomputer.com security forums where there are a lot of people who keep track of the constantly-changing world of malware. In the future I recommend installing an ad blocker (such as Adblock Plus) to block this very common vector of infection. -- BenRG (talk) 01:53, 3 October 2014 (UTC)[reply]

Not very helpful. I searched the registry and found the beast. It is AskPartnerNetwork. Tomorrow with a fresher head I may do the surgery. Castration, so to speak. --AboutFace 22 (talk) 01:57, 3 October 2014 (UTC)[reply]

You didn't really provide any details or info that allowed people to help you. Rather than going through the registry, did you try anything else? It sounds a lot like you installed the ask toolbar, which can be uninstalled through the control panel - or you can use a tool. I wouldn't mess with the registry, if you mess something up, you'll be kind of stuck (and it does not appear necessary in this case).Phoenixia1177 (talk) 05:44, 3 October 2014 (UTC)[reply]

I think I provided all details I had. It is not a toolbar. The Firefox browser now looks totally different. They placed a few buttons on the window with the names of the businesses they want me to visit, Ebay is one of them. The other one is ASK. There is also search window, that's it. There is no Mozilla emblem, you cannot identify the browser as a Mozilla browser anymore. There is no option to uninstall anything. In order to uninstall Google tool/search bar you go to control Panel==>Uninstall programs and it is there. It is a separate application. You cannot find this ASK anywhere. The only place I found it was in the registry. To the last poster I want to point out that in my OP I said that I obviously went to Control Panel and could not find this ASK in there. It is a clever piece of malware. It is an illegal enterprise. --AboutFace 22 (talk) 15:17, 3 October 2014 (UTC)[reply]

The symptoms you reported are too nonspecific to single out a particular piece of malware, at least to someone, like me, who doesn't spend a lot of time following all of the malware strains that are in the wild at a given moment. You basically reported that you have a cough and a headache. The next step would be to run some tests, using a tool like DDS. It's a back and forth process, and it takes time, especially for someone who doesn't frequently read DDS logs. The fact that you referred to "Mozilla Internet Browser" suggested to me that your level of computer knowledge was low, which would make the process even slower. I know from experience that troubleshooting over the phone with someone who doesn't know computers is incredibly painful, and it's probably even worse in a forum like this. For all of these reasons I suggested you go to bleepingcomputer.com, where there are people who have lots of experience reading DDS logs, who have ready-made instructions for everything that they can copy and paste into their forum posts, and who will do it all for free. But in an attempt to be helpful in case you didn't want to use a different forum for some reason, I also tried to start a diagnostic process here by asking some clarification questions. Yes, you already said that the browser was unidentifiable, but you also identified the former browser as Mozilla Internet Browser, so I thought the additional questions were justified.

"Ask Partner Network" is not the name of a piece of malware. It is the part of ask.com that markets the ask.com toolbar, as the Wikipedia article mentions. Finding this in your registry likely means that the malware did install the ask.com toolbar, although it might refer to some other affiliate kickback program. I linked you to a page that has a removal tool for the ask.com toolbar, in the event that you can't find it in Add/Remove Programs. I don't know if it will help, but you could try it. -- BenRG (talk) 18:06, 3 October 2014 (UTC)[reply]

My apology. My daughter came over and fixed everything. She refuted the idea that the event was malware related. My problem was that I could not find the way to change the home page. It is no longer in Internet Options in Control Panel. She found it in Firefox Open Menu or something. I am still somewhat bitter. It was a Mozilla upgrade that led to confusion. Things changed without authorization. One had to find a way around it. Thanks, --AboutFace 22 (talk) 19:10, 3 October 2014 (UTC)[reply]

For clarity, other than perhaps the proxy options (which are still dependent on your Firefox settings), most of the internet options in the Control Panel are ignored by Firefox. The internet options are only really used by Internet Explorer. Nil Einne (talk) 15:47, 8 October 2014 (UTC)[reply]

Gmail help

I'm on an email list of local residents concerned about a development nearby. I receive the emails with all the address in the cc field. When I want to email the whole list I've just been doing "reply all" on a recent message. Is there an easy way to save all the address in the cc field as a group which I can then use when I want to send a new message (instead of a reply)? Thanks, DuncanHill (talk) 13:57, 3 October 2014 (UTC)[reply]

I don't see a way to do that...but it sounds like this "email list" isn't really a proper 'list server'-administered list - to which people can subscribe and unsubscribe - and perhaps that's what is needed here. Having everyone "reply all" to a long list of people is bad for a number of reasons.

There is no way for people to get off of your informal 'list' if they've had enough of it.
People may get randomly added or accidentally removed as each person replies to each thread.
You have the problem that you have.
New people can't "join" the list in any reasonable manner.
Once the number of people reaches a certain threshold, some ISP's will refuse to send the same email to more than some limited number of people. My ISP will actually block your email sending capability for 24 hours if you try to email more than 200 people in one post. Other ISP's may have lower limits.

You could easily create a "Google Groups" group to which people could subscribe and unsubscribe. Then you can just email the group, reply to the group and so forth...that would be a much better way to handle things.

SteveBaker (talk) 15:48, 3 October 2014 (UTC)[reply]

Open Contacts then select one or more contacts. Then select the Groups icon (looks like three heads) and select or create a group. When you compose a message you can enter the group name which will add all the names in the group. You can then add or delete as needed. -- Gadget850^talk 19:16, 3 October 2014 (UTC)[reply]

Yes, but that is what I was hoping to find an easy alternative to - I'd have to open up the cc field in an email, make a note of each person, then go to contacts and go through that. I just want to save all the addresses in a cc field to a group.

There are about 40 of us, so I don't think we shall be running into any ISP throttles. DuncanHill (talk) 20:51, 3 October 2014 (UTC)[reply]

Was a hole bashed? No, bash was holed.

So I downloaded and installed Apple's new bash for Mavericks.

But Mom still uses Snow Leopard (because Mavericks won't run her version of Quicken), which Apple no longer supports. So,

Where to look for an update for her, that probably won't be bugged?
Given that she never uses Terminal, does it matter?

—Tamfang (talk) 18:20, 3 October 2014 (UTC)[reply]

Quick summary: The official fix is released for OS X Lion 10.7.5 and newer. If you want un-official fixes for older or unsupported systems, they call for a little "expertise."

The existence of the CVE-2014-6277 (and related) vulnerability is independent of whether the user launches Terminal.app. However, if your mother has not configured, e.g., Server (i.e., if she is not hosting a web server on her personal computer), it is unlikely that she has any exposure to the bug. This is a general statement; it is not a guarantee. The canonical documentation, About OS X bash Update 1.0, clearly states the ambiguity: the bug affects "certain configurations."

On my personally-owned/personally operated systems, I build Bash from source that I obtain from one of the GNU mirrors: http://www.gnu.org/software/bash/ - and I manually patched 4.3 to patch level 27 (containing fixes for all known bugs related to CVE-2014-6277 at the time of this writing).

For a long while, Apple has shipped Bash 3.2. If you would like the latest patched version of 3.2 plus the CVE-2014-6277 (and related) fixes, you can grab them at http://opensource.apple.com/source/bash/bash-92.1.2/ - this version contains the bug-fixes in question.

The real solution for users who are not expert programmers: your mother ought to update to the latest OS version, and the trouble with Quicken compatibility should be addressed as a separate (but resolvable) issue. Can you elaborate exactly what is broken in that respect, and perhaps we can solve the root problem?

Nimur (talk) 18:42, 3 October 2014 (UTC)[reply]

Since the OP specificially mention Snow Leopard, I'm guessing their mother is using 2007 or earlier which requires Rosetta (OS X) [1]. There is a 2007 version that will work on Lion to Mavericks [2] [3] [4] but it's US$15 (although that's a major bargain compared to the US$75 latest version [5]). Nil Einne (talk) 23:36, 3 October 2014 (UTC)[reply]

Though the question is already well answered, I'll point out for posterity that this is about Shellshock_(software_bug), in case anyone is confused. - SemanticMantis (talk) 21:08, 3 October 2014 (UTC)[reply]