rockhoptec
Member
- Reaction score
- 11
- Location
- Western New York
Came across this one today on a clients computer. this machine was infected to the tilt and used all the normal programs such as malwarebytes, ComboFix, multiple AVs, superantispyware, some online scanners. The viruses they had caused all sorts of problems such as could not see HDD in Disk Management, connect jumpdrive - did not show up in my computer or Disk Management. Anti-virus would not update, Security Center went nuts, Help and Support deleted and a few other weird things.
Finally got everything removed, things looked good until I went online and when I did a search and clicked on one of the choices, it would redirect to some ad sites. Looked high and low until I found this:
http://spillspace.com/2009/new-firefox-virus/
Basically the steps are:
The short fix:
You will find this one living in the extensions folder of Firefox. What you need to do is find the offending file, delete or encrypt it, then replace it with a blank dummy file.
Here are the steps:
1. Navigate to: C:\Program Files\Mozilla Firefox\extensions\, look for a folder that is a string of letters, created around the time you began having the problem. Something like “{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}”
2. Open the folder, and then open the folder called “chrome”, then “content”, and look for a file inside called overlay.xul (variants may have different names).
3. Verify that it is the virus: does it have code similar to this: click to see code
4. If you have found the culprit, delete the file (or encrypt with Axcrypt which is reversible).
5. Replace it with a blank text file with the same name and extension.
6. Repeat the process - you may have multiple copies in multiple folders.
7. Test: Go back to Google, try your search results again.
8. If no redirects: Sing Hallelujah.
The better fix:
What you will do here is the short fix listed above, plus you will also run several Malware programs, remove all old versions of Java and download the new Java. If that doesn’t cure your problem you may need to run some more serious software. Here are the steps:
1. Do the “short fix” listed above.
2. Remove old versions of Java by downloading JavaRa and unziping it to your desktop.
3. Double-click on JavaRa.exe to start the program and Click on Remove Older Versions.
4. Download and install the latest version of Java (Most likely the first download you see here).
5. Install Malwarebytes and SuperAntiSpyware
6. Update them, run them, and delete all bad stuff.
7. Shutdown, restart, run them again.
8. If you are clean then test for redirects in Google.
9. If no redirects: Sing Hallelujah.
Figured I would share this since it is only affecting Firefox and not IE. Followed the steps and everything happy again.
Thought I would share in case anyone else comes across this... if already posted sorry for the double
Finally got everything removed, things looked good until I went online and when I did a search and clicked on one of the choices, it would redirect to some ad sites. Looked high and low until I found this:
http://spillspace.com/2009/new-firefox-virus/
Basically the steps are:
The short fix:
You will find this one living in the extensions folder of Firefox. What you need to do is find the offending file, delete or encrypt it, then replace it with a blank dummy file.
Here are the steps:
1. Navigate to: C:\Program Files\Mozilla Firefox\extensions\, look for a folder that is a string of letters, created around the time you began having the problem. Something like “{BCB94CDD-5542-403F-9FB3-07D3DB1E9951}”
2. Open the folder, and then open the folder called “chrome”, then “content”, and look for a file inside called overlay.xul (variants may have different names).
3. Verify that it is the virus: does it have code similar to this: click to see code
4. If you have found the culprit, delete the file (or encrypt with Axcrypt which is reversible).
5. Replace it with a blank text file with the same name and extension.
6. Repeat the process - you may have multiple copies in multiple folders.
7. Test: Go back to Google, try your search results again.
8. If no redirects: Sing Hallelujah.
The better fix:
What you will do here is the short fix listed above, plus you will also run several Malware programs, remove all old versions of Java and download the new Java. If that doesn’t cure your problem you may need to run some more serious software. Here are the steps:
1. Do the “short fix” listed above.
2. Remove old versions of Java by downloading JavaRa and unziping it to your desktop.
3. Double-click on JavaRa.exe to start the program and Click on Remove Older Versions.
4. Download and install the latest version of Java (Most likely the first download you see here).
5. Install Malwarebytes and SuperAntiSpyware
6. Update them, run them, and delete all bad stuff.
7. Shutdown, restart, run them again.
8. If you are clean then test for redirects in Google.
9. If no redirects: Sing Hallelujah.
Figured I would share this since it is only affecting Firefox and not IE. Followed the steps and everything happy again.
Thought I would share in case anyone else comes across this... if already posted sorry for the double
