Browser Home Page Change

I am in the process of doing a 7 day test of CIS 5.8. Although the results have been impressive so far, I ran across some malware this morning (submitted) that although stopped from other malicious activity (it was Limited in D+) was able to change the Firefox Home Page, and only a full uninstall removing Customizations would fix it. This was on Firefox 5 and 6, neither set as Default browser.

Seamonkey, IE8 were not affected.

Edit by EricJH: I removed the attached malware. It is against forum policy. I kept the file for reference

Can you repeat the test with Restricted and Untrusted Defense+ settings and let us know about results?


Great minds think alike! I just reran the test and setting D+ to Restricted still allows the change, setting D+ to Untrusted or (obviously) Blocked prevents the change.

The registry rules of defense+ contain no firefox related by default.


Very odd- I just reran that piece of malware. D+ prevents the registry modification changing IE’s home page, but the malware will not now do any damge to Firefox anymore, and God knows that I’ve tried in the past hour to reproduce this mornings events.

If any malware experts out there have a clue why this should be I would appreciate knowing.