Were do suspicous add-ons Download Keeper come from?
Today, I noticed an advertisement on a page I visited. This advertisement was labelled "Download Keeper" and showed a few pictures with products and prices in dollars. I didn't expect such advertisements on the site in question and so I looked more closely at it. In the mark-up, I find a lot of elements containing classes starting with SF_ like SF_IIAD_EXPL and url's starting with http://www.superfish.com. Also, some javascript files are loaded from http://rvzr-a.akamaihd.net. Then, I looked at my add-ons and found 4 suspicious ones: DDoowload keeper 1.6 DoWnlOad KeeEper 1.6 Download keeper 1.6 DownnlOadd KeepEr 1.6 How could these have come here? I certainly didn't add them intentionally. Will they have come in with some software installer? Is there some way I can prevent these types of add-ons to be installed?
Gekose oplossing
I should mention that in Windows 8's Programs and Features control panel you can sort by date as one tool for investigating which programs installed together or very close in time.
Lees dié antwoord in konteks 👍 1All Replies (7)
Sometimes when you download and install software it includes a bundle of undisclosed programs...
I suggest disabling ALL nonessential or unrecognized add-ons on these two tabs:
- orange Firefox button (or Tools menu) > Add-ons > Plugins category
Set unimportant plugins to "Never Activate"
- orange Firefox button (or Tools menu) > Add-ons > Extensions category
Click Disable for unimportant or unwanted extensions
Usually a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
Although you may be tempted to remove some of them immediately, before doing that, I suggest seeing whether some more general malware scans will clean them up so they don't get re-injected into Firefox. This article has a range of free tools you can use for that: Troubleshoot Firefox issues caused by malware.
Gekose oplossing
I should mention that in Windows 8's Programs and Features control panel you can sort by date as one tool for investigating which programs installed together or very close in time.
Indeed, in installed programs, a program DownlOad KeepEr, (or some other weird casing sequence, I forgot to write it down before uninstalling) was present. The same date, I installed Java 7 Update 40 (both 32- and 64-bit) and some NVIDIA drivers: NVIDIA HD Audio-stuurprogramma 1.3.26.4, NVIDIA Grafisch stuurprogramma 327.23 and NVIDIA 3D Vision stuurprogramma 327.23 (Dutch versions). I downloaded these from http://www.nvidia.com/Download/Scan.aspx?lang=en-us. I revisited this site an recall that I followed the link The NVIDIA Smart Scan requires the latest version of Java. There is also a message on the page about the Java Deployment Toolkit being disabled, because this plug-in contains vulnerabilities. I cannot remember whether I activated it. Anyway, I am not sure if this has anything to do with the Download Keeper plug-in, but thank you for pointing me in the right direction for getting rid of it.
First download the latest version UnHackMe from our site. link to questionable download removed by moderator. Open the archive and start the unhackme_setup.exe.
When the installation is over you will see the main UnHackMe screen.
Click on the Advanced button and choose "Send report to the support center"; in the popup menu. Follow the instructions.
The report file (regrunlog.txt) will be saved on your Desktop.
Attach it to your ticket and click on the Browse button and then to the regrunlog.txt file.
Don't insert the report text directly into the message text! We won't be able to analyse such a report.
Describe your problem in detail. Add the screenshot, your antivirus log or suspicious files.
Thank you for cooperation!
Gewysig op
The "UnHackMe" download link in the last post was removed as questionable software.
As posted earlier in this thread, This Mozilla Support article has a range of free tools you can use to scan for malware:
Ok But computer has infected. I want to help. You can use the free utility - RegRun Reanimator. Mode - 'Fix Problems... / Fix Browser Redirect' or 'Send Report'.
tomatto007,
This forum is not the right place to help users remove malware from their computer.
That being said, forum contributors do sometimes include links to a very small number of malware removal tools which are listed in the Troubleshoot Firefox issues caused by malware article, along with links to specialized malware removal forums for users who need more help. Links to other malware removal tools or direct links to installers are removed by moderators to protect Firefox users from questionable or potentially harmful software.
P.S. Since the original poster has reported that his issue is now solved, I'm closing this thread.
Gewysig op