Hi everyone, I’m new to this forum and I’m quite a paranoid with internet security.
I have Win7 Enterprise x64 SP1 with:
CIS v.7.0.3.17799.4142;
Eset Nod AV v.7.0302.28 w/ updated signatures
MBAM v.1.70.0.1100 w/ updated database
Firefox 33.1 w/ AdBlock Plus 2.6.6 - AdBlock Plus Popup Addon 0.9.2 - Blur (formerly DoNotTrackMe) 4.5.1334 - NoScript 2.6.9.5
After checking a strange url (from a friend’s mail) on virustotal.com with 0/61 threats outcome, I closed my current FF session.
I’ve right-clicked the FF icon and selected “Run in Comodo Sandbox” and then I switch to private browsing.
I pasted the above-mentioned link in the address bar and I got redirected to a different site. I didn’t get any popup from ESET, CIS or MBAM so I felt safe. That confidence ended quick as soon as I checked the new url on virustotal.com because this time I got 4/61 threats outcome.
I rebooted the system and in safe mode I made a full scan with ESET, MBAM, Hitman Pro and ADWCleaner without any threat message or whatever problem.
I’m paranoid and my main fear is focused on hidden exploit. I’m used to login in each portal, every time I connect to internet but not always.
There are places I logged in checking the “remember me” options and that kind of data is stored in the FF’s profile folder.
That’s the time of my question: is it possible for a malicius site to copy or simply read the files in the Firefox’s profile folder while I’m surfing with fully virtualized Firefox (also in private browsing) without any CIS, ESET, MBAM alerts or popup messages? Is there a way to know if someone access my files when I’m sandboxed? With all the FF addons I’ve installed I should be safe or not?
Sorry for the long chat, I’m italian so forgive me if I made mistakes.
Thanks in advance.
My bad. The friend’s mail has been trashed and when I closed FF the first time, after checking the link on Virustotal, all the browsing history was erased so I can’t give you the last part of the strange domain. I’m sure that the link I clicked was like “DaGmbh.COM is for sale | HugeDomains… sequence of letters (dot) another letters row” and when I hit enter it switched up and I’ve ended up with motherprofitwork.com.
I’m used to be super-careful with spam links but I’ve trusted a friend’s mail so I hope this won’t happen to anyone else. (at least with DaGmbh.COM is for sale | HugeDomains… domains).