Question

This thread was archived. Please ask a new question if you need help.

Search hijack by conduit (/questions/968030/)

3 ردود
2 have this problem
8 views
آخر ردّ كتبه bogie71

10 years ago

bogie71

5‏/3‏/2014، 1:01 م

http://websearch.searchsun.info/?idate=84AObsP%2BkndxN89%2FXZLuxPPshTFO5K%2FC&reloaded=1

!!!WARNING!!!.... The above link is an malware link that hijacked firefox that is a new search engine when i open a new tab. I cant run mbam anymore so tried a new malware/virus remover from spychecker.com. The above scan found some threats but did not permanently remove the threat.

http://websearch.searchsun.info/?idate=84AObsP%2BkndxN89%2FXZLuxPPshTFO5K%2FC&reloaded=1 !!!WARNING!!!.... The above link is an malware link that hijacked firefox that is a new search engine when i open a new tab. I cant run mbam anymore so tried a new malware/virus remover from spychecker.com. The above scan found some threats but did not permanently remove the threat.

Modified 5 مارس 2014، 1:54:57 م -0800 by cor-el

Answer 1 · 2014-03-05 13:01:53

Chandan_Baba

5‏/3‏/2014، 1:21 م

Oki..... right !! So do you try to remove the search engine from your control panel !!this is one of last thing if you can't succeed in others way.But before that you can also try to reset Firefox !!Goto help>Restart with add-ons disable>Reset Firefox. hope you found solution!!

Answer 2 · 2014-03-05 13:01:53

cor-el

Moderator
Top 10 Contributor

5‏/3‏/2014، 1:26 م

You can check for recently installed suspicious or unknown extensions.

Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).

Do NOT click the Reset button on the Safe Mode start window.

Your System Details List shows that you have a user.js file in the profile folder to initialize some prefs each time you start Firefox.

The user.js file is only present if you or other software has created it, so normally it wouldn't be there. You can check its content with a plain text editor if you didn't create this file yourself.

The user.js file is read each time you start Firefox and initializes preferences to the value specified in this file, so preferences set via user.js can only be changed temporarily for the current session.

Delete a possible user.js file and numbered prefs-##.js files and rename (or delete) the prefs.js file to reset all prefs to the default value including prefs set via user.js and prefs that are no longer supported in the current Firefox release.

You can use this button to go to the Firefox profile folder:

Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
http://kb.mozillazine.org/Profile_folder_-_Firefox

You can check in "Windows Control Panel > Programs" for recently installed programs to see if anything from Conduit or any other suspicious software shows up.

Control Panel > Programs > Programs and Features > Uninstall or change a program
Click the Installed column to sort by this heading

Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.
All these programs have free versions.

Make sure that you update each program to get the latest version of their databases before doing a scan.

Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
SuperAntispyware:
http://www.superantispyware.com/
Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx
Windows Defender: Home Page:
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html
Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan

You can also do a check for a rootkit infection with TDSSKiller.

Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446

See also:

"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

You can check for recently installed suspicious or unknown extensions. Start Firefox in [[Safe Mode|Safe Mode]] to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance). *Do NOT click the Reset button on the Safe Mode start window. *https://support.mozilla.org/kb/Safe+Mode *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes ---- Your System Details List shows that you have a user.js file in the profile folder to initialize some prefs each time you start Firefox. The user.js file is only present if you or other software has created it, so normally it wouldn't be there. You can check its content with a plain text editor if you didn't create this file yourself. The user.js file is read each time you start Firefox and initializes preferences to the value specified in this file, so preferences set via user.js can only be changed temporarily for the current session. Delete a possible user.js file and numbered prefs-##.js files and rename (or delete) the prefs.js file to reset all prefs to the default value including prefs set via user.js and prefs that are no longer supported in the current Firefox release. You can use this button to go to the Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox ---- You can check in "Windows Control Panel > Programs" for recently installed programs to see if anything from Conduit or any other suspicious software shows up. *Control Panel > Programs > Programs and Features > Uninstall or change a program *Click the Installed column to sort by this heading Do a malware check with several malware scanning programs on the Windows computer. Please scan with all programs because each program detects different malware. All these programs have free versions. Make sure that you update each program to get the latest version of their databases before doing a scan. *Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php *AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml *SuperAntispyware: http://www.superantispyware.com/ *Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx *Windows Defender: Home Page: http://www.microsoft.com/windows/products/winfamily/defender/default.mspx *Spybot Search & Destroy: http://www.safer-networking.org/en/index.html *Kasperky Free Security Scan: http://www.kaspersky.com/security-scan You can also do a check for a rootkit infection with TDSSKiller. *Anti-rootkit utility TDSSKiller: http://support.kaspersky.com/5350?el=88446 See also: *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

