Tuesday, September 9, 2014

Tuvaro Hijacks Browser - My experience with a Browser Attack

Tuvaro Hijacks Browser

The hijack of my Mozilla Firefox browser started innocuously enough. As I walked by the family computer, I noticed a window was open. The familiar steaming coffee cup logo suggested the Java program be updated.

Thinking I would help out my spouse and speed up the computer, I clicked to proceed. I deselected complimentary programs that are commonly offered with downloads. After some time, it seemed that the choices were more numerous than usual. The graphics and language seemed a bit off.

Use Caution When Updating Software


Too late I decided an update wasn't a good idea. I closed the window. Suddenly, the Firefox Browser was changed by Tuvaro. It was the same color scheme as Mozilla Firefox, but "Tuvaro" was added in the identification and replaced "Google" beside the search box. Desktop icons had been replaced with Tuvaro icons.Worse, the browser window filled up with pornographic images.

I clicked to the uninstall programs window. Tuvaro was not in the list of programs. I deleted all newly added programs that looked suspicious. This included YouTube Accelerator and Key Player Media. Then I uninstalled and reinstalled Mozilla Firefox.

Since the desktop still looked strange, I performed a system restore. This seemed to get rid of Tuvaro. Later, I found Malwaretips.com with steps for removing Tuvaro. One of those steps included running Malwarebytes Anti-Malware to clean up the system. By the way, all programs recommended to clean up your computer on that site are free.

This episode occurred 8 weeks ago. It was traumatic, and I procrastinated in writing this blog post. I have tried to describe the cyber attack as well as I can remember. I think it's human nature to want to forget unpleasant things.

The main take-away from this experience is to be very careful when downloading software or software updates. In the situation above, I should have gone to Java.com and updated directly from that website. Another suspicious Java update window has popped up since that experience, and I wasted no time in closing it.

Below is a 4-minute video that shows the browser changes after a Tuvaro attack. The video does not have vocals, but does a good job of showing the changed browsers at the beginning [of the video]. It also demonstrates another approach of redirecting your altered Firefox and Internet Explorer browsers.