I got a virus that installed a proxy on my PC!
Last night I was installing a software and it tried to install SEVERAL viruses on my pc that I successfully managed to stop the installation. But I got another serious threat that I want to know whether it's still there and how can I get rid of it.
When I opened the software I was trying to install, it automatically opened a new tab on my Firefox opened window and in that same instant I knew something wrong was happening. The thing is that it loaded some pages in the same tab, using a full redirection so I couldn't go back to them and it ended in a modified Google (www.google.com/"something"). The thing is that I tried to go to the download page and Firefox started telling me THAT IT DIDN'T EXIST, then I knew something heavy was going on. I used the Reset tool (about:support) and parts of the virus got lost in the process. But the thing is that even when Firefox is set to start at https://www.google.com.uy or even when I put the blank page option for starting, it ALWAYS redirects me to the page of the virus ( http://www.istartsurf.com/?type=sc&ts=1412823435&from=sky&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EHK4239242392 ) and if I then open another tab/window without closing the main, it justs do as I configured it (home: google, new page: blank).
Since I already reset Firefox, I want to know whether I should use another mechanism (likely deleting the entire ...\AppData\Roaming\Mozilla folder) or just reinstalling Firefox? I have already passes a full scan of my PC with AVG Internet Security 2015 (found 23 virus on the virus main folder and some Windows folders) and passed Ccleaner against every Firefox component.
If I forget about adding anything, please let me know.
Chosen solution
One last thing you can do is check to make sure your shortcuts haven't been modified by the malware. Right click the Firefox/Internet Explorer shortcut and select Properties. Check the target line in the Shortcut tab - if it contains a web address after the application executable, that is what is causing your browser to start up in those pages.
If you are still experiencing problems with malware then as Tyler posted above, using a forum dedicated to removing malware can give you more detailed information and steps for removing malicious files on your computer.
- Bleeping Computer Forums - http://www.bleepingcomputer.com/forums
- Spyware Warrior Forums - http://www.spywarewarrior.com/index.php
- SWI Forums - http://www.spywareinfoforum.com/
Please see Troubleshoot Firefox issues caused by malware for more information
Read this answer in context 👍 1All Replies (6)
Hello,
It is recommended to run different anti-virus programs - while some anti-viruses are great, I don't think they are able to every single malicious application. By having multiple anti-malware scanners (only have one program doing real-time protection or they may interfere with each other), you're more likely to catch all of them as they each use different techniques.
Some viruses also leave residual damages after removal - some are known to modify the Windows HOSTS file. In those cases you may need additional steps, such as (in the case of the modified HOSTS file, https://support2.microsoft.com/kb/972034).
You can try these free programs to scan for malware, which work with your existing antivirus software:
Hi Cory,
HOSTS file is clean. Since I've already worked with MalwareBytes, that was my first try after your suggestion. THIS: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml amongst another 20-ish files under Internet Explorer and the Windows Registry were the guilties of this strange behaviour. I'm amazed AVG Internet Security was unable to find it. I don't know how it didn't occur to me to look inside the plugins folders (inside Firefox I found none new).
I'll let you know whether I was able to remove the bastard.
Ok,
Even though MalwareBytes found and eliminated the threats, supposedly at least, I still have the same page when I start Firefox or Internet Explorer. Tonight I'll try your other suggestions and let you know.
Thanks before hand.
If you can't figure out the virus with the links above, try a forum dedicated to virus removal, such as http://www.bleepingcomputer.com/
Chosen Solution
One last thing you can do is check to make sure your shortcuts haven't been modified by the malware. Right click the Firefox/Internet Explorer shortcut and select Properties. Check the target line in the Shortcut tab - if it contains a web address after the application executable, that is what is causing your browser to start up in those pages.
If you are still experiencing problems with malware then as Tyler posted above, using a forum dedicated to removing malware can give you more detailed information and steps for removing malicious files on your computer.
- Bleeping Computer Forums - http://www.bleepingcomputer.com/forums
- Spyware Warrior Forums - http://www.spywarewarrior.com/index.php
- SWI Forums - http://www.spywareinfoforum.com/
Please see Troubleshoot Firefox issues caused by malware for more information
Ok... this is turning even more weird every time. Trying out Cory's suggestion, I found that the IE shorcut from my Start (Windows 8.1 Start) and the Firefox link I had on my Taskbar were somehow modified to open the virus webpage.
Thus, opening Firefox from C:\Program Files (x86)\Mozilla Firefox\Firefox.exe and opening IE from Win + R -> iexplore didn't open the virus page. It seems like my Start IE shorcut has been modified to include the virus page, could remove it by going to C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.
I don't know whether the virus is still alive somewhere else in my system though, and I'll probably end up performing a Windows 8.1 clean install.
Thanks a lot for your help guys!