Jump to content

Recommended Posts

A few weeks ago there was an 'add-on' that tried to install itself onto my browser(firefox) and it happened randomly when I was doing nothing related to any downloading. The add-on was called mapsgalaxy. I blocked it and didn't think much of it until I saw that it had downloaded itself onto internet explorer without my consent. I did some research and couldn't find anything about it (I didn't look too much into it because I didn't feel it was a threat at the time). I wasn't able to remove it no matter what I did, so I just let it stay for a while. A couple weeks ago when I ran a Malwarebytes scan, mapsgalaxy showed up as several adware files, which I promptly removed. This morning, I finally got suspicious and decided to go through my whole registry and carefully wipe out any and all signs of this thing on my computer using the 'Find' feature with the keyword 'galaxy'. It no longer shows up in my add-on list on IE and as far as I can tell, I've deleted it completely. It will show up as maps_galaxy, mapsgalaxy_39, mapsgalaxy, anything of that sort and it was spread all throughout my registry. I'm not sure if it's at all dangerous, but it makes me a bit uneasy to think it might be, and that Malwarebytes couldn't detect and remove everything.

I emailed tech support to see if I could contribute in any way to Malwarebytes by reporting this, but they said I needed to post samples of it in the 'newest threats' section of the forum. I didn't keep any samples. The best thing I have is my Malwarebytes log from that particular scan (it was a quick scan, but I later ran a full scan and it didn't detect anything else). Not sure what else I can do, but just thought I'd try to give everyone a heads up.

Thank you!

mbam-log-2012-02-14 (20-58-17).txt

Link to post
Share on other sites

Hello, Inquistive:

No legitimate extension/add-on will automatically install itself into Firefox, and it does not turn up on a search of the AMO site (though some legitimate devs choose not to host their extensions at AMO).

And a quick Google search turns up several hits about this being some form of spyware.

Since we don't work on malware detection or removal in this particular sub-section of the forums, it might be advisable to have one of our malware experts take a peek under the hood of your system & assist you with removing this pest, if need be.

PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.

OPTION 2: For paid users of MBAM PRO, free, one-on-one, expert assistance from MBAM support.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  • If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.

  • Then please start a new post in the Malware Removal Forum.
  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.

  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:

If you are a paid user of MBAM PRO and prefer expert assistance via email, please send an email to support@malwarebytes.org, or contact the help desk here.

OPTION 3:

If you would like to use the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to our Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

PS Please use theoeXUf.png button or the XA9Ey.png message pane (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums. That will make your topic easier to follow. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.