Passive hijacking still taking place (v48)
I try to open a page, but the cursor does not change from pointer to hand when mousing over a link, which makes me suspicious... the suspicion is confirmed if I just click it anyway, as it opens a new window, usually with some phony ad saying I NEED to download some alleged security fix.
I don't have a lot of different security screening products here, but I do have the latest Malwarebytes, and have run it through at least three times in the last two days, the most recent coming through cleanly. The HKCU\Software key in the registry shows a bunch of suspicious keys (all literal strings) I'm not sure should be there:
TM with value "0106" U_DT, "20160615" U_SDT, null string U_TM, "0106" and U_VER, "3.21"
There's nothing out-of-the-ordinary in either the Run or RunOnce keys under ...\Windows\CurrentVersion.
I'll delete the above values and see if it solves anything.
dL
الحل المُختار
Turns out the problem was occurring in BOTH FF and IE.
For jscher2000: A couple of the sites mentioned phony 'patches', but I have also seen ones about the whole Windows system being polluted, and asking me to call someone about a 'cleaning,' and ones that are just cheesy sites with content aimed at preteen girls. I have all auto-downloads blocked, so nothing gets pumped onto this system regardless.
I've refreshed FF and reset IE, and placed the three or four site domains involved found in FF's history in restricted zone under internet options, and for now it's keeping away the baddies.
I'll pick up the other 'cleaning' products mentioned in the article FredMcD offered and make sure everything's OK.
dL
Read this answer in context 👍 0All Replies (3)
You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
Is the ad referring to a Firefox update or patch? There are a lot of phishing pages promoting malware as a Firefox patch and pushing a .js file or a .exe file. Definitely not safe.
Or is it some other kind of software?
Could you test in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.
If Firefox is not running: Hold down the Shift key when starting Firefox.
If Firefox is running: You can restart Firefox in Safe Mode using either:
- "3-bar" menu button > "?" button > Restart with Add-ons Disabled
- Help menu > Restart with Add-ons Disabled
and OK the restart.
Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).
Any improvement?
الحل المُختار
Turns out the problem was occurring in BOTH FF and IE.
For jscher2000: A couple of the sites mentioned phony 'patches', but I have also seen ones about the whole Windows system being polluted, and asking me to call someone about a 'cleaning,' and ones that are just cheesy sites with content aimed at preteen girls. I have all auto-downloads blocked, so nothing gets pumped onto this system regardless.
I've refreshed FF and reset IE, and placed the three or four site domains involved found in FF's history in restricted zone under internet options, and for now it's keeping away the baddies.
I'll pick up the other 'cleaning' products mentioned in the article FredMcD offered and make sure everything's OK.
dL