Trojan uses aggressive techniques, including blocking access to security sites, to deliver an adware bundler. Trojan changes DNS settings of infected system so it wont be able to reach any security vendors sites. Trojan also adds a certificate to the set of Windows Root certificates. Malwarebytes: Trojan is delivered on systems by a bundler that is detected by Malwarebyte as Trojan.IStartSurf. The malware also makes a change in the Firefox user.js file and sets the security.enterprise_roots.enabled setting to true.”]
Source: https://blog.malwarebytes.com/trojans/2019/07/extenbro-a-new-dns-changer-trojan-protecting-adware/