The FIREBALL PUP, PUA, Adware or Malware Outbreak? Or just a successful Adware Campaign?

By | December 19, 2017

FIREBALL Adware or Malware?

The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user’s consent.

Our current stance is that this is a Possibly Unwanted Program (PUP) or a Possibly Unwanted Application (PUA) as it shares common traits with adware and malware. It performs questionable clickfraud like activities but it can also be uninstalled which would be very rare for malware. Once the browser is closed all activity stops as well, that makes this more of a toolbar adware type deal which typically doesn’t qualify for the full malware branding.

attirerpage[.]com
s2s[.]rafotech[.]com
trotux[.]com
startpageing123[.]com
funcionapage[.]com
universalsearches[.]com
thewebanswers[.]com
nicesearches[.]com
youndoo[.]com
giqepofa[.]com
mustang-browser[.]com
forestbrowser[.]com
luckysearch123[.]com
ooxxsearch[.]com
search2000s[.]com
walasearch[.]com
hohosearch[.]com
yessearches[.]com

 

Malware typically requires the host to be re-imaged to completely destroy all pieces of the malware, however FIREBALL can be uninstalled….proof of adware on crack?

HOW DO I REMOVE THE MALWARE, ONCE INFECTED?

To remove almost any adware, follow these simple steps:

  1. Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel.

 

For Mac OS users:

  1. Use the Finder to locate the Applications
  2. Drag the suspicious file to the Trash.
  3. Empty the Trash.

 

Note – A usable program is not always installed on the machine and therefore may not be found on the program list.

 

  1. Scan and clean your machine, using:
  • Anti-Malware software
  • Adware cleaner software

 

  1. Remove malicious Add-ons, extensions or plug-ins from your browser:
On Google Chrome:a.       Click the Chrome menu icon and select Tools > Extensions.

b.      Locate and select any suspicious Add-ons.

c.       Click the trash can icon to delete.

 

On Internet Explorer:a.       Click the Setting icon and select Manage Add-ons.

b.      Locate and remove any malicious Add-ons.

On Mozilla Firefox:a.       Click the Firefox menu icon and go to the Tools tab.

b.      Select Add-ons > Extensions.

A new window opens.

c.       Remove any suspicious Add-ons.

d.      Go to the Add-ons manager > Plugins.

e.      Locate and disable any malicious plugins.

 

On Safari:a.       Make sure the browser is active.

b.      Click the Safari tab and select preferences.

A new window opens.

c.       Select the Extensions tab.

d.      Locate and uninstall any suspicious extensions.

 

 

  1. Restore your internet browser to its default settings:
On Google Chrome:a.       Click the Chrome menu icon, and select Settings.

b.      In the On startup section, click Set Pages.

c.       Delete the malicious pages from the Startup pages list.

d.      Find the Show Home button option and select Change.

e.      In the Open this page field, delete the malicious search engine page.

f.        In the Search section, select Manage search engines.

g.       Select the malicious search engine page and remove from the list.

On Internet Explorer:a.       Select the Tools tab and then select Internet Options.

A new window opens.

b.      In the Advanced tab, select Reset.

c.       Check the Delete personal settings box.

d.      Click the Reset button.

On Mozilla Firefox:a.       Enable the browser Menu Bar by clicking the blank space near the page tabs.

b.      Click the Help tab, and go to Troubleshooting information.

A new window opens.

c.       Select Reset Firefox.

On Safari:a.       Select the Safari tab and then select Preferences.

A new window opens.

b.      In the Privacy tab, the Manage Website Data… button.

A new window opens.

c.       Click the Remove All button.

 

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *