OFFICIAL SECURITY BLOG

Much Ado About Browser Malware

September 24, 2012 | BY

Browser Malware is a constant problem for all computer users. In addition to being highly intrusive and sometimes difficult to remove, it is one of the most frequently modified types of malware currently in the wild; because of this, Anti-Malware and antivirus products may not detect and remove all new variants of browser infecting malware when they are released.  In order to keep yourself safe in the hour or so before our detection definitions are updated, we had one of our blogger / support specialist Pieter Arntz (aka Metallica) write up a guide to help you detect and remove browser malware with both Malwarebytes Anti-Malware as well as manually.

Types of browser malware
There are many types of malware that are interested in your surfing behavior and what you write online.
These browser hijackers are usually qualified as spyware or Trojans.
Other malware may take you to sites of their choice. These are usually called hijackers. Included in this category are the ones that generate pop-ups.
Not all of the above malware programs are standalone programs. You will understand that a browser extension, plugin, browser helper object or whatever the extensions of your browser are called, offer a very effective way of infiltrating your computer.

Signs of infection
Possible ways that you may notice an active browser infection are:

  • Changed homepage
  • Having to fill out online forms at least twice
  • Unusually slow browsing
  • Bookmarks that you can’t remember making (usually for online casino’s and porn sites)
  • Commercial popups appearing all the time, even when you are visiting sites that do not serve popups. These can also show up as new tabs or new browser windows.

Prevention
I can hear people saying: that won’t happen to me because I’m using {fill out the browser that you think is safest}.
But using a safer browser is not a final solution. What is generally true is that the more popular your browser is, the bigger the chance that some malware-coder is looking for a security breach.
Another big contribution to how safe you are is your behavior online. The easier you are tempted to click on anything, the bigger the chance that at some point you will be hit.
You can help your behavior by using aids that block certain sites, like for example the Website blocking feature that the full version of Malwarebytes Anti-Malware has to offer.

One thing I do myself is use two different browsers. One for the serious matters like online banking and such and one for the casual surfing, games and social media.
If they manage to infect the last one, at least I don’t have to worry so much about my important passwords getting stolen.

If you suspect that the browser malware was installed as an extension, here are the instructions to disable extensions for the most popular browsers.

How to disable IE add-ons:

  • Click the Tools button, point to Manage Add-ons, and then click Enable or Disable Add-ons.
  • In the Show list, click Add-ons that have been used by Internet Explorer to display all add-ons.
  • Click the add-on you want to disable, and then click Disable.
  • Repeat step 4 for every add-on you want to disable. When you are finished, click OK.

How to disable Chrome extensions

  • This is the method to temporarily disable extensions, but they stay disabled until you re-enable them manually.
  • Click the wrench icon on the browser toolbar.
  • Select Tools.
  • Select Extensions.
  • On the Extensions page, click Disable for the extension you’d like to temporarily remove.

How to remove Firefox extensions

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to remove.
  • Click the Remove button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

Cure
But what if the prevention didn’t work or was installed too late?
Our program Malwarebytes Anti-Malware can detect and remove these types of malware.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Update Malwarebytes Anti-Malware
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Close your browser, if possible. This is not always necessary, but when dealing with browser plugins or extensions, it will make removal easier and more complete.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected. Reboot your computer if prompted.
  • When completed, a log will open in Notepad. This should show that the browser malware was removed.
  • Run a Full scan to remove any left-overs.

Conclusion
Browser malware can pose a serious risk to your computer and even your finances, so practice safe surfing.
Make sure your security software is kept up to date and be careful out there.
As mentioned before the full version of Malwarebytes Anti-Malware offers multiple layers of protection:

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.