Firefox has been hijacked, HELP!

I did some digging around and this looks pretty bad. It falls into the “rootkit” category. Apparently Hitman Pro will fix this.

A rootkit is really bad. Just because you removed it they might still have your passwords and shit. It would be a good time to change all your passwords. If it was me I would back up all my stuff and reinstall Windows. But I am paranoid.

Thanks Ryan.

I’m having the same trouble as metadog.

Damn, I installed Hitman, ran it, deleted all the malware it found, and it didn’t work.

Would you please provide the following information?

What do you mean by “my Google page”? (Please provide a URL, if possible. Perhaps leave off the “http://” so the link isn’t live.) Is it your iGoogle page (http://www.google.com/ig), or perhaps a ‘blog? If so, have you added any widgets/gadgets/whatsits recently?

Do you have this problem when viewing http://www.google.com/ in Firefox?

Do you have this problem when JavaScript is disabled?

Do you have this problem with any other browser on the same computer?

Do you have this problem when using a different computer?

Thanks.

This happened once, and my solution was re-installing Windows. A month later, I threw my hands up and bought a Mac.

@Dan337 He probably means that he types in google.com directly to the address bar, and it gets redirected to the malware page. This is caused by a virus on the computer. The browser is fine. If he were to try it on a different computer on the same network, it would probably work just fine also.

I’m having problems with my firefox browser too…. so I’m glad you asked this… I’m trying Hitman now.

By “my google page,” I mean the default Google page that Firefox loads after a fresh install.

http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

When I type in google.com, I get redirected immediately to:

http://fileinxt.com/?dn=cars4all.biz&fp=OwPS%2FJXcwmPmNeMQOHj0%2BnEKduuBVoSB2tfjBRom7qkpH2h29SQwO4fNyYd2EpIjB7m7l4fLQrPPJ8%2BKkRrTNg%3D%3D&prvtof=a%2FqGzgHnKQOnHRrvq%2F1BKzXLR6SaynThM1KR8eVWLre2HeUl%2FL7g9COsaR%2Bn0XBg&poru=3WT5RSn1cStfk2j6qzIXm%2FQr%2B7pRZrFWMx4%2BhWdWLtgLLJkqe7kTeewtp0bMzvhvxsWyvoXnDdFDrZ2YYzasbSoEpWJ8Q%2BbaKX5VsQM0wBk%3D&cifr=1&flrdr=yes&nxte=js

No, I do not appear to have the problem when JavaScript is disabled.

No problems with Chrome or IE

No problems on other computers.

Thanks!

I don’t seem to have the problem either when JavaScript is disabled.

Thanks, Metadog. (Sorry to ask a bunch of silly questions, but saves a lot of guessing.)

Try the instructions here:

http://forums.mozillazine.org/viewtopic.php?f=38&t=1858685&p=9195115#p9195115

I’m sorry I don’t have more time to give more details, but I think that should set things right. (Please let us know either way, or if you run into any trouble.)

It appears to be a fake, hidden Firefox add-on, probably installed by the malware you already removed with Malwarebytes and Spybot S&D. Once you’ve manually removed it, it shouldn’t come back (unless you get infected again).

Malwarebytes and Spybot S&D will hopefully soon update their databases to include this. (As you probably know, one should always be sure to get database updates before running scans. Some malware blocks this, so one might have to scan multiple times.)

In the future, please also use Spybot’s “immunize” feature once a month or so—it’s very good at blocking browser exploits. When I have to use Windows, I also like to run SpywareBlaster

http://javacoolsoftware.com/spywareblaster.html

which provides similar, passive protection. (They work great together.)

If you’re really in the mood to install more software, grab the WOT (Web-of-Trust) Safe Browsing Tool Firefox add-on

https://addons.mozilla.org/en-US/firefox/addon/3456/
http://mywot.com/

which warns you before you visit many harmful sites, and SpywareGuard

http://javacoolsoftware.com/spywareguard.html

which augments SpywareBlaster with a (small) running process that actively blocks anything that still gets through. (Spybot’s immunization and SpywareBlaster, by contrast, work passively, without running any extra processes.)