Re: [tor-talk] Flash executables keep starting in background when using TBB

On 6/17/2014 12:33 PM, ÐÑÑÑÑ ÐÑÑÐÐÐÐ wrote:
On Tue, Jun 17, 2014 at 11:23:53AM -0500, Joe Btfsplk wrote:
I'd still really like some help on finding what calls / causes the 2 flash
.exe files to start in background.
They're ALWAYS shown by Process Explorer, in the *same process tree -
directly under TBB.*

Is there a way to determine / log, *if another process is calling* those 2
files, or if determine if TBB, or Flash, is calling the 2 files to start?
Even though _no Flash vids are ever played_.  Below - Some additional
replies to previous comments.
I can't reproduce your problem. There are two legitimate flash-player
processes under firefox (not tor's firefox).

1. Update your system. Update flash-player (there is version 14
already). Update tor-browser if not already. Run antivirus. Reboot.

2. Do not run any software. Run only tor-browser. Make sure flash-player
disabled in settings. Go to https://helpx.adobe.com/flash-player.html
Click "Check Now" (Not installed? Good.)

3. Run Process Explorer. Make screenshot with tor process and upload it
for us.

Are you saying you have Flash processes running under Fx (not TBB)?
1) Did you use Flash player in Fx, that would have started them, or do you not know what started them?

2) Updating Flash: this has existed _over many Flash & TBB versions_. Each Flash ver. is completely uninstalled, before installing new one. Each TBB version is installed to new folder. An infection is very low probability. No other signs & AV doesn't detect anything. Besides, AFAIK, the Flash files just sit there. They show a very few I/O bytes after starting, then nothing - for hours after the starting time stamp.

3) Yeah, I'd be happy to upload a Process Explorer screen - not sure I can do that, unless the list *will allow jpg attachments?* Will it?

4) It's been very hard to predict or catch the Flash files starting. When I try visiting sites w/ Flash content that might start them, they don't start (short of playing Flash content, which I never do in TBB).
It hasn't happened in last several days of using TBB.

5) >"/Do not run any software. Run only tor-browser/"
That would mean a *long time* w/o use of my computer - possibly days, weeks. It's not like it happens within 30 min. (or at all), every time I use TBB. It does not happen every TBB session. When I catch the files running, I've tried re-visiting pages I may have visited recently, w/o success at reproducing it.

But, sometimes the files have been running a good while & revisiting every single page PLUS *repeating exact navigation / clicks* on all pages may be nearly impossible. That's why I'm here. If it was easily & quickly reproducible, I probably wouldn't need to ask for help.

I have no proof yet, but one theory is some websites could have java script, or 3rd parties - that NoScript somehow doesn't block. I generally don't leave "Scripts globally allowed" enabled. That doesn't mean something can't slip by.

Occasionally, sites require js from their base domain to even load or navigate a page. If you enable it, there could? be code, that tries to start Flash player, to automatically load or play some content.
I'm just guessing.
