Windows 8 and 8.1 Forums


automatic open web Browser! how to disable?

  1. #11


    A HIPS would likely work fine.

    If you would like to try the script, here's a link to it.

    Download Script

    I wrote the script in AutoIt which causes some false positives in third party anti-virus, so make sure you exclude the file if you use one.

    Source is included in case anybody wants to peek at it. I'll admit it's kind of sloppy.

      My System SpecsSystem Spec

  2. #12


    ok hey why not, I'm always down to try any programs... thats kinda my dream.. ha. anyway it doesn't matter if anything goes wrong, even the absolute worst virus cause I have a total backup of my system (macrium) and I just only use certain "backups" for certain things.. like trying totally crazy programs and whatnot, and if i need to use my more "secure" macrium backup, then I just format and plop that version down using macrium.. its pretty easy and keeps me from dealing with sandboxes.. etc.. of course i have to wait for the time it takes to put each windows install back on my ssd.. but hey whatever.. 10-20 minutes..
      My System SpecsSystem Spec

  3. #13


    also while i'm trying your script, what other HIPS are there besides the gosh dang annoying Comodo one??
      My System SpecsSystem Spec

  4. #14


    and the funny yet good news is that you only had 4 detections! and as long as eset and emisoft are ok i'm ok,..

    ha

    Click image for larger version
      My System SpecsSystem Spec

  5. #15


    Hah, I had only three detection before I fixed an error in the command line passing part of the script

    If the script runs into any trouble or bugs I'll be happy to try fixing them. Also, I don't use UAC on the machine I wrote and tested it on, so if it causes constant UAC popups (which I tried pretty hard to avoid) then it might not work out the way I was hoping.

    You should never have to run the executable part of the script as administrator, and shouldn't with the way it calls Firefox. Running the script as admin will open Firefox as admin, and that's a bad idea.

    As far as HIPS go, I've never used one, so I can't recommend one. Googling HIPS led me to a few choices, but they were either bundled with bloated antivirus software suites, or were expensive enterprise solutions. I'd be very interested if anybody knows of a standalone or lightweight HIPS that's under current development and is secure.
    Last edited by hydranix; 08 Jul 2015 at 14:27.
      My System SpecsSystem Spec

  6. #16


    Posts : 2,130
    Windows 8.0 x64


    Quote Originally Posted by hydranix View Post
    Source is included in case anybody wants to peek at it. I'll admit it's kind of sloppy.
    I have been using AutoIt3 for a few years. Would you be kind enough to post the source here? I had no joy with Mega.
    You could just post it between code tags. I am curious how you approached the problem. If I steal anything I'll cite the source.
      My System SpecsSystem Spec

  7. #17


    Sure, here it is.

    Took me just under an hour to write-debug-finish it.

    Code:
    #NoTrayIcon
    #Region ;**** Directives created by AutoIt3Wrapper_GUI ****
    #AutoIt3Wrapper_Icon=T:\FirefoxPrompt.ico
    #AutoIt3Wrapper_Outfile=T:\FirefoxPrompt.exe
    #AutoIt3Wrapper_UseX64=n
    #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
    ; ===============================================================
    ; This script was designed for brooksndun at eightforums.com
    ;
    ; It's messy and probably could be written better, however it
    ;   appears to work correctly without any major issues.
    ;
    ; This script attempts to circumvent programs opening firefox
    ;   without permission.
    ;
    ; This is deisgned to only work with Firefox, and
    ;   will not prevent other browsers from being
    ;   launched.
    ;
    ; This script is to be used at your own risk.
    ;   Nobody can be held responsible for the use
    ;   or misuse of this script, or any outcome
    ;   from the use or misuse of this script.
    ;
    ; ===============================================================
    #include <Process.au3>
    #include <file.au3>
    Main()
    Func Main()
     Local $Firefox = @ScriptDir&"\firefox.exe"
     Local $FirefoxBin = @ScriptDir&"\firefox-bin.exe"
     Local $NewCmdLine = $CmdLineRaw
     ; Ensures script is compiled. It will not function correctly unless compiled.
     If Not @Compiled Then
      MsgBox(0,"","Error: Script is not compiled."&@CRLF&@CRLF&"This script uses WindowsAPI calls which will not work properly unless the scrip is compiled into an exe")
      Exit
     EndIf
     ; Check if firefox.exe is our directory
     If Not FileExists($Firefox) Then
      MsgBox(0,"","Error: Cannot fine firefox.exe"&@CRLF&@CRLF&"Please place in the same directory as firefox.exe")
      Exit
     EndIf
    
