Social Question

metadog's avatar

Firefox has been hijacked, HELP!

Asked by metadog (377points) October 2nd, 2010

Hi! I think I have a stubborn trojan. When I launch FF, I get my Google page. I put in any search term, then I am redirected to some crappy page:

http://www2.searchresultsdirect.com

I Have run Malwarebytes and Spybot Search and Destroy and pulled some stuff out, but there appears to be at least one left. How can I get rid of it?!?!?!

Thanks in advance for any help.
-M

Observing members: 0 Composing members: 0

9 Answers

jrpowell's avatar

I did some digging around and this looks pretty bad. It falls into the “rootkit” category. Apparently Hitman Pro will fix this.

A rootkit is really bad. Just because you removed it they might still have your passwords and shit. It would be a good time to change all your passwords. If it was me I would back up all my stuff and reinstall Windows. But I am paranoid.

Brian1946's avatar

Thanks Ryan.

I’m having the same trouble as metadog.

Brian1946's avatar

Damn, I installed Hitman, ran it, deleted all the malware it found, and it didn’t work.

Dan337's avatar

Would you please provide the following information?

What do you mean by “my Google page”? (Please provide a URL, if possible. Perhaps leave off the “http://” so the link isn’t live.) Is it your iGoogle page (http://www.google.com/ig), or perhaps a ‘blog? If so, have you added any widgets/gadgets/whatsits recently?

Do you have this problem when viewing http://www.google.com/ in Firefox?

Do you have this problem when JavaScript is disabled?

Do you have this problem with any other browser on the same computer?

Do you have this problem when using a different computer?

Thanks.

Vortico's avatar

This happened once, and my solution was re-installing Windows. A month later, I threw my hands up and bought a Mac.

@Dan337 He probably means that he types in google.com directly to the address bar, and it gets redirected to the malware page. This is caused by a virus on the computer. The browser is fine. If he were to try it on a different computer on the same network, it would probably work just fine also.

cazzie's avatar

I’m having problems with my firefox browser too…. so I’m glad you asked this… I’m trying Hitman now.

Brian1946's avatar

I don’t seem to have the problem either when JavaScript is disabled.

Dan337's avatar

Thanks, Metadog. (Sorry to ask a bunch of silly questions, but saves a lot of guessing.)

Try the instructions here:

http://forums.mozillazine.org/viewtopic.php?f=38&t=1858685&p=9195115#p9195115

I’m sorry I don’t have more time to give more details, but I think that should set things right. (Please let us know either way, or if you run into any trouble.)

It appears to be a fake, hidden Firefox add-on, probably installed by the malware you already removed with Malwarebytes and Spybot S&D. Once you’ve manually removed it, it shouldn’t come back (unless you get infected again).

Malwarebytes and Spybot S&D will hopefully soon update their databases to include this. (As you probably know, one should always be sure to get database updates before running scans. Some malware blocks this, so one might have to scan multiple times.)

In the future, please also use Spybot’s “immunize” feature once a month or so—it’s very good at blocking browser exploits. When I have to use Windows, I also like to run SpywareBlaster

http://javacoolsoftware.com/spywareblaster.html

which provides similar, passive protection. (They work great together.)

If you’re really in the mood to install more software, grab the WOT (Web-of-Trust) Safe Browsing Tool Firefox add-on

https://addons.mozilla.org/en-US/firefox/addon/3456/
http://mywot.com/

which warns you before you visit many harmful sites, and SpywareGuard

http://javacoolsoftware.com/spywareguard.html

which augments SpywareBlaster with a (small) running process that actively blocks anything that still gets through. (Spybot’s immunization and SpywareBlaster, by contrast, work passively, without running any extra processes.)

Answer this question

Login

or

Join

to answer.
Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther