On Tue, Jun 17, 2014 at 02:12:37PM -0500, Joe Btfsplk wrote: > > On 6/17/2014 12:33 PM, Артур Истомин wrote: > >On Tue, Jun 17, 2014 at 11:23:53AM -0500, Joe Btfsplk wrote: > >>I'd still really like some help on finding what calls / causes the 2 flash > >>.exe files to start in background. > >>They're ALWAYS shown by Process Explorer, in the *same process tree - > >>directly under TBB.* > >> > >>Is there a way to determine / log, *if another process is calling* those 2 > >>files, or if determine if TBB, or Flash, is calling the 2 files to start? > >>Even though _no Flash vids are ever played_. Below - Some additional > >>replies to previous comments. > >I can't reproduce your problem. There are two legitimate flash-player > >processes under firefox (not tor's firefox). > > > >1. Update your system. Update flash-player (there is version 14 > >already). Update tor-browser if not already. Run antivirus. Reboot. > > > >2. Do not run any software. Run only tor-browser. Make sure flash-player > >disabled in settings. Go to https://helpx.adobe.com/flash-player.html > >Click "Check Now" (Not installed? Good.) > > > >3. Run Process Explorer. Make screenshot with tor process and upload it > >for us. > > > Are you saying you have Flash processes running under Fx (not TBB)? > 1) Did you use Flash player in Fx, that would have started them, or do you > not know what started them?
It was started after visiting https://helpx.adobe.com/flash-player.html and clicking "Check Now" > 2) Updating Flash: this has existed _over many Flash & TBB versions_. Each > Flash ver. is completely uninstalled, before installing new one. > Each TBB version is installed to new folder. An infection is very low > probability. No other signs & AV doesn't detect anything. > Besides, AFAIK, the Flash files just sit there. They show a very few I/O > bytes after starting, then nothing - for hours after the starting time > stamp. I tested in virtual machine with almost clean installed Windows 7. Can't reproduce. > > 3) Yeah, I'd be happy to upload a Process Explorer screen - not sure I can > do that, unless the list *will allow jpg attachments?* Will it? any image hosting, dropbox, zalil.ru > > 4) It's been very hard to predict or catch the Flash files starting. When I > try visiting sites w/ Flash content that might start them, they don't start > (short of playing Flash content, which I never do in TBB). > It hasn't happened in last several days of using TBB. > > 5) >"/Do not run any software. Run only tor-browser/" > That would mean a *long time* w/o use of my computer - possibly days, weeks. > It's not like it happens within 30 min. (or at all), every time I use TBB. > It does not happen every TBB session. When I catch the files running, I've > tried re-visiting pages I may have visited recently, w/o success at > reproducing it. > > But, sometimes the files have been running a good while & revisiting every > single page PLUS *repeating exact navigation / clicks* on all pages may be > nearly impossible. > That's why I'm here. If it was easily & quickly reproducible, I probably > wouldn't need to ask for help. > > I have no proof yet, but one theory is some websites could have java script, > or 3rd parties - that NoScript somehow doesn't block. > I generally don't leave "Scripts globally allowed" enabled. That doesn't > mean something can't slip by. > > Occasionally, sites require js from their base domain to even load or > navigate a page. If you enable it, there could? be code, that tries to start > Flash player, to automatically load or play some content. > I'm just guessing. It is all possible. But it is serious security bug. There are two instances firefox.exe in Process Explorer if you run ordinary firefox and tor-browser. One - Mozilla Firefox, second - Tor Firefox. Both named firefox.exe and differ in icons. First has descendants - plugin-container.exe and flash players, if you visit page with flash. Second - one descendant - tor.exe. Can be in this confusion? Maybe you confused these two processes and their respective descendants? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
