BombayDuck
21st Jul 2011, 15:45
My parents back in Bombay have a unique problem. They were hit by a trojan that, amongst other things, replaced the default Firefox start page with an ad for a "Pharma" site. The trojan has been removed by an AVG bootable disk, but NOTHING gets rid of the Firefox issue. Not the usual Tools > Options sequence, not an about:config solution (whatever they try keeps getting replaced with the Pharma URL).
I even tried to get them to uninstall FF, but there seems to be no uninstaller. Eventually, they've installed Chrome, and I'm advising them to delete the FF directory and User Data and do a manual fresh install. There's only so much I can do on the phone from 5,000 miles.
But how does this happen, and how can it be prevented? They run a limited user account and I believe their antivirus was up to date. Also, I'd installed Adblock for them last time around, though not NoScript.
If I was hit by such an infection, what would be a good way to solve it?
I even tried to get them to uninstall FF, but there seems to be no uninstaller. Eventually, they've installed Chrome, and I'm advising them to delete the FF directory and User Data and do a manual fresh install. There's only so much I can do on the phone from 5,000 miles.
But how does this happen, and how can it be prevented? They run a limited user account and I believe their antivirus was up to date. Also, I'd installed Adblock for them last time around, though not NoScript.
If I was hit by such an infection, what would be a good way to solve it?