clicked on a site that looked real, hxxp: // firefox-setup . cz . cc/#redirect I have run the 'update' what do I do now?
I was browsing, clicked an image in google search, I was directed to a page that told me to download an update. Stupidly I did The site was hxxp: // firefox-setup . cz . cc /#redirect
What do I do now? Check for root kits?
Upravil(a) cor-el dňa
Všetky odpovede (5)
Do a malware check with a few malware scan programs.
You need to use all programs because each detects different malware.
Make sure that you update each program to get the latest version of the database before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
- http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and What to do when searches take you to the wrong search website
If you can't fix it with the above listed scanners then you need to ask advise on one of the forums that specialize in malware removal mentioned in the Popups_not_blocked article.
@cor-el
Thanks for your quick reply
I already tried Malwarebytes Anti-Malware, I'll now work through your list.
The infection doesn't seem too bad as far as malware goes, it hasn't tried to connect to the internet. All is seems to do is randomly start up Internet Explorer with different advertisements. Just IE, not Firefox, even though Firefox is my default browser.
I can't think why I was so stupid!
Those hoax "Firefox update" websites are hard to identify sometimes as not being an official Mozilla Firefox webpage - other than them being a .cc domain. It seems that as soon as one gets blocked by the anti-phishing filter another one springs up. They seem to have figured out how long it takes for one of their "fakes" to be blocked by Google and they seem to have another URL ready to go to continue with their exploits.
My advice is to use one of these forums if the other recommended programs can't find it.
* SWI Forums - http://www.spywareinfoforum.com/ * Safer Networking Forums - http://forums.spybot.info/ * Bleeping Computer Forums - http://www.bleepingcomputer.com/forums/ * http://www.spywarewarrior.com/index.php * http://forum.aumha.org/
Got rid of the randomly starting up Internet Explorer, but now another nasty has appeared: if I Google something, and click on a link it gives, I am taken to a completely different site.
This seems to be a well known exploit, (Google Redirect) and there is plenty of advice on various forums, so I will work through these to find a fix...
I've been watching the lights on my router, at least so far there are no signs I've become part of someone's botnet.
Thanks again, cor-el and the-edmeis... In future I will try not to click things without thinking first.
Sounds like trojan.tdss, have you had any redirect trojans? because they work pretty much the same.