X
Tap here to go to the mobile version of the site.

Support Forum

This thread was closed and archived. Please ask a new question if you need help.

I got a virus that installed a proxy on my PC!

Posted

Last night I was installing a software and it tried to install SEVERAL viruses on my pc that I successfully managed to stop the installation. But I got another serious threat that I want to know whether it's still there and how can I get rid of it.

When I opened the software I was trying to install, it automatically opened a new tab on my Firefox opened window and in that same instant I knew something wrong was happening. The thing is that it loaded some pages in the same tab, using a full redirection so I couldn't go back to them and it ended in a modified Google (www.google.com/"something"). The thing is that I tried to go to the download page and Firefox started telling me THAT IT DIDN'T EXIST, then I knew something heavy was going on. I used the Reset tool (about:support) and parts of the virus got lost in the process. But the thing is that even when Firefox is set to start at https://www.google.com.uy or even when I put the blank page option for starting, it ALWAYS redirects me to the page of the virus ( http://www.istartsurf.com/?type=sc&ts=1412823435&from=sky&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EHK4239242392 ) and if I then open another tab/window without closing the main, it justs do as I configured it (home: google, new page: blank).

Since I already reset Firefox, I want to know whether I should use another mechanism (likely deleting the entire ...\AppData\Roaming\Mozilla folder) or just reinstalling Firefox? I have already passes a full scan of my PC with AVG Internet Security 2015 (found 23 virus on the virus main folder and some Windows folders) and passed Ccleaner against every Firefox component.

If I forget about adding anything, please let me know.

Last night I was installing a software and it tried to install SEVERAL viruses on my pc that I successfully managed to stop the installation. But I got another serious threat that I want to know whether it's still there and how can I get rid of it. When I opened the software I was trying to install, it automatically opened a new tab on my Firefox opened window and in that same instant I knew something wrong was happening. The thing is that it loaded some pages in the same tab, using a full redirection so I couldn't go back to them and it ended in a modified Google (www.google.com/"something"). The thing is that I tried to go to the download page and Firefox started telling me THAT IT DIDN'T EXIST, then I knew something heavy was going on. I used the Reset tool (about:support) and parts of the virus got lost in the process. But the thing is that even when Firefox is set to start at https://www.google.com.uy or even when I put the blank page option for starting, it ALWAYS redirects me to the page of the virus ( http://www.istartsurf.com/?type=sc&ts=1412823435&from=sky&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EHK4239242392 ) and if I then open another tab/window without closing the main, it justs do as I configured it (home: google, new page: blank). Since I already reset Firefox, I want to know whether I should use another mechanism (likely deleting the entire ...\AppData\Roaming\Mozilla folder) or just reinstalling Firefox? I have already passes a full scan of my PC with AVG Internet Security 2015 (found 23 virus on the virus main folder and some Windows folders) and passed Ccleaner against every Firefox component. If I forget about adding anything, please let me know.

Chosen solution

One last thing you can do is check to make sure your shortcuts haven't been modified by the malware. Right click the Firefox/Internet Explorer shortcut and select Properties. Check the target line in the Shortcut tab - if it contains a web address after the application executable, that is what is causing your browser to start up in those pages.


If you are still experiencing problems with malware then as Tyler posted above, using a forum dedicated to removing malware can give you more detailed information and steps for removing malicious files on your computer.

Please see Troubleshoot Firefox issues caused by malware for more information

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 15.0 r0
  • Next Generation Java Plug-in 11.20.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.9
  • 5.1.30514.0
  • The plugin allows you to have a better experience with Microsoft SharePoint

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

More Information

CoryMH 229 solutions 1076 answers

Helpful Reply

Hello,

It is recommended to run different anti-virus programs - while some anti-viruses are great, I don't think they are able to every single malicious application. By having multiple anti-malware scanners (only have one program doing real-time protection or they may interfere with each other), you're more likely to catch all of them as they each use different techniques.

Some viruses also leave residual damages after removal - some are known to modify the Windows HOSTS file. In those cases you may need additional steps, such as (in the case of the modified HOSTS file, https://support2.microsoft.com/kb/972034).

You can try these free programs to scan for malware, which work with your existing antivirus software:

Hello, It is recommended to run different anti-virus programs - while some anti-viruses are great, I don't think they are able to every single malicious application. By having multiple anti-malware scanners (only have one program doing real-time protection or they may interfere with each other), you're more likely to catch all of them as they each use different techniques. Some viruses also leave residual damages after removal - some are known to modify the [https://en.wikipedia.org/wiki/Hosts_file Windows HOSTS] file. In those cases you may need additional steps, such as (in the case of the modified HOSTS file, https://support2.microsoft.com/kb/972034). You can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner AdwCleaner] (for more info, see this [http://www.bleepingcomputer.com/download/adwcleaner/ alternate AdwCleaner download page]) * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] * [http://support.kaspersky.com/viruses/disinfection/5350 Anti-Rootkit Utility - TDSSKiller]

Helpful Reply

Hi Cory,

HOSTS file is clean. Since I've already worked with MalwareBytes, that was my first try after your suggestion. THIS: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml amongst another 20-ish files under Internet Explorer and the Windows Registry were the guilties of this strange behaviour. I'm amazed AVG Internet Security was unable to find it. I don't know how it didn't occur to me to look inside the plugins folders (inside Firefox I found none new).

I'll let you know whether I was able to remove the bastard.

Hi Cory, HOSTS file is clean. Since I've already worked with MalwareBytes, that was my first try after your suggestion. THIS: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml amongst another 20-ish files under Internet Explorer and the Windows Registry were the guilties of this strange behaviour. I'm amazed AVG Internet Security was unable to find it. I don't know how it didn't occur to me to look inside the plugins folders (inside Firefox I found none new). I'll let you know whether I was able to remove the bastard.

Question owner

Ok,

Even though MalwareBytes found and eliminated the threats, supposedly at least, I still have the same page when I start Firefox or Internet Explorer. Tonight I'll try your other suggestions and let you know.

Thanks before hand.

Ok, Even though MalwareBytes found and eliminated the threats, supposedly at least, I still have the same page when I start Firefox or Internet Explorer. Tonight I'll try your other suggestions and let you know. Thanks before hand.
Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 answers

If you can't figure out the virus with the links above, try a forum dedicated to virus removal, such as http://www.bleepingcomputer.com/

If you can't figure out the virus with the links above, try a forum dedicated to virus removal, such as http://www.bleepingcomputer.com/
CoryMH 229 solutions 1076 answers

Chosen Solution

One last thing you can do is check to make sure your shortcuts haven't been modified by the malware. Right click the Firefox/Internet Explorer shortcut and select Properties. Check the target line in the Shortcut tab - if it contains a web address after the application executable, that is what is causing your browser to start up in those pages.


If you are still experiencing problems with malware then as Tyler posted above, using a forum dedicated to removing malware can give you more detailed information and steps for removing malicious files on your computer.

Please see Troubleshoot Firefox issues caused by malware for more information

One last thing you can do is check to make sure your shortcuts haven't been modified by the malware. Right click the Firefox/Internet Explorer shortcut and select Properties. Check the target line in the Shortcut tab - if it contains a web address after the application executable, that is what is causing your browser to start up in those pages. ----------------------------- If you are still experiencing problems with malware then as Tyler posted above, using a forum dedicated to removing malware can give you more detailed information and steps for removing malicious files on your computer. * Bleeping Computer Forums - http://www.bleepingcomputer.com/forums * Spyware Warrior Forums - http://www.spywarewarrior.com/index.php * SWI Forums - http://www.spywareinfoforum.com/ Please see [[Troubleshoot Firefox issues caused by malware]] for more information

Question owner

Ok... this is turning even more weird every time. Trying out Cory's suggestion, I found that the IE shorcut from my Start (Windows 8.1 Start) and the Firefox link I had on my Taskbar were somehow modified to open the virus webpage.

Thus, opening Firefox from C:\Program Files (x86)\Mozilla Firefox\Firefox.exe and opening IE from Win + R -> iexplore didn't open the virus page. It seems like my Start IE shorcut has been modified to include the virus page, could remove it by going to C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.

I don't know whether the virus is still alive somewhere else in my system though, and I'll probably end up performing a Windows 8.1 clean install.

Thanks a lot for your help guys!

Ok... this is turning even more weird every time. Trying out Cory's suggestion, I found that the IE shorcut from my Start (Windows 8.1 Start) and the Firefox link I had on my Taskbar were somehow modified to open the virus webpage. Thus, opening Firefox from C:\Program Files (x86)\Mozilla Firefox\Firefox.exe and opening IE from Win + R -> iexplore didn't open the virus page. It seems like my Start IE shorcut has been modified to include the virus page, could remove it by going to C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs. I don't know whether the virus is still alive somewhere else in my system though, and I'll probably end up performing a Windows 8.1 clean install. Thanks a lot for your help guys!