Strange icons and folders, browsers forged
This took me by surprise this morning. I want to know what it is, and what could be compromised, please. It involves Chrome and Firefox. I had Chrome and Firefox opened, I was using chrome, suddenly my chrome window closed by itself, without being able to save what I was doing, then I saw my desktop and two game-like icons were appearing as if I installed them. I closed Firefox too, I use to keep my sync account logged in.
When I dared to turn on the pc again (disabling Internet connection first), I saw two more icons, two new chrome and Firefox icons, I checked the properties of the four new icons.
To my surprise, whatever it is, it was able to install itself in the Program files (x86) folder. I'm appending screenshots of the new folders that appeared since the attack, which was at 8:30 am here in Brazil. I have hidden files visible, I'm sending screenshot of the folders that have content in it.
Please give me light about what happened here, and what are my risks, is my Firefox or Chrome private information - like my passwords - compromised, I didn't open my browsers again, but I need them. My browser window was closed in front of my eyes, and files with fake applications installed, how is that possible?
Thank you very much!
Modified by jobat
All Replies (3)
See:
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
http://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Thanks cor-el, I'll do the checks that you suggested, I'm very careful when it comes to installation of "tools", "optimizers", "freebies", I don't fall easily in those traps, but it looks like I did something wrong, or my PC is unsafe. Something got into and I want to know how is such an attack, is there any flaw in one of the programs that I was using? the browsers? It's good to know what to avoid, for example extensions, add-ons, I use some. At the time I had Skype opened, and the Whatsapp webapp. This attack is automatic or not, via wifi, or as you suggest, it began in my computer. Besides healing my PC. Does somebody know if personal data is compromised?
It’s very sad, but many software downloaders/ installers will trick you into installing not only their program, but other programs as well.
You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print.
You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does.
From now on, everyone needs to Use The Manual Option to put a stop to this.
Note that these programs can also change browser/computer settings.