Modified 5 مارس 2014، 1:27:46 م -0800 by cor-el

Answer 3 · 2014-03-05 13:01:53

bogie71 صاحب السؤال

5‏/3‏/2014، 1:54 م

Thanks Corel, I have attached the current report of FireFox status as follows;

Crash Reports for the Last 3 Days
---------------------------------
All Crash Reports (including 1 pending crash in the given time range)
Extensions
----------
Name: Adblock Plus
Pop-up Addon
Version: 0.9.1
Enabled: true
ID: 
adblockpopups@jessehakanen.net
Name: NexxtCoup
Version: 1.0
Enabled: true
ID: 9riarpg2tby@u-rfbxgs.co.uk
Name: Search-NewTAb
Version: 2.1
Enabled: true
ID: 
zg8_r@wpbkvuiaajvc.com
Name: Troubleshooter
Version: 1.1a
Enabled: true
ID: 
troubleshooter@mozilla.org
Name: websave
Version: 3.7
Enabled: true
ID: td-ouoa@mtg-npvoe.org
Name: YoutubeAdblocker
Version: 1.0
Enabled: true
ID: iy2.ayea@tdoi-rkvzco.net
Important Modified 
Preferences
------------------------------
browser.cache.disk.capacity: 358400
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.cache.disk.smart_size_cached_value: 358400
browser.places.smartBookmarksVersion: 4
browser.privatebrowsing.autostart: true
browser.search.useDBForOrder: true
browser.sessionstore.upgradeBackup.latestBuildID: 20140212131424
browser.startup.homepage: www.google.com
browser.startup.homepage_override.buildID: 20140212131424
browser.startup.homepage_override.mstone: 27.0.1
dom.mozApps.used: true
extensions.lastAppVersion: 27.0.1
gfx.direct3d.last_used_feature_level_idx: 0
network.cookie.prefsMigrated: true
places.database.lastMaintenance: 1394059089
places.history.enabled: false
places.history.expiration.transient_current_max_pages: 104858
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
privacy.cpd.offlineApps: true
privacy.cpd.siteSettings: true
privacy.sanitize.migrateFx3Prefs: true
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1393825350
user.js Preferences
-------------------
Your profile folder contains a user.js file, which includes preferences that were not created by 
Firefox.
Graphics
--------
Adapter Description: Intel(R) HD Graphics 3000
Adapter Drivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32 
Adapter RAM: Unknown
Device ID: 0x0126
Direct2D Enabled: true
DirectWrite Enabled: true (6.2.9200.16571)
Driver Date: 1-29-2014
Driver Version: 9.17.10.3347
GPU #2 Active: false
GPU Accelerated Windows: 1/1 Direct3D 10
Vendor ID: 0x8086
WebGL Renderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 3000 Direct3D9Ex vs_3_0 ps_3_0)
windowLayerManagerRemote: false
AzureCanvasBackend: direct2d
AzureContentBackend: direct2d
AzureFallbackCanvasBackend: cairo
AzureSkiaAccelerated: 0
JavaScript
----------
Incremental GC: true
Accessibility
-------------
Activated: false
Prevent Accessibility: 0
Library Versions
----------------
NSPR
Expected minimum version: 4.10.2
Version in use: 4.10.2
NSS
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSSMIME
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSSSL
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSUTIL
Expected minimum version: 3.15.4
Version in use: 3.15.4

Thanks for the input, I collected this info without going into safe mode.

