Resolved - Firefox Virus issue's

[Marsden 1st MRB]

Name: Cody J. Marsden

Rank: Gunnery Sergeant

Type of issue: Software/Anti-virus

Brief Description of Issue: So at one point when I was installing DayZ commander I inadvertently clicked on an advertisement and downloaded the wrong file. I have gone through and done what I can to try and rectify this but am still getting issues with random adds popping up in the bottom right of my screen (most often a "Google" work from home add). Additionally I get random new tabs opened to F2P web based games and other items. It is making it so I am concerned about entering my passwords on Firefox any longer. I have run Maleware Bytes, Spybot Search&Destroy, AVG and Kapersky to no results. A tertiary issue I have noticed is often random words on my pages will be highlighted in blue with a double underscore with a direct link to (http://www.1stmarineraiders.com/index.php?act=post&do=new_post&f=19# [is just the link location given right now but when I select it goes elsewhere]{Link for google pop up [removed link for now so no one accidentally opens it] I don't know what information you would need to assist in a scrub of my browser but it would be much appreciated.

Thank you for your time.

***Medical Supply Staff ONLY Below this line***

Current Status: (Researching, Pending Reply, Resolved, Unresolved) Pending Reply.

Main Technician: Sgt. J. Bradley

Supporting Technician:

Edited January 31, 2014 by T. Brown 1st MRB

[Bradley 1st MRB]

Reinstalling your browser might do the trick, just remember to back up any favourites you might have.

Check to see if there are any unusual programs installed on your machine.

I'm assuming you're using Windows, open Task Manager and see if there are any unusual processes running (Googling a process will give you more info on it).

If you're still having no luck you could try running a system restore to before you downloaded the file.

Hope this helps.

[T. Brown 1st MRB]

First off, you're correct in suspicions when entering passwords/usernames. I'd recommend not doing that for now.

Along with Bradley's queries, here's some more questions that will help us pinpoint just how serious a virus this is.

I'm assuming you downloaded the file and opened it, as opposed to just downloading it, noticing the error, and not opening it, correct?

Do you get popups when no browser is open? Is it ONLY when Firefox is up?

Has it changed your home page at all, or any of your other settings?

Finally (this is most important right now):

Open firefox.

Go to Options.

Then Advanced.

Click on the Network tab in there, then click on Settings (to the right of "How Firefox Connects to the Internet").

Check and see if it is set to connect to a proxy. If yes, make it set to no proxy, close options and firefox, then open it again and check to see if it reversed what you just did, then post and tell us what happened.

It COULD be just a simple browser-based thing (fixed by re-install of browser), or it could have messed with your registry and re-installing the browser will be fairly asinine. The answers to these questions will help us know what you have to do to be confident that no key-logger or other malicious spyware/malware is installed.

[Marsden 1st MRB]

So far I do not get any out of browser pop-ups, there is currently no proxy settings to my browser either. My homepage is still the same as well. Thus far I have removed the strange processes and their associated files but the issues in my browser remain which make me think it is add on based.

[T. Brown 1st MRB]

That's good! Those horrible ones that force the browser into proxy redirects are a pain. Here's one more question I forgot:

If you google something, does it go to a google page, or does the URL at the bottom show a redirect site?

Look where this arrow is pointed; if no redirect, it'll show google or something similar. If there is redirect, it'll show a weird site and may come up with a weird search site instead of google's normal one.

[Marsden 1st MRB]

just googles, however weird redirect happens if i scroll and the corner add comes up. And if the corner add comes up I have to back twice to get off the page, first back will put me to what I was looking at without the add again.

Also when I got back to the thread from posting this it started connecting to some superfish.com shit and idrlc.com I believe were the two I saw, when hovering over the add it links to dv1q1p4wbzam8w.sitescoutadserver.com and then further URL ness

(full URL if needed: http://mot.sitescoutadserver.com/click/Y2x...ja2VuYyUyNTNE/)

Edited January 31, 2014 by Marsden 1st MRB
More Info

[T. Brown 1st MRB]

Well sounds like it is some malicious re-direct code strictly Firefox-based then, which is good (well, better than the alternative). We can just try uninstalling Firefox and re-installing it to get rid of it; that's the easiest step before proceeding with system restores and whatnot.

Do you use Chrome at all? Or any other browser? You have some options available to you when re-installing Firefox that will allow you to save your Firefox settings. You can manually save the folders themselves, or you can import them into another browser and switch to using that (i.e. Chrome has a really easy feature to do this), or you can save the entire Firefox profile itself...all kind of depends on what you want to keep.

https://support.mozilla.org/en-US/kb/Recove...20old%20profile

This has all sorts of info on saving profiles.

If you just want to save bookmarks, this:

Open your current Firefox settings (AKA Firefox profile) folder using

Help > Troubleshooting Information > "Show Folder" button

In the folder that opens, double click the bookmarkbackups folder.

Copy all the files here to a safe location, e.g., USB flash drive, your Dropbox account, attach to an email and send to your webmail account, etc. Although in theory you only need the latest one, in case that is corrupted, take them all.

https://support.mozilla.org/en-US/kb/uninst...-your-computer: Easy directions on how to uninstall.

Try re-installing Firefox and seeing if that fixes the problem. Make sure and browse a good amount upon re-installation to make sure you're confident that the problems are no longer persisting BEFORE you try putting in passwords or anything else you're nervous about. If you feel up to it, you can always restart your computer and enter into safe mode, then reinstall. This will prevent any malicious code from reaching out into the internets. However, you probably won't need this if all your problems are confined to the browser.

[Marsden 1st MRB]

This issue has been resolved through a re-install. thank you MSO staff, I loves you all.

[T. Brown 1st MRB]

Yay!