Results 1 to 2 of 2

Thread: Malware adds host route when firefox starts

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Location
    Durham, NC, US
    Posts
    9

    Question Malware adds host route when firefox starts

    I was experiencing un-expected system slow-downs in my Windows XP Pro SP3 and started to investigate. I have run Spybot (of course), Microsoft Security Essentials, Microsoft Windows Malicious Software Removal Tool (mrt) and the AVG boot CD to try and detect what was going on. No of these suggested anything.

    Further investigation showed that host routes to specific addresses were being added to my routing tables. Locations of the (C&C?) hosts have been in Tiawan, India, Brazil and Bozeman, MT, US. Removing the route and adding a blocking route to the respective subnets alleviated some of the slowness but not re-occurances of the problem routes. netstat -b showed open ports for an instance of firefox.exe that remained in the background even after the browser was closed. Killing these and rebooting got rid of the routes. However, running firefox again brings them back.

    At this point, I am assuming I have got something like a trojan in the Mozilla Firefox start-up that is not (yet) being detected by anything I have tried. Not using firefox compleatly alleviates this problem but I personally prefer using firefox from most browsing. Does anyone recognize this behavior, know what it is and know a "cure"?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,543

    Default

    Hello CarolinaCalling,

    In case you missed it please see the FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide the preliminary DDS and aswMBR logs used for analysis. http://forums.spybot.info/showthread.php?t=288

    Then start a new topic providing the DDS and aswMBR logs as shown in that sticky with a link back to this thread and a volunteer analyst will advise you when available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •