suspicious behaviour: plugin-container.exe Topic is solved

[bawldiggle]

My AV "Voodoo Shield" (VDS) is alerting me about plugin-container.exe
- plugin-container.exe persists in running, and VDS alerts me to either allow or block
- plugin-container.exe is unknown to me so I block it ... within a second VDS shows the alert again.
Only occurs on one website, https://www.raymond.cc/blog/how-to-hide ... h-screens/
- I have tested other result links in the DDG search-> https://duckduckgo.com/?q=hide+sas+flas ... oot&ia=web
... and no other websites create the same problem.
problem url-> https://www.raymond.cc/blog/how-to-hide ... h-screens/
... is vaguely familiar but maybe it is a risky site ?
------------
I found How to Stop Firefox plugin-container.exe Process? dated 15-Jul-2010 ... 7 years old.
technogadge.com solution is to disable 4 about:config items ....
BUT their are 13 preferences (in PM) starting with "dom.ipc" not 6

I found plugin-container.exe in Palemoon program root folder .. ?

Is plugin-container.exe relevant to PM today in 2017; if it is a hangover from early Fox days.
or is plugin-container.exe some sort of malware

I have done a hot system reboot, but not a cold boot ... yet !

Would appreciate some help, thank you

==================
Browser: Palemoon v27.4.0 (32-bit)
Win-7 PRO x64
Addons: (all enabled)

• Add to Search Bar 2.5-pm
  Biscuit 2.5.2
  I don't care about cookies 2.6.7 ... (jetpack?)
  S3.Google Translator

[Moonchild]

False positive.

plugin-container.exe is, as the name says, the container process for running plugins (like flash, java, etc.) - it is a separate process for "out of process plugin execution" which has several advantages, chiefly among them being stability (if the plugin crashes, the browser does not) and security (it executes with low rights, meaning if a plugin would be compromised, it is very limited in what it might do).

You could also have found this out by doing a search.
You could also have seen it was part of the official Pale Moon package by examining the .exe properties, and seeing it is digitally signed by me (and therefore not malware)

[bawldiggle]

Hi MC
Our posts crossed over just now while I compose, your reply is sitting above the advanced compose window instead of below.
You weren't their 30 seconds ago ... all good
--------
Cold OS boot
ran problem url-> how-to-hide-or-disable-annoying-software-startup-splash-screens and same problems, so I allowed the false-positive to run.
I think the problem is the "raymon.cc webpage is loaded with adds and a few flash ads as well. The page is very slow to load.
Other websites are fine, so I can only suspect the dreaded flash ads.
I can tolerate a few static ads, but some websites are just over the top. My favourite for today is

• congratulations you are our 1,000,000th viewer
  click here and you can win a truck full of gold bullion ... oh yeah ... right ... and pigs might fly
  

Looks like I will have to find an adblocker (not 'NoScript") ... I think there is an addon/extension to block Flash ads ?

Thanks MC for your very quick response on your Sunday morning (our Sunday evening) ... find some sun (if you have any) and enjoy a ...

[tenseys]

Hi MC
Our posts crossed over just now while I compose, your reply is sitting above the advanced compose window instead of below.
You weren't their 30 seconds ago ... all good
--------
Cold OS boot
ran problem url-> how-to-hide-or-disable-annoying-software-startup-splash-screens and same problems, so I allowed the false-positive to run.
I think the problem is the "raymon.cc webpage is loaded with adds and a few flash ads as well. The page is very slow to load.
Other websites are fine, so I can only suspect the dreaded flash ads.
I can tolerate a few static ads, but some websites are just over the top. My favourite for today is

• congratulations you are our 1,000,000th viewer
  click here and you can win a truck full of gold bullion ... oh yeah ... right ... and pigs might fly
  

Looks like I will have to find an adblocker (not 'NoScript") ... I think there is an addon/extension to block Flash ads ?

Thanks MC for your very quick response on your Sunday morning (our Sunday evening) ... find some sun (if you have any) and enjoy a ...

That page loads for me in about 0.25 seconds and there are no ads.

Maybe just use a regular ad blocker?

PM has its own Adblock Latitude.

There is also Ublock Origin (I use this one).

Note: I disable the adblocking for PM site as requested.

[billmcct]

Hi MC

Looks like I will have to find an adblocker (not 'NoScript") ... I think there is an addon/extension to block Flash ads ?

Thanks MC for your very quick response on your Sunday morning (our Sunday evening) ... find some sun (if you have any) and enjoy a ...

Set Flash to "Ask to Activate" on the plugins page of addons manager.
I would suggest https://addons.mozilla.org/en-US/firefo ... ck-origin/

[bawldiggle]

Apologies for my delayed acknowledgement
I have learned a lot from this thread

@ Moonchild

plugin-container.exe is, as the name says, the container process for running plugins (like flash, java, etc.) - it is a separate process for "out of process plugin execution" which has several advantages, chiefly among them being stability (if the plugin crashes, the browser does not) and security (it executes with low rights, meaning if a plugin would be compromised, it is very limited in what it might do).

I didn't know that ... thank you for the info ... I am still learning

You could also have seen it was part of the official Pale Moon package by examining the .exe properties, and seeing it is digitally signed by me (and therefore not malware)

I didn't know that info about an executable.

Only last week I discovered "Exif Tool" by Phil Harvey and today ExifToolGUI ... both downloaded but to be installed and trialled.

I have never looked at any EXE properties, I didn't know I could ... dumb, now that I think of it

----------------
@ tenseys
In hind sight Moonchild has added to my knowledge, the problem was not an ad.
Voodoo Shield (aka.VDS) is the opposite of an AV. VDS only allows white-listed executables to run, and the user (me) has to approve every non-white-listed EXE.
VDS is not like AV where program folders can be excluded, nor does VDS use heuristics to capture "threats".
If it isn't on the white-list VDS stops the process, shows an alert with options to allow, block or quarantine.
VDS is an experiment (on my part) and is proving to be extremely reliable. A lot faster than Bitdefender to identify "threats"
- VDS even caught ransom ware (in one of my stupid/careless moments) a long time before Bitdefender woke up.

I already use Adblock Latitude ... have dallied with NoScript but found it too paranoid.

----------------
@ billmcct

Set Flash to "Ask to Activate" on the plugins page of addons manager.

I have now ... and added your tip to my "Flash, tips.txt" file

uBlock Origin
AMO v1.14.18 is not available for Palemoon
PM Extensions -> uBlockOrigin (external) Github - download same version IS available for PM

----------------
SPECS
Pale Moon v27.5.1 (32-bit)
Win-7 PRO x64