A Bad Case of the Babylon's

[BobH]

I checked my email a bit ago and read messages from sources I trust and from whom I've received clean email in the past. One of them was from my brother who, at near 80, is not savvy when it comes to computers. He can surf and send emails but he doesn't really understand much about what happens behind the curtain. I suspect that it was the email from him that gave me the case of the Babylon's (Babylon search engine and toolbar installing themselves).

It's possible that the crapola came from one of the 3 or 4 other emails I opened; so, the question is, "How does malware attach itself to email and install itself in your browser? Or is this one of the mysteries that I must attain the 33rd degree to discover? However it happened, it got past MSE.

Another issue appeared after I did my best to clean up add-ons and programs installed on the computer to rid myself of babylon and restarted Firefox. After logging in to each of 3 or 4 forums I visit regularly, I got a drop down from the address bar asking me if I wanted to have Fx save my passwords. Is this yet another babylon or is there and Fx setting that the malware exploited?

TIA

[HansV]

Did you open an attachment in one of those e-mails?

The question about passwords may well be a legitimate one that reappeared because removing the toolbar reset some Firefox options.

[Roderunner]

Bob, AFAIA, MSE doesn't scan Emails but Avast does.

[HansV]

Microsoft Security Essentials by default scans e-mail attachments when you open them or save them to disk.

MSE.png

[BobH]

I don't recall opening an attachment but I do recall clicking a link.

I seem to have rid the machine of Babylon (at least from outward appearance; haven't looked into the Registry), and I think I figured out that the Tools|Options|Security box for Remember Passwords for Sites got checked by whatever the bad wind was. I took care of that and the drop down option from the address bar seems to have gone away.

Thanks for your help!

[BobH]

FWIW:
To remove Babylon search engine and toolbar, I first used CP to Add/Remove programs. There was an entry there for both the toolbar and the search engine, both of which I removed.

Second, I went to Firefox Tools|Add-ons and removed everything that had Babylon in its name. I think there were 2 entries, but I'm not certain of that. I deleted them, not disabled them.

The search engine persisted displacing my search engine of choice. I discovered by searching the web that there are Firefox configuration entries inserted by Babylon. It was suggested that about:config be opened and "babylon" entered into the search bar to discover those entries. There were about 60 of them which I right clicked and reset.

If the mess returns, I'll report back.