     ; Main logic of the script
     If Not CheckIfHijackInstalled() Then
      CreateImageHijackFile()
      Exit
     Else
      FirefoxBinSetup($Firefox, $FirefoxBin)
      Local $Parent = "Process No Longer Exists"
      Local $ParentPID = ScriptGetParentProcess()
      If ProcessExists($ParentPID) Then
       $Parent = _ProcessGetName($ParentPID)
      EndIf
      If $CmdLine[0] > 0 Then
       If $CmdLine[1] = "firefox.exe" OR $CmdLine[1] = $Firefox Then
        $NewCmdLine = StringReplace($NewCmdLine, $CmdLine[1], "")
        $NewCmdLine = StringReplace($NewCmdLine, '""', '')
       EndIf
      EndIf
      If $Parent = "explorer.exe" Then
       LaunchFirefox($FirefoxBin, $NewCmdLine)
       Exit
      EndIf
      Local $Action = MsgBox(308,"Firefox launch", "Allow Firefox to launch?"&@CRLF&"Calling Process: "&$Parent&@CRLF&@CRLF&"Commandline: "&$NewCmdLine)
       Switch $Action
        Case 6 ;yes
         LaunchFirefox($FirefoxBin, $NewCmdLine)
         Exit
        Case Else ;no or anything else
         Exit
       EndSwitch
     EndIf
    EndFunc
    Func LaunchFirefox($FirefoxBin, $NewCmdLine)
     Run($FirefoxBin&' '&$NewCmdLine)
    EndFunc
    ; Check if we're still properly installed, if not warn user and offer to install or properly uninstall
    Func CheckIfHijackInstalled() ; Bool
     Local $Ret = True
     Local $Debugger = RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe", "Debugger")
     If Not FileExists(StringReplace($Debugger,'"','')) Or StringReplace($Debugger,'"','') <> @ScriptFullPath Then
      $Ret = False
     EndIf
     Return $Ret
    EndFunc
    ; Creates .reg file to properly install image hijack for script
    Func CreateImageHijackFile()
     CreateUninstaller()
     Local $File_RegSetup = @DesktopDir&"\Firefox Prompt Registry Install.reg"
     If FileExists($File_RegSetup) Then FileDelete($File_RegSetup)
     If @error Then
      MsgBox(0,"",'There was an error creating the registry file, please ensure "' & $File_RegSetup & '" does not exist.'&@CRLF&@CRLF&'If the file does exist, delete it and try again')
      Exit
     EndIf
     FileWriteLine($File_RegSetup,"Windows Registry Editor Version 5.00")
     If @error Then
      MsgBox(0,"",'Permission error.'&@CRLF&@CRLF&'Insufficient permissions to create file: "' & $File_RegSetup & '"')
      Exit
     EndIf
     Local $RegScriptPath = StringReplace(@ScriptFullPath,'\','\\')
     IniWrite($File_RegSetup, "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe", '"Debugger"', '"'&$RegScriptPath&'"')
     If @error Then
      MsgBox(0,"",'Permission error.'&@CRLF&@CRLF&'Insufficient permissions to create file: "' & $File_RegSetup & '"')
      Exit
     EndIf
     MsgBox(0,"","The registry file has been created on your desktop."&@CRLF&@CRLF&"Please merge the registry file into the system registry to complete the setup."&@CRLF&@CRLF&"Then firefox.exe should be properly set to prompt when executed")
    EndFunc
    ; Copies firefox.exe to firefox-bin.exe so that the image hijack works correcly (breaks taskbar grouping)
    Func FirefoxBinSetup($Firefox, $FirefoxBin)
     If ProcessExists("firefox-bin.exe") Then Return
     If FileExists($FirefoxBin) Then
     Local $FirefoxSize = FileGetSize($Firefox)
     Local $FirefoxBinSize = FileGetSize($FirefoxBin)
      If $FirefoxBinSize = $FirefoxSize Then
       Return
      EndIf
     EndIf
     FileCopy($Firefox,$FirefoxBin)
    EndFunc
    ; Create uninstaller batch file
    Func CreateUninstaller()
     Local $UninstallFile = @ScriptDir&"\UninstallFirefoxPrompt (Run as admin).bat"
     If FileExists($UninstallFile) Then Return
     FileWriteLine($UninstallFile, '@ECHO OFF')
     FileWriteLine($UninstallFile, 'REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe" /f')
     FileWriteLine($UninstallFile, 'PAUSE')
    EndFunc
    ; Finds the parent process of this script
    ;   Thanks to SmOke_N of the AutoIt community forums.
    Func ScriptGetParentProcess() ; Int (PID)
    ; * Requires the script be compiled into an exe
    ; * Requires the compiled script use 32 bit AutoIt
        Local Const $TH32CS_SNAPPROCESS = 0x00000002
        Local $a_tool_help = DllCall("Kernel32.dll", "long", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPPROCESS, "int", 0)
        If IsArray($a_tool_help) = 0 Or $a_tool_help[0] = -1 Then Return SetError(1, 0, @AutoItPID)
        Local $tagPROCESSENTRY32 = _
            DllStructCreate _
                ( _
                    "dword dwsize;" & _
                    "dword cntUsage;" & _
                    "dword th32ProcessID;" & _
                    "uint th32DefaultHeapID;" & _
                    "dword th32ModuleID;" & _
                    "dword cntThreads;" & _
                    "dword th32ParentProcessID;" & _
                    "long pcPriClassBase;" & _
                    "dword dwFlags;" & _
                    "char szExeFile[260]" _
                )
        DllStructSetData($tagPROCESSENTRY32, 1, DllStructGetSize($tagPROCESSENTRY32))
        Local $p_PROCESSENTRY32 = DllStructGetPtr($tagPROCESSENTRY32)
        Local $a_pfirst = DllCall("Kernel32.dll", "int", "Process32First", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
        If IsArray($a_pfirst) = 0 Then Return SetError(2, 0, @AutoItPID)
        Local $a_pnext, $i_return = 0
        If DllStructGetData($tagPROCESSENTRY32, "th32ProcessID") = @AutoItPID Then
            $i_return = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
            DllCall("Kernel32.dll", "int", "CloseHandle", "long", $a_tool_help[0])
            If $i_return Then Return $i_return
            Return @AutoItPID
        EndIf
        While 1
            $a_pnext = DLLCall("Kernel32.dll", "int", "Process32Next", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
            If IsArray($a_pnext) And $a_pnext[0] = 0 Then ExitLoop
            If DllStructGetData($tagPROCESSENTRY32, "th32ProcessID") = @AutoItPID Then
                $i_return = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
                If $i_return Then ExitLoop
                $i_return = @AutoItPID
                ExitLoop
            EndIf
        WEnd
        If $i_return = "" Then $i_return = @AutoItPID
        DllCall("Kernel32.dll", "int", "CloseHandle", "long", $a_tool_help[0])
        Return $i_return
    EndFunc
      My System SpecsSystem Spec

