Firefox and malware detector?

Drez

I've been using the default virus protection on Windows 10 and I think it's fine. But I just came across something that tried to get me to call a number, etc., etc. I force quit Firefox from Task Manager a couple of times - it kept loading the viral site. Eventually I just force quit for a fourth (or so) time and quickly quit the 5-6 tabs the viral site tried to spawn using the close window button in the upper right.

But now I'm noticing that Firefox is spawning 6 instances of Firefox in task manager. I have 2 extensions and 2 plugins loaded. I'm fully aware of the extensions, and the plugins just seem to be codecs which I think are legit. Should I be worried? I haven't even thought about a computer virus in years.

I used to use Spybot as a secondary malware checker. Any advice on one I could use to be extra safe?

Drez

And before someone makes the joke, I consider Firefox bloatware, not malware

Hevach

The first thing you saw was a malicious popup ad - a lot of otherwise legitimate sites have them, unfortunately, because there's a precipitous falloff from the few ad services that actually protect users towards the ones that don't ask questions about the sites they're placed on. Every browser gets them and they have clever ways to bypass most ad blockers - noscript or similar add-ons will help prevent them from hurting things, but the problem usually is you allow scripts on a site you trust, which gives an ad service you don't a side door.

Firefox in recent years (like the last ten or so) has been *exceptionally* (like, worse than keeping Internet Explorer around) vulnerable to hijacks that don't show up in normal malware scans (because they're part of the Firefox.exe process), and the turnaround for fixing issues like this (which the Mozilla Foundation doesn't list as security flaws) is years to never.

To get started: Purge your plugins and everything cached except for passwords (including autocomplete data, history, etc), reset Firefox to all default settings, and run Hijackthis or something similar to look for suspicious entries.

Particularly look at things like start pages and search engines - a common hijack is to take your www.google.com start page and change it to www.malwaresite.ru/www.google.com, or your default search engine to something like www.hackers.cz/google. The malicious site redirects your home page or search results invisibly to what you originally had set, but the page is full of new invisible elements that replace or insert ads, harvest data, etc.

Going through scheduled tasks with a fine toothed comb can turn stuff up, too - this is another place for attacks that slip by antivirus because they're part of a normal Windows process, scheduled tasks can be set up to alter settings in programs or to download and execute a program automatically where the program might get caught by antivirus but the scheduled task generally won't.

zepherin

Hevach’s advice is good. In addition MalwareBytes is a good anti malware program to run.

Hevach

To add: after the problem is solved you can put your settings and add-ons back like you want, the purge is to fix malicious settings or altered plugins and isn't a permanent state.

Shadowfire

Also make sure that Firefox is not set to start up where you left off. Always have Firefox (or any browser) open to a new tab. This prevents shutting down Firefox and just reopening it back to the offending page.

Inquisitor77

Spybot has not been a great on-demand scanner for nearly a decade now. I wouldn't recommend it to anyone. In addition, if you want to be completely safe then your only real option is "Nuke from Orbit" - i.e., perform a fresh install of Windows and start over. Otherwise there is still a risk, no matter how small, that something will be left on your machine even after getting it "cleaned". This is doubly true given the existence of rootkits and similar vulnerabilities that are now consistently being exploited by bad actors.

On-demand scanners you can download and use ASAP:

Malwarebytes
Emsisoft Emergency Kit
Roguekiller

All three of these are free and work great as on-demand scanners (meaning you don't need to keep them running in the background and can just start them up to scan your PC once in a while). Note that Roguekiller is very powerful but also may require more parsing to understand its results and what to do about them, so you may want to skip it as removing a false positive could cause problems. Similarly, someone mentioned Hijackthis, which is fantastic, but you may not want to mess with it either, given its main functionality is literally editing your registry. Without the expertise to properly parse those results, you have no way of knowing whether you're about to brick your machine. And if you're going to do that then you might as well just do a fresh Windows install and save yourself the hassle.

As a future preventative measure you should install the uBlock Origin add-on to Firefox. Note I specifically said uBlock Origin, NOT plain "Ublock" or "Adblock" or "Adblocker Plus" or any of those other add-ons. This one thing, more than anything else, will prevent you from getting screwed by random malicious links on the internet. (Other than practicing safe browsing habits in general, that is.)

If you're still concerned and want more protection, Bitdefender, ESET, Webroot, and Kaspersky are all consistent high-performers with low overall machine utilization. Some, or all, of these providers offer free versions of their products for personal use - either as trials or on a permanent basis with certain features turned off. My general opinion is that if you want something like this then you might as well pay for it even if you don't use all the features, as it rewards good software makers and reinforces a healthy market dynamic (e.g., they don't have to sell your information in order to make money, which is how every "completely free!" app on the internet works nowadays). If you're willing to shell out a few more bucks and don't want just one of the aforementioned products, Malwarebytes has recently shown up as a great supplementary option that doesn't interfere with traditional antivirus programs.

Drez

Thanks all, sorry, I had a crazy day. Looking at all the suggestions now.

I think I'm mostly comfortable with my typical level of security here. I don't really wander too far from fairly vanilla sites and I never agree to anything. In fact, if you asked me right now "Drez, I heard you don't agree to anything on the internet. Do you agree?" I'd disagree. I am willing to bet my computer didn't even contract anything, I just want to make sure.

I'll read through the suggestions, though, thank you.

Drez

Malwarebytes Premium Trial found nothing. I guess that's good.

BlindZenDriver

For better security overall when browsing you could set up a virtual machine, the run your browser in that machine and also configure the virtual machine so it can not access you LAN in general.

You make a copy of the virtual machine once it is configured, then if there is ever reason to suspect issues you just nuke the virtual machine or you can just do it every time you run it as a precaution. Make a new copy of the backup machine image and run the copy as it will be like a new installed safe machine, using Firefox you can have your bookmarks saved in the cloud so they will be stored and available always.

You can even make your virtual machine a Linux one, that will make things more difficult if anything is up for those wanting to put a program on your machine and also take a way any possible software license and activation issues. Installing a plain Linux is easy.

Drez

Thanks for the suggestions.

deathnote666

As far as removing things already in there, I had a good experience with Kaspersky rescue disk 10 but looks like that's been replaced with rescue disk 18. Just watch out for false positives. https://support.kaspersky.com/viruses/krd18

TDSKiller is also a decent startup scanner but need to look out for false positives too.

Malwarebytes is amazing at removing infections. I haven't ever bought the premium to know how well it keeps things out.

Shadowfire

deathnote666 wrote: »

As far as removing things already in there, I had a good experience with Kaspersky rescue disk 10 but looks like that's been replaced with rescue disk 18. Just watch out for false positives. https://support.kaspersky.com/viruses/krd18

TDSKiller is also a decent startup scanner but need to look out for false positives too.

Malwarebytes is amazing at removing infections. I haven't ever bought the premium to know how well it keeps things out.

If anything, MBAM is a bit overzealous. I've had it block the PA forums before because of someone's sig being linked to a questionable domain. But it's really damn good.

buggybuggers

Consider getting the uBlock Origin extension. I have it on chrome and it works quite well.

Drez

Thanks will check it out.