How to block Firefox access internet through VPN

Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

How to block firefox access internet through VPN connection before I find a way kill the malware.
Snowy CanadaNetwork AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Snowy,

Malware even if originally infected a particular browser will still use ports for send back home if that is the nature of its purpose. So since you don't know the nature of the infection nor the family, etc. I would strongly advise you against logging into your company network where you may spread the infection. As a rule of thumb when you get an infection you want to quarantine and isolate the device not connect it to another network.

First, let's identify the infection, if any, then remediate it. Otherwise, it is an effort in futility. Download & run the following:

Run each of them independently (not at the same time) and save the results. When you download all of them use the Save Target/Link As and rename them to random names – many infections will look for typical download files and infect them upon download.

What is the model of your SonicWALL?
Do you have a AGSS or CGSS active license?
What are you running for endpoint security?

If you are infected please note you can sanitize/eliminate the infection/s but once a machine is infected, the only way to truly purify it or make it whole again is to wipe it with a single pass of 0x00, reformat it, and reload the OS. Otherwise, it is much like a terminate or wood beetle, once they are dead the tracks they left (or the holes) are still there for the next hosts to take advantage of/access. They are not causing any new damage but the damage they have done and the vulnerabilities left are there for the taking.

Let me know how it goes and what they find!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Snowy CanadaNetwork AdministratorAuthor Commented:
Thank you for quick answer. I have Malwarebytes, found nothing. I will try other tools and let you know the result.
Blue Street TechLast KnightCommented:
You're welcome!

Make sure MBAM's signatures are current too - IKIO but you'd be surprised!

Are you using All Tunnel Mode in the VPN?

4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
Did you make sure the proxy settings were not reverted? Why do you have a proxy setup - is it free or is it provided by your company? Many free proxy clients are riddled with malware.

5. Computer found unnormal login script error message, seems has malware in it.
Can you post the exact error/msg. I need clarification on this aspect.

P.S. I updated my last post. Please refresh your browser to view. Thanks!
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

I cannot see the reason that Firefox can be affected only by the VPN and that malware is the reason. I think that your Firefox is taking the VPN as a gateway and internet is running slower because of the traffic distance, speed limitation, DNS resolving...
Can you check the settings (sorry I am not using Firefox, so I do not know it in deep) if you can force Firefox to use your WAN as a browsing gateway and use your local DNS (for test purposes you can try setting DNS manually)?
Blue Street TechLast KnightCommented:
How's it going? How did the scans pan out...anything I can help with?
5. Computer found unnormal login script error message, seems has malware in it.
Could you please tell more about this?

Assuming this problem is with exactly one computer, have you checked for any strange extensions? Or if you have some sort of web filter at the office, have you checked for any strange places that computer is contacting?
Snowy CanadaNetwork AdministratorAuthor Commented:
I checked extensions, all is normal, also checked web filter at office, nothing wrong. Anyway, I solved the problem by restore system by the image. The problem should be from desktop. Thank you all for the solutions.
Blue Street TechLast KnightCommented:
I'm glad you got it taken care of. Just a tip...restoring doesn't prevent the vulnerability or the attack from happening again! I'd investigate into the how a bit more when you have the time.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.