[tor-talk] Flash executables keep starting in background when using TBB

Joe Btfsplk joebtfsplk at gmx.com
Tue Jun 17 19:12:37 UTC 2014 

On 6/17/2014 12:33 PM, Артур Истомин wrote:
> On Tue, Jun 17, 2014 at 11:23:53AM -0500, Joe Btfsplk wrote:
>> I'd still really like some help on finding what calls / causes the 2 flash
>> .exe files to start in background.
>> They're ALWAYS shown by Process Explorer, in the *same process tree -
>> directly under TBB.*
>>
>> Is there a way to determine / log, *if another process is calling* those 2
>> files, or if determine if TBB, or Flash, is calling the 2 files to start?
>> Even though _no Flash vids are ever played_.  Below - Some additional
>> replies to previous comments.
> I can't reproduce your problem. There are two legitimate flash-player
> processes under firefox (not tor's firefox).
>
> 1. Update your system. Update flash-player (there is version 14
> already). Update tor-browser if not already. Run antivirus. Reboot.
>
> 2. Do not run any software. Run only tor-browser. Make sure flash-player
> disabled in settings. Go to https://helpx.adobe.com/flash-player.html
> Click "Check Now" (Not installed? Good.)
>
> 3. Run Process Explorer. Make screenshot with tor process and upload it
> for us.
>
Are you saying you have Flash processes running under Fx (not TBB)?
1) Did you use Flash player in Fx, that would have started them, or do 
you not know what started them?

2) Updating Flash: this has existed _over many Flash & TBB versions_. 
Each Flash ver. is completely uninstalled, before installing new one.
Each TBB version is installed to new folder. An infection is very low 
probability. No other signs & AV doesn't detect anything.
Besides, AFAIK, the Flash files just sit there. They show a very few I/O 
bytes after starting, then nothing - for hours after the starting time 
stamp.

3) Yeah, I'd be happy to upload a Process Explorer screen - not sure I 
can do that, unless the list *will allow jpg attachments?* Will it?

4) It's been very hard to predict or catch the Flash files starting. 
When I try visiting sites w/ Flash content that might start them, they 
don't start (short of playing Flash content, which I never do in TBB).
It hasn't happened in last several days of using TBB.

5) >"/Do not run any software. Run only tor-browser/"
That would mean a *long time* w/o use of my computer - possibly days, 
weeks. It's not like it happens within 30 min. (or at all), every time I 
use TBB.
It does not happen every TBB session. When I catch the files running, 
I've tried re-visiting pages I may have visited recently, w/o success at 
reproducing it.

But, sometimes the files have been running a good while & revisiting 
every single page PLUS *repeating exact navigation / clicks* on all 
pages may be nearly impossible.
That's why I'm here. If it was easily & quickly reproducible, I probably 
wouldn't need to ask for help.

I have no proof yet, but one theory is some websites could have java 
script, or 3rd parties - that NoScript somehow doesn't block.
I generally don't leave "Scripts globally allowed" enabled. That doesn't 
mean something can't slip by.

Occasionally, sites require js from their base domain to even load or 
navigate a page. If you enable it, there could? be code, that tries to 
start Flash player, to automatically load or play some content.
I'm just guessing.

More information about the tor-talk mailing list