JS_Harris - 1:11 am on Dec 15, 2008 (gmt 0)

A warning, a long read but this is very recent experience.

Not using IE is not the "end of problem" solution many believe it to be. Some viruses introduced and launched by IE can continue to alter your Firefox browser experience even if you have IE turned OFF. Once some viruses are live... they don't need the open door anymore even if you reboot and they WILL attack whichever browser is running from then on. Here is how I know that.

About 3 weeks ago my IE began replacing ads on whatever webpage I was visiting with a different set of ads. The ads were high quality and the execution was flawless, I only noticed something was wrong when I was in my email account and I saw the universally known (despised?) smilies and emoticons ad and thought it weird that this email service would use that ad.

I was in firefox at the time and I moved my mouse over the ad and sure enough it wasn't the ad server used by that email service. I used every free adware and spam ware and virus protection scan I could to be safe and only ONE of them detected the infection and it could not remove it. Even knowing where it is I can do nothing to prevent it from doing it's thing right now.

Like everyone I assumed using Firefox would protect me but the virus does it's thing in Firefox if it has been run, it apparently CANNOT launch itself if it's not running and you use Firefox but it can infect firefox if it is already running.

The windows firewall and virus scanners I have running did not stop this virus from being installed from the net. To block this virus I had to launch in safe mode and manually stop everything but the core files from running. The virus removal scan then worked and I did the following to make sure it can't be remotely launched via IE again...

Go to your internet connections from your IE browser, set the browser to run on a proxy and set the proxy address to use 0.0.0.0. This will effectively completely disable IE from connecting to the net by any program. After doing that I had to repeat the entire process of shutting everything down and scanning several times to only STOP the virus, it's still there but is neutered for now.

Visit a popular email service like Yahoo and hover over an ad to see if its being served by Yahoo or BlueLithium to see if you're infected too. It will only swap out ads on the first pageload or a set period of time on a domain name so check when you first get in.

edit: I want to add that this is extremely inconvenient as a webmaster because I can no longer check to see that my websites are rendering properly in IE.

[edited by: JS_Harris at 1:16 am (utc) on Dec. 15, 2008]