Thanks Corel, I have attached the current report of FireFox status as follows; <pre><nowiki>Crash Reports for the Last 3 Days --------------------------------- All Crash Reports (including 1 pending crash in the given time range) Extensions ---------- Name: Adblock Plus Pop-up Addon Version: 0.9.1 Enabled: true ID: adblockpopups@jessehakanen.net Name: NexxtCoup Version: 1.0 Enabled: true ID: 9riarpg2tby@u-rfbxgs.co.uk Name: Search-NewTAb Version: 2.1 Enabled: true ID: zg8_r@wpbkvuiaajvc.com Name: Troubleshooter Version: 1.1a Enabled: true ID: troubleshooter@mozilla.org Name: websave Version: 3.7 Enabled: true ID: td-ouoa@mtg-npvoe.org Name: YoutubeAdblocker Version: 1.0 Enabled: true ID: iy2.ayea@tdoi-rkvzco.net Important Modified Preferences ------------------------------ browser.cache.disk.capacity: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.cache.disk.smart_size_cached_value: 358400 browser.places.smartBookmarksVersion: 4 browser.privatebrowsing.autostart: true browser.search.useDBForOrder: true browser.sessionstore.upgradeBackup.latestBuildID: 20140212131424 browser.startup.homepage: www.google.com browser.startup.homepage_override.buildID: 20140212131424 browser.startup.homepage_override.mstone: 27.0.1 dom.mozApps.used: true extensions.lastAppVersion: 27.0.1 gfx.direct3d.last_used_feature_level_idx: 0 network.cookie.prefsMigrated: true places.database.lastMaintenance: 1394059089 places.history.enabled: false places.history.expiration.transient_current_max_pages: 104858 plugin.disable_full_page_plugin_for_types: application/pdf plugin.importedState: true privacy.cpd.offlineApps: true privacy.cpd.siteSettings: true privacy.sanitize.migrateFx3Prefs: true storage.vacuum.last.index: 1 storage.vacuum.last.places.sqlite: 1393825350 user.js Preferences ------------------- Your profile folder contains a user.js file, which includes preferences that were not created by Firefox. Graphics -------- Adapter Description: Intel(R) HD Graphics 3000 Adapter Drivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32 Adapter RAM: Unknown Device ID: 0x0126 Direct2D Enabled: true DirectWrite Enabled: true (6.2.9200.16571) Driver Date: 1-29-2014 Driver Version: 9.17.10.3347 GPU #2 Active: false GPU Accelerated Windows: 1/1 Direct3D 10 Vendor ID: 0x8086 WebGL Renderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 3000 Direct3D9Ex vs_3_0 ps_3_0) windowLayerManagerRemote: false AzureCanvasBackend: direct2d AzureContentBackend: direct2d AzureFallbackCanvasBackend: cairo AzureSkiaAccelerated: 0 JavaScript ---------- Incremental GC: true Accessibility ------------- Activated: false Prevent Accessibility: 0 Library Versions ---------------- NSPR Expected minimum version: 4.10.2 Version in use: 4.10.2 NSS Expected minimum version: 3.15.4 Basic ECC Version in use: 3.15.4 Basic ECC NSSSMIME Expected minimum version: 3.15.4 Basic ECC Version in use: 3.15.4 Basic ECC NSSSSL Expected minimum version: 3.15.4 Basic ECC Version in use: 3.15.4 Basic ECC NSSUTIL Expected minimum version: 3.15.4 Version in use: 3.15.4</nowiki></pre> Thanks for the input, I collected this info without going into safe mode.

Modified 6 مارس 2014، 11:36:01 ص -0800 by cor-el

ابحث في الدعم

Search hijack by conduit (/questions/968030/)

All Replies (3)

اطرح سؤالا

Explore Our Help Articles

Mozilla Account

ابحث في الدعم

Search hijack by conduit (/questions/968030/)

All Replies (3)