Download.com installed persistent malware into Firefox
by Chevy-SS - 8/21/13 6:56 AM
Well, I recently spent about 10 hours getting rid of malware, which showed up as an extension (called toparcadehits) in Mozilla Firefox 23. It snuck in piggybacked onto a screen saver from CNET's Download.com.
The malware originally showed on scans (Malwarebytes) but after I deleted the indicated infected files, there was nothing detected. But still the extension was in my browser.
I even used a regedit search for every key that contained anything named 'toparcadehits' and removed a bunch of entries. But still the extension was in my browser.
I also totally removed Firefox using Revo Uninstaller, and again went through the entire system and registry, removing anything that was associated with Mozilla or Firefox. Scans by Malwarebytes, SuperAntiSpyware and Microsoft Security Essentials show my system as clean. And yet, when I reinstalled a fresh Firefox, there was the extension again - it had installed itself immediately.
I finally seemed to get rid of it after turning off System Restore and then booting into Safe Mode and going through the detection/removal processes all over again.
CNET - what happened to you folks? Why are you allowing this type of malware to be piggybacked onto your downloads? CNET was just about the only site I trusted for downloads, but not any more. I'm very disappointed.