Posted 24 December 2007 - 07:19 AM
Hi I think I have found a new kind of infection. This infection is an addserver called 'adssite'. It appears to be a very pervasive infection as literally none of the most widely known and respected spyware or malware removal tools appears able to remove it. Moreover this infection appears to be specific/restricted to the Firefox web browser only.
I will attempt to list the tools and utilities I have tried in order to remove this infection:
Sunbelt Software Counterspy
Avg Anti Spyware
Trend Micro Housecall.
Microsoft Windows Defender.
I have tried every known guide available on the Internet to try to get rid of this infection - but to no avail.
Then I had a bit of a breakthrough. I noticed that the ads were only being served by the Firefox browser - and only in a Firefox web page, when Firefox was running.
I checked all of the extensions and addon's in Firefox and this revealed nothing malicious or suspicious at all. (I of course removed all of the unwanted/unneeded software I could find from add/remove programs and disabled unneeded startup items in msconfig before even beginning this process).
The final and only conclusion I could come to therefore (and one that I am certain some people here will disagree with/dislike vehemently) is that it was the actual Firefox executable itself that had been hacked/replaced/infected.
In order to test this, after trying every possible other avenue I could think of, I opted finally to uninstall Firefox.
Now after 2 days of using IE (which I hate), there have been no more unwanted/unrequested pop-ups.
Call me crazy if you want, but my guess is that on this machine (which isn't mine BTW), it seems the owner agreed to install some malware, which in turn caused the original Open Source Firefox executable to be replaced with a hacked version - so that every time Firefox was started, the Malware reinstalled itself again.
There were no hidden memory processes, no other suspicious software installed - every anti-spyware grayware app I tried reported a clean system (at least until I restarted Firefox) and there were no indications of anything else wrong at all.
So tell me I'm crazy. Tell me it ain't so. But more than that, tell me how to reinstall Firefox without risking infection again?