BetterSurf Firefox extension appears to be malware

firefox browser-addons malware
5,732

Solution 1

It appears to be malware and is now officially blocked in Firefox. If it wasn't installed knowingly through (running) Firefox, or via a Windows software installation that also informed about adding a Firefox add-on, then it could have been installed on the system by another application (the name could be totally different) that also surreptitiously added a Firefox extension.

It would also be a good idea to further scan the system with two or more anti-malware scanners / live_CD/USB anti-malware kits. Preferably, set the scanners at the highest/strictest levels of detection so as to also detect less rated threats like PUP in addition to viruses, rootkits, trojans, etc.

From the looks of it (no Remove button) there could be two possible locations for its installation files:

  1. Firefox install_directory\browser\extensions. Usually only the default theme folder named {972ce4c6-7e08-4474-a285-3208198ce6fd} would be present here though there could also be anti-malware and other legitimate extensions.

  2. A location specified in the right pane of the relevant Windows registry HKCU or HKLM key (here also there could be listings of anti-malware and other legitimate extensions).

In either case it would be possible to uninstall the extension by deleting its file(s)/folder, and (if applicable) deleting the registry key. Please also note that if it appears even after deleting the correct file(s)/folders and/or registry key then most probably there could be another main program or a helper program running constantly or intermittently that re-installs this extension, and possibly changes Firefox settings.

Troubleshoot Firefox issues caused by malware

Solution 2

Short answer (what worked for me): disable it and delete the folder "Bettersurf" in the Program Files folder

Long answer: It happened to me after updating firefox to the recent version (25.0). The fact that I didn't install it and firefox add-ons search for the extension doesn't provide any results seems reasonable to me to assume it's a malware. So what I did, I disabled it and if you go the Program Files folder, it has created its own folder with the name "Bettersurf" and I deleted it permanently. Restart firefox and the add-on not there anylonger.

Share:
5,732

Related videos on Youtube

Christoph Rüegg
Author by

Christoph Rüegg

Updated on September 18, 2022

Comments

  • Christoph Rüegg
    Christoph Rüegg over 1 year

    When I was browsing (a local copy of a site off my own hard drive), I was greeted by a pop-up that took up the entire bottom half of my screen that detected that I was on the site that had a menu of specials, and this pop-up basically counter-offered me other specials from our client's competitors.

    A smaller, similar popup came up on the bottom right of my screen later and made reference to savings.com.

    I noticed a new Firefox extension I'd never seen: BetterSurf 1.0. Date it was updated? TODAY.

    I'm guessing I somehow got some malware. Could have come from a Firefox or Google Chrome update installation, or perhaps it was from when I downloaded and installed NetBeans 7.4 a couple of weeks ago. (Why, then, would this situation manifest itself NOW?)

    I ran MalwareBytes Antimalware (came up with over 100 suspect objects!) and rebooted. I'm not getting the pop-ups any more, and I'm also not seeing any of the subdirectories in C: that are mentioned in any answers.

    bettersurf disabled

    What is this extension and why did it appear?

    • Simon
      Simon over 10 years
      @dauber It maybe wise to download & run bleepingcomputer.com/download/adwcleaner
    • Collin Grady
      Collin Grady over 10 years
      "Could have come from a Firefox or Google Chrome update installation" - this is not possible, unless you grabbed either browser manually from an untrusted third party site.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Firefox add-ons: how to install my own local add-on (extension) permanently in Firefox?
How to get rid of the DNS Unlocker adware?
Notification saying "A new Virus is Stealing Data!" on Ubuntu 18
Firefox accusing me of distributing malware on my site
Exporting Speed Dial settings from within Firefox into Chrome Speed dial
How do I backup Firefox add-on like "Fastdial" addon for a reinstall?
How do I darken up print on individual websites?
Using the Firefox addon "Modify Headers" to change Referrer
Firefox 3.6 Kiosk mode
How can I uninstall an incompatible addon in Firefox?