Posted 07 April 2010 - 11:11 AM
I am currently pulling my hair out trying to figure out why Firefox is continuing to redirect a small percentage of the time, to advertising/fake av removal sites.
I contracted a very insidious bit of malware 2 days ago and have been trying to clean my machine ever since. I have followed some instructions present on this site with some success as I have gotten rid of several trojans and viruses using Malwarebytes and various other tools.
At one point, all browsers were exhibiting the redirect issue, but after cleaning several trojans it is now just Firefox that does it. I think it is similar to the XUL overlay issue but I have not been able to find any extensions that would include it, nor any overlay XUL files that appear problematic.
In frustration, I uninstalled Firefox completely. Removed all registry entries containing 'firefox' as well as any folders I could think of (by memory, so apologies for incorrect paths)
Program Files/Mozilla Firefox
Documents and Settings/My User/Local Settings/Application Data/Mozilla/Firefox
Documents and Settings/My User/Application Data/Mozilla/Firefox
There was an extensions directory that it would not allow me to delete, so I booted into recovery mode and deleted it. I then reinstalled Firefox and the issue persists.
I have used the following tools without success:
ComboFix.exe (to fix the original malware issues, worked quite well)
Hitman Pro 3.5
Trend Micro - Housecall
McCafee Root Detective
I have also used Hijack This extensively to try to determine if there is a trojan that is manipulating the extensions or something, but I have yet to find anything.
Please let me know what additional information you need to diagnose the issue. I really appreciate any and all help I can get with this.