NoScript failed me and left: what do I do now?
November 26, 2010 10:06 AM Subscribe
How paranoid should I be about my Windows XP Pro machine after hitting a dodgy site with Firefox 3.6, scanning with Microsoft Security Essentials, updating NoScript, scanning with MSE again, and finally using Windows to restore to yesterday's restore point, about 18 hours before hitting that site? Firefox is now missing NoScript completely, but it's been installed for weeks and surely should have been here yesterday morning. Has there been a known issue with NoScript, or am I just a special (and dim) snowflake?
posted by The True Wheel to Computers & Internet (14 answers total)
I usually have my copy of Firefox running for a day or 2 before I close and restart (one or more windows, many tabs). I update NoScript when prompted, but as I do keep FF running for days sometimes, I may not always update as promptly as I should.
I wasn't sure what the alert would really do, and finally used the control panel to force a close of FF. (Dumb.) When I restarted, I got what looked like the usual prompt to update NoScript, which I accepted immediately. (Dumber) This could have just been a scheduled update that I missed, but the timing seems odd. Firefox then appeared as a tiny window in the middle of the screen, and when I enlarged it, I had all my original tabs and that damn page was running again. I finally hit the Cancel button on the alert, then closed Firefox completely.
The first MSE quick scan showed nothing. I tried going to istockphoto, but misstyped it as isockphoo dot com and wound up at a site that looked like the photo site but had a long, complex and completely untrustworthy-looking URL. I backed out immediately. Again, it could have just been a coincidence. but after that fake malware warning, I was totally paranoid.
I ran MSE again as a quick scan (nothing), I backed up my data, and I restored to Thursday morning with Windows Restore. But when I started FF this morning, a trusted site was full of ads, and I saw that NoScript had been completely uninstalled.
1) Should restoring to yesterday morning's restore point have completely wiped out any malware that may have gotten to my machine any time between Thursday morning and now?
2) Has anyone else seen NoScript just disappear like that after a restore following an attack, or under any circumstances, really? (It may be possible it was removed after the attack and I just didn't notice right away. I can't positively say I saw NoScript in place before the restore.)
3) In addition to running MSE as a full scan now, are there any other trusted malware scanners I should try?
4) Or should I just nuke from orbit?
5) Should I ever trust NoScript again?
(Looking at my history, I can see the Google searches leading up to the attack, and the isockphoo visit shortly afterwards (URL starting with trellian.com), but I can't see an URL that seems to match the time I hit the bad site. I see the Google search at 4:22, then the NoScript site visit after the update at 4:28, but nothing in between. I guess that was an immediate attempt to cover its tracks.)