Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Malware hidden from scans

  1. Nov 26, 2014 #1
    I have recently had some malware infect my Internet sites, of three types all at once
    one, a webpage will disappear and in its place a page saying "And now a word from our sponsors... you will be redirected in a moment" (at which point I kill it);
    two, words on the web page are double-underlined and a window appears for it, and
    three, pop-ups).
    I scanned and cleaned the computer with the (free versions of the ) following programs:
    Super Anti-Spy
    Junk Removal Tool
    (I also then scanned it with HitmanPro, but no results were found, which is good because it won't fix anything unless you buy it.)
    Of course even before that I looked for unwanted programs in Control Panel>Programs and Features, but naturally not all sneaky programs are listed.
    I also read of Combofix, but it was advised not to use it unless I had considerable technical knowledge, which I don't.
    Anyway, with all these attempts, the infections are still there. Well hidden. What else can I do?
  2. jcsd
  3. Nov 26, 2014 #2


    User Avatar
    2017 Award

    Staff: Mentor

    Do you have them independent of the browser? They could be some sort of browser plugin.
  4. Nov 26, 2014 #3
    Good question. So far I have been using only Firefox. I just tried Internet Explorer and Chrome, and the problem doesn't arise on a five-minute trial, but I shall try using only the other two browsers for a while to see what happens. So, let us assume that it is only Firefox. How do I go about getting rid of the plug-in or whatever it is?
  5. Nov 26, 2014 #4


    User Avatar
    Science Advisor

    (Firefox) Click on tools -> add-ons. Look at extensions and plugins to see if you have anything unusual.
  6. Nov 26, 2014 #5


    User Avatar
    2017 Award

    Staff: Mentor

    And if they don't show up there, save your bookmarks and so on before if you want to keep them, deinstall Firefox, remove the folder (if still there) and reinstall.
  7. Nov 26, 2014 #6
  8. Nov 26, 2014 #7
    Thanks, mathman, mfb, and StevieTNZ. (Sorry for the delay in the reply: different time zone) I will try one thing at a time. First, mathman's suggestion: in "Add-ons" I have three items, two of which are disabled and known, but one of which is odd: it is listed as "S-Foxer 1.2" from "sfoxer", with a website listing email address, and installed last Sunday. I googled "S-foxer" but the search came up with nothing. For the moment I have disabled it, but before removing it altogether will wait to see if (a) that solves it, and (b) any of you helpful people can tell me whether it is something legit. Thanks!
  9. Nov 27, 2014 #8
    I get the impression it wouldn't be an add-on in Firefox causing the page re-directs and links appearing with pop-up boxes, but I could be wrong.
  10. Nov 27, 2014 #9
    I used Firefox for a whole day after I had disabled that add-on, and no more pop-ups and underlinings occurred; they also didn't occur in the other two browsers. So, apparently that was the problem. It's nice to have the other suggestions for the future, though. So, again many thanks to all three of you who responded!
  11. Nov 28, 2014 #10
    Malware rarely ever installs itself in isolation. If a toolbar/add-on managed to get on your system, it's likely there's other things on there too.
    I would suggest running some scans on your computer in addition to just disabling add-ons. First do a full system scan with whatever antivirus software you are currently using. Fix/Clean/Quarantine if it finds things.

    Then go get MalwareBytes anti-spyware, the free version

    This is one of the best free tools available. Download>Install>Update>Scan>Clean>Reboot>Scan>Clean>Reboot.

    Once you have done scanned and cleaned twice, you'll effectively have the system about as clean as it's going to get without getting help from someone trained in using tools like Hijackthis. In the majority of cases, just doing a Malwarebytes scan is good enough.
  12. Nov 28, 2014 #11
    Thanks, Routaran. However, notice that in my original post I mentioned that I had scanned my system with Malwarebytes as well as a few other good cleaning programs that I listed. In fact, I scan with Malwarebytes and Super Anti-Spy regularly. As you say, good programs.
  13. Nov 28, 2014 #12
  14. Nov 29, 2014 #13
    Thanks for the good suggestions and links, Routaran. Very good idea.
  15. Dec 14, 2014 #14
    Installing the FireFox addon "NoScript" will dramatically lower your odds of getting this type of adware again ... http://en.wikipedia.org/wiki/NoScript [ it's free ]
  16. Dec 14, 2014 #15
    Thanks, BOb-A. Sounds very good. I presume I can add to the whitelist, which is good, except that I would have to investigate which of the sites I use depend on JavaScript. What is your comment to the following notes in the link you sent?
    "NoScript's default behavior is to block all scripts that are not whitelisted. This may prevent a large number of sites from automatically working due to their reliance on JavaScript technologies ..... Users may find this behavior overkill, unnecessary, or tedious despite the additional security."
  17. Dec 14, 2014 #16
    There is always a trade-off between security and convenience : unlocked doors are more convenient than locked ones , but unlocked ones are not secure,

    Without something like NoScript your doors are unlocked : and are vulnerable to driveby-downloads.

    Once you've white-listed your frequently-visited trusted-websites , NoScript is not very intrusive ,
    ( it blocks animated-adverts that require adobe-flash which are intrusive , and use lots of internet bandwidth and CPU ).

    I would not browse the internet without NoScript or an equivalent.
    Last edited: Dec 14, 2014
  18. Dec 15, 2014 #17
    Thanks, BOb-A and Ross Franklin.
    BOb-A: sounds good (I looked up other reviews): I will try it.
    Ross Franklin: that link is about one particular Trojan (Hey, how did you know that I can read Russian? ), but it does give some general methods as well. Thanks, спасибо.
  19. Dec 15, 2014 #18
    I use malwarebytes, It stores the threat in quarantine, so if u have not deleted it yet, then please do so.
  20. Dec 15, 2014 #19
    Thanks for trying, ImperialThinker (avatar Dr. House), but if you go back to my original post, I explicitly mentioned that Malwarebytes did not catch the problem. I found the problem the way mathman (above) suggested. However, I appreciate the effort.
  21. Dec 15, 2014 #20
    noma: Instead of Noscript (which I've used, and found tedious to use), I use Ghostery and AdBlock. I never get redirected anywhere, no ads to click on, and can watch 8-second videos without a 30 second advertisement.
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Similar Discussions: Malware hidden from scans
  1. Equation Scanning (Replies: 3)