Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Search Result Hijack


  • Please log in to reply
1 reply to this topic

#1 Patrick Gerzanics

Patrick Gerzanics

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 07 April 2010 - 11:11 AM

Hello,

I am currently pulling my hair out trying to figure out why Firefox is continuing to redirect a small percentage of the time, to advertising/fake av removal sites.

I contracted a very insidious bit of malware 2 days ago and have been trying to clean my machine ever since. I have followed some instructions present on this site with some success as I have gotten rid of several trojans and viruses using Malwarebytes and various other tools.

At one point, all browsers were exhibiting the redirect issue, but after cleaning several trojans it is now just Firefox that does it. I think it is similar to the XUL overlay issue but I have not been able to find any extensions that would include it, nor any overlay XUL files that appear problematic.

In frustration, I uninstalled Firefox completely. Removed all registry entries containing 'firefox' as well as any folders I could think of (by memory, so apologies for incorrect paths)

Program Files/Mozilla Firefox
Documents and Settings/My User/Local Settings/Application Data/Mozilla/Firefox
Documents and Settings/My User/Application Data/Mozilla/Firefox

There was an extensions directory that it would not allow me to delete, so I booted into recovery mode and deleted it. I then reinstalled Firefox and the issue persists.

I have used the following tools without success:

Gooredfix.exe
ComboFix.exe (to fix the original malware issues, worked quite well)
Malwarebytes
Ad Aware
Hitman Pro 3.5
AVG
Trend Micro - Housecall
McCafee Root Detective

I have also used Hijack This extensively to try to determine if there is a trojan that is manipulating the extensions or something, but I have yet to find anything.

Please let me know what additional information you need to diagnose the issue. I really appreciate any and all help I can get with this.

Thanks!

-Patrick

BC AdBot (Login to Remove)

 


#2 Patrick Gerzanics

Patrick Gerzanics
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 07 April 2010 - 11:56 AM

I just realized that I forgot to include version specifics in my frustration. Apologies.

Windows XP SP3
Firefox 3.6.3 - Just downloaded last night

Latest version of all tools referenced as I just installed them. I was using Clamwin and Ad Aware for years before this particular malware decided to make life interesting.

Edited by Patrick Gerzanics, 07 April 2010 - 11:57 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users