comscore Fireball adware affects millions of PCs in India: Here's how to check if your system is infected and clean it
News

Fireball adware affects millions of PCs in India: Here's how to check if your system is infected and clean it

You can clean your infected system by yourself, just follow this step-by-step guide.

fireball-adware

The hullabaloo over WannaCry has barely settled when Indians are now faced with an all new problem, dubbed Fireball. Unlike WannaCry, Fireball is an adware meaning it is auto-downloaded and installed in your system as an additional extension or file along with another bigger, (supposedly) more secure download. Fireball has been allegedly spread by a Chinese marketing agency and if misused, has the potential to steal all your data and gain remote access over your system. The threat was discovered by Check Point Threat Intelligence and Research team. Also Read - Beware! Scammers are using Google ads for stealing cryptocurrency

Also Read - Beware! Fake e-commerce website scams increasing during festive season sales

India is one of the worst hit countries when it comes to the adware — with over 25.3 million infections, and 20 percent of all corporate networks were compromised. The new type of adware is relatively difficult to recognize and tackle as users most often do not even realize its presence. The adware operates silently, by altering the search engine or the home page and while the changes are noticeable, users are likely to attribute it to the new design rather than treat it as a threat. Also, the nature of the adware, as it comes with licenses, makes it difficult to prove it as a threat and a hack. Also Read - Free Fire addiction lead two kids spend nearly 1 lakh from parents’ bank account

But if your system is infected, you need to take immediate steps to clean the system up. As explained, the adware is not downloaded through emails or transferred through malicious files, but is rather downloaded when you install a new program on your system. For example — You wish to download a new image editing software and download the file for the same. When you are in the process of installation and run the file on your system, there are options provided to un-check certain other “free bundled adware” that comes with the original program. While the original program is clean, downloading the free adware can lead to an infected system. ALSO READ: How to schedule WhatsApp messages on your Android smartphone

How to identify an infected system

How does a user identify if the system is infected? There are multiple ways of doing so:

1. Has your default Browser changed without your knowledge?

2. Are there weird extensions enabled on your system?

3. Has the Home Page on your browser changed?

4. Can you not modify the above changes from the settings?

5. Is your default browser now any of these:

attirerpage[.]com

s2s[.]rafotech[.]com

trotux[.]com

startpageing123[.]com

funcionapage[.]com

universalsearches[.]com

thewebanswers[.]com

nicesearches[.]com

youndoo[.]com

giqepofa[.]com

mustang-browser[.]com

forestbrowser[.]com

luckysearch123[.]com

ooxxsearch[.]com

search2000s[.]com

walasearch[.]com

hohosearch[.]com

yessearches[.]com

d3l4qa0kmel7is[.]cloudfront[.]net

d5ou3dytze6uf[.]cloudfront[.]net

d1vh0xkmncek4z[.]cloudfront[.]net

d26r15y2ken1t9[.]cloudfront[.]net

d11eq81k50lwgi[.]cloudfront[.]net

ddyv8sl7ewq1w[.]cloudfront[.]net

d3i1asoswufp5k[.]cloudfront[.]net

dc44qjwal3p07[.]cloudfront[.]net

dv2m1uumnsgtu[.]cloudfront[.]net

d1mxvenloqrqmu[.]cloudfront[.]net

dfrs12kz9qye2[.]cloudfront[.]net

dgkytklfjrqkb[.]cloudfront[.]net

dgkytklfjrqkb[.]cloudfront[.]net/main/trmz[.]exe

File Hashes

FAB40A7BDE5250A6BC8644F4D6B9C28F

69FFDF99149D19BE7DC1C52F33AAA651

B56D1D35D46630335E03AF9ADD84B488

8C61A6937963507DC87D8BF00385C0BC

7ADB7F56E81456F3B421C01AB19B1900

84DCB96BDD84389D4449F13EAC75098

2B307E28CE531157611825EB0854C15F

7B2868FAA915A7FC6E2D7CC5A965B1E

How to clean your system

Once you’ve identified that your system is indeed affected, it is possible to clean it by yourself. You only need to follow the step-by-step guide provided below. ALSO READ: 6 tips to keep your Android smartphone safe from Judy and other vulnerabilities

1. Before beginning any clean up, it might be wise to invest in a good and authentic Anti-Malware and Anti-Adware software as it can protect the system even in the future.

2. Locate the file on your system and trash it.

– For Windows users, simply open the Control Panel and remove the malicious program from the removing the application from the Programs and Features list.

– For MacOS users, user Finder to locate the infected File and drag to File to Trash folder. Immediately empty the Trash folder too.

However, if the program is not installed on the system and cannot be located on the computer, you need to run the anti-malware and anti-adware software to locate and clean the system.

3. Once the system is clean, you need to open the browser and disable any add-ons and extensions and plug-ins which can re-infect the system. Here’s how to disable the add-ons depending on the browser you use:

Google Chrome:

a. In the Menu, select Tools -> Extensions.

b. Locate and select any suspicious Add-ons.

c. Click the trash can icon to delete.

Internet Explorer:

a. Click the Setting icon and select Manage Add-ons.

b. Locate and remove any malicious Add-ons.

Mozilla Firefox:

a. Go to the Tools tab.

b. Select Add-ons -> Extensions.

c. Remove any suspicious Add-ons.

d. Go to the Add-ons manager -> Plugins.

e. Locate and disable any malicious plugins.

Safari:

a. Click the Safari tab, Select preferences.

b. Select the Extensions tab.

c. Locate and uninstall any suspicious extensions.

4. As a last step, simply reset your browser to default settings:

Google Chrome:

a. Click the Chrome menu icon, and select Settings.

b. In the On startup section, click Set Pages.

c. Delete the malicious pages from the Startup pages list.

d. Find the Show Home button option and select Change.

e. In the Open this page field, delete the malicious search engine page.

f. In the Search section, select Manage search engines.

g. Select the malicious search engine page and remove from the list.

Internet Explorer:

a. Select the Tools tab and then select Internet Options.

b. In the Advanced tab, select Reset.

c. Check the Delete personal settings box.

d. Click the Reset button.

Mozilla Firefox:

a. Enable the browser Menu Bar by clicking the blank space near the page tabs.

b. Click the Help tab, and go to Troubleshooting information.

c. Select Reset Firefox.

Safari:

a. Select the Safari tab and then select Preferences.

b. In the Privacy tab, choose the ‘Manage Website Data’ button.

c. Click the Remove All button.

Once you’re sure your system is clean, take care while installing programs in the future and remember to ‘uncheck’ all check boxes or additional bundled software program options while running the file.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: June 5, 2017 5:06 PM IST



new arrivals in india

Best Sellers