Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: hijacked browser  (Read 2695 times)

grumpy old man

  • Kitizen
  • ****
  • Posts: 3763
hijacked browser
« on: June 19, 2015, 09:22:24 PM »

My web browsers both firefox and chrome have been hijacked by cassiopesa malware.

I think this was downloaded when I was updating cc cleaner and firefox noted that I needed to update flash player, I started to do this and something didn't seem quite right with installation so aborted.

I updated both CC Cleaner and Malware Bytes and have run both.  Malwarebytes picked up the casiopese and quarantined.

When I opened firefox for the first time after running malwarebytes an address appeared in address bar with cassiopesa in it although this has now disappeared.

However I am unable to now access internet and get error message 'firefox is configured to use a proxy server that is refusing connections'.

I do not know how to resolve this, can any one advise?

Thank you
gom

ps.  I have found that if I change network settings from 'use system proxy settings' to 'auto detect proxy settings for this network' I can connect to the internet but am concerned that this is still compromised by malware.
« Last Edit: June 19, 2015, 09:35:15 PM by grumpy old man »
Logged

loonylion

  • Reg Member
  • ***
  • Posts: 723
Re: hijacked browser
« Reply #1 on: June 19, 2015, 09:36:24 PM »

remove the proxy settings defined in IE. Those are the system proxy settings.
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2361
Re: hijacked browser
« Reply #2 on: June 19, 2015, 09:41:09 PM »

Logged

grumpy old man

  • Kitizen
  • ****
  • Posts: 3763
Re: hijacked browser
« Reply #3 on: June 19, 2015, 10:07:04 PM »

I have removed tick from 'use proxy server' in 'control panel/internet options/connection/LAN settings' and this appears to have resolved the problem.  Thank you for the advice.

However I would like to establish why I lost the connection in the first place, any suggestions?

Thanks

gom


« Last Edit: June 19, 2015, 10:15:42 PM by grumpy old man »
Logged

loonylion

  • Reg Member
  • ***
  • Posts: 723
Re: hijacked browser
« Reply #4 on: June 19, 2015, 10:22:43 PM »

the malware modified your internet connection so that all your traffic went through a proxy controlled by its creators, in order to either steal information from you or to modify the data you were receiving in some fashion. When the malware was removed that proxy became inaccessible.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: hijacked browser
« Reply #5 on: June 20, 2015, 09:37:55 AM »

@ Loonylion
I don't know if you would agree, but with another browser hijacker I found after a while it recurred. It was still lurking somewhere. To be sure would you think using the Bleeping Computer or Malwarebytes sites a useful extra precaution?
Logged

loonylion

  • Reg Member
  • ***
  • Posts: 723
Re: hijacked browser
« Reply #6 on: June 20, 2015, 12:56:33 PM »

yes, if you don't get rid of all traces there is a possibility it could come back (it depends if the traces you missed have the capability to do that). I'd create a thread on bleepingcomputer or somewhere similar with a hijackthis log and a malwarebytes log. Read through the logs first because you may be asked to account for the presence of certain lines, and if you can't then the advice will be to remove those lines from your system.
Logged

grumpy old man

  • Kitizen
  • ****
  • Posts: 3763
Re: hijacked browser
« Reply #7 on: June 23, 2015, 08:58:02 PM »

Thank you for explaining about modification of internet connection.  As this was causing the problem hopefully malware removed.

I could look at logs as suggested but wouldn't really know what I am looking for.

Have used web user forum and someone who knows far more than I do is looking at logs.

gom
Logged