Recently, almost a number of 250 million users have caught or should I say have been burned by this malware called Fireball. Fireball is a malware that generates another malware, meaning this malware itself is a distributor of other harmful threats. Fireball has the ability to run any code on the user’s computer like downloading any files or another malware and can hijack and manipulate your browser to generate ads for revenue.
According to Check Point security firm, Rafotech, a Chinese digital marketing agency is the one to be blame for causing this hot mess. And that 20 percent of corporate networks are infected along with the 250 million users worldwide. They use fireball to hijack browsers for vicious purposes. As expected, Rafotech denies doing anything wrong according to Check Point. Rafotech’s main objective is to configure the users’ browsers in order to revenue from ads. It is also suspected that Rafotech has bought computer installs for Fireball from others known for their download tactics.
Fireball, if installed, allows third-parties to control the users’ browsers and change their default search engines and home pages into fake search engines that generate never-ending pop-ads. These fake search engines uses tracking pixels to gather the users’ private information. Right now, this malware installs plugins and additional configurations to boost its ads. Fireball also has the ability to spy on its victims, run any malicious codes on the infected computer and as stated, can generate even more malware and can create a large security flaw in the targeted computer and its networks.
Fireball is distributed through software and application bundles, also from Rafotech, like Deal Wifi, FVP Imageviewer, Soso Desktop, Mustang Browser, etc. That’s why it is very important for users to be cautious in downloading free software, especially bundled ones for most of these kinds of software distribution often has something suspicious attached into it.

Quick Guide in Removing Fireball:

Step 1: Reboot your computer into Safe Mode.

Step 2: Go to the Windows Task Manager by pressing Ctrl+Shift+Esc at the same time and select the Processes tab and look for any suspicious processes that might be related to Fireball.

Right-click on the files, then click Open File Location and scan them using your updated antivirus. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3: Go to Control Panel by pressing the Start key+R to launch Run and type appwiz.cpl in the search box and click OK.

Locate the suspicious program and then Uninstall. Then click the Windows button and type msconfig in the search box and hit Enter to Open System Configuration. Go to Startup and unmark items which has an unknown manufacturer.

Step 4: Open Run by pressing Start key+R and type the following:
Notepad  %windir%/system32/Drivers/etc/hosts
This file will open which will determine if you are hacked through a bunch of IP addresses at the bottom:

Open the start menu by clicking the Windows button and search for Network Connections using the search box and hit Enter.

  • Right-click on your Network Adapter, go to Properties, Internet Protocol Version 4 (ICP/IP), then click Properties.
  • The DNS line will be set to Obtain DNS server automatically.
  • Select Advanced on the DNS tab, and if there is anything there, remove it and click OK.

Step 5: Removing the threat from your browsers:

Google Chrome:


  1. Find the Google Chrome’s shortcut on your computer and Right-click and select Properties.

  1. After selecting Properties, go to Shortcut, erase everything under after .exe, and click OK.

Google Chrome Properties

  1. Close Google Chrome and Navigate to:

C:/Users/!!!!USER    NAME!!!!/AppData/Local/Google/Chrome/User Data

  1. Look for the folder named Default and rename it to Backup Default.
  2. Restart Google Chrome.


    Internet Explorer:

  1. Launch Internet Explorer and click the Settings icon and select Manage Add-ons.


  1. Look for the threat and select Disable. Go to Settings, then Internet Options and change the URL to anything you use and click Apply.

Mozilla Firefox:

  1. Launch Mozilla Firefox, click the tab labeled Firefox and select Add-ons, then Extensions.


  1. Look for the Fireball and Remove.

Step 6: Click the Windows button, type Regedit on the search box and hit Enter. Once inside, press Ctrl+F at the same time and type in the threat’s name, right-click and remove similar entries. If it doesn’t show up, check out the following directions:

  • HKEY_CURRENT_USER- -Software-Microsoft- -Windows-CurrentVersion-Run-Random
  • HKEY_CURRENT_USER- -Software-Microsoft- -Internet Explorer- -Main- -Random

If you don’t want to go through all these procedures, you seek the help of an excellent antivirus program like SpyRemover Pro. This software has a high Detection rate that can easily identify any hidden virus like a Trojan horse. Apart from its user-friendly interface, it also has a 24/7 tech support to assist you.

logo main menu

Copyright © 2023, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only. Protection Status

Log in with your credentials

Forgot your details?