I discovered this virus behaviour, when I just tested my simple local HTML file on FireFox only. But this virus behaviours was repeating on all sites/pages I was surfing. That is why it so f*cking sloooow.
In fact request were coming to https : // api . cpatext . ru / cpatext . js file which parse POST and GET data and did something. When I open https : // cpatext . ru I saw this:
I googled that it’s kinda virus/malware. And that there is treatment like this – remove files:
But it’s very cruel to drop all preferences. So i just run CCleaner first.
Nevertheless, real treatment is Disabling addon “NetSecurity”
I went to my Firefox Add-ons \ Extensions lists and one by one started to disable and restart FireFox. And find out, that NetSecurity does the cause.
So I disabled/enabled/disabled/enabled and I could reproduce that this vulnerability still can be active.
Crap … but now it’s fine.
PS. So where I caught this virus? I remember I was downloading DownloadApp.exe to install Adobe Audition 1.5. As result there was installed Opera for me, webget and possibly something else. Then I removed this all shit, but I did not take to account, that FireFox was updated by this crappy NetSecurity add on.
PS2. Considering that this is RU and UA domains, I would say – F*CK YOU hackers from UA and RU, WTF? Why I don’t have such issues with US/GB sites? Are there smarter people? Are they more confident than this UA/RU ppl?