  8. #18


    Posts : 2,130
    Windows 8.0 x64


    Quote Originally Posted by hydranix View Post
    Sure, here it is.
    ]
    Thanks for posting.
      My System SpecsSystem Spec

  9. #19


    Trnava
    Posts : 683
    Win 8.1.1 Pro x64


    Quote Originally Posted by brooksndun View Post
    also while i'm trying your script, what other HIPS are there besides the gosh dang annoying Comodo one??
    https://www.privacyware.com/personal_firewall.html

    Free Windows Desktop Software Security List - HIPS | Gizmo's Freeware
      My System SpecsSystem Spec

  10. #20


    Thanks for the links TairikuOkami, I'm looking through the different programs now. Can't say I think any looks very appealing. If Malware Defender was up to date and not discontinued (no x86_64 support) I think I would already be installing it

    Do you use any or could you recommend any that would prevent browsers from being opened automatically among other things?

    Also, I've contacted the 3 companies (Cyren & F-Prot are the same engine), in regards to the false positives. I hope they whitelist the script, but I'm not getting my hopes up.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
automatic open web Browser! how to disable?
Related Threads
How to Enable or Disable Automatic Maintenance in Windows 8 and 8.1 Windows depends on execution of inbox and third party maintenance activity for much of its value-add, including Windows Update, and automatic disk defragmentation, as well as antivirus updates and scans. Additionally,...
How to Enable or Disable Automatic System Restore Point Creation in Windows Restore points are created to allow users a choice of previous system states. Each restore point contains the necessary information needed to restore the system to the chosen state. Restore points are created before...
How to Enable or Disable Automatic Restart on System Failure in Windows Whenever a critical error (ex: BSOD) is detected in Windows, Windows will restart itself by default to prevent any possible damage to your computer as a safety measure. The problem is that the error message on the screen...
How to Enable or Disable Automatic Updates in Windows Media Player Windows Media Player (WMP) is updated from time to time with new features and performance enhancements. You can let the Player check for updates automatically or you can check for updates manually. This tutorial will show...
Enable or Disable Automatic Promotion of Notification Area Icons to Taskbar in Windows 7 and 8 The notification area is a part of the taskbar that provides a temporary source for notifications and status. It can also be used to display icons for system and program features that are not on the...
How to Enable or Disable Automatic Download of App Updates in Store in Windows 8 and 8.1 This will show you how to enable or disable the automatic download of App updates from the Windows Store only your apps or all users' apps in Windows 8. Users will still be able to manually check for,...
Hi everyone, Anyone know if there's a way to stop the 8.1 upgrader from automatically installing (graphics) drivers as it sets up? I have an Acer AS4820TG with switchable Intel HD and Mobility Radeon HD 5650 graphics, and I'm 99% sure that drivers for one of these are causing a problem with...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook