ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Search hijack by conduit (/questions/968030/)

  • 3 ردود
  • 2 have this problem
  • 26 views
  • آخر ردّ كتبه bogie71

more options

http://websearch.searchsun.info/?idate=84AObsP%2BkndxN89%2FXZLuxPPshTFO5K%2FC&reloaded=1

!!!WARNING!!!.... The above link is an malware link that hijacked firefox that is a new search engine when i open a new tab. I cant run mbam anymore so tried a new malware/virus remover from spychecker.com. The above scan found some threats but did not permanently remove the threat.

Modified by cor-el

All Replies (3)

more options

Oki..... right !! So do you try to remove the search engine from your control panel !!this is one of last thing if you can't succeed in others way.But before that you can also try to reset Firefox !!Goto help>Restart with add-ons disable>Reset Firefox. hope you found solution!!

more options

You can check for recently installed suspicious or unknown extensions.

Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).

  • Do NOT click the Reset button on the Safe Mode start window.

Your System Details List shows that you have a user.js file in the profile folder to initialize some prefs each time you start Firefox.

The user.js file is only present if you or other software has created it, so normally it wouldn't be there. You can check its content with a plain text editor if you didn't create this file yourself.

The user.js file is read each time you start Firefox and initializes preferences to the value specified in this file, so preferences set via user.js can only be changed temporarily for the current session.

Delete a possible user.js file and numbered prefs-##.js files and rename (or delete) the prefs.js file to reset all prefs to the default value including prefs set via user.js and prefs that are no longer supported in the current Firefox release.

You can use this button to go to the Firefox profile folder:


You can check in "Windows Control Panel > Programs" for recently installed programs to see if anything from Conduit or any other suspicious software shows up.

  • Control Panel > Programs > Programs and Features > Uninstall or change a program
  • Click the Installed column to sort by this heading

Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.
All these programs have free versions.

Make sure that you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

Modified by cor-el

more options

Thanks Corel, I have attached the current report of FireFox status as follows;

Crash Reports for the Last 3 Days
---------------------------------
All Crash Reports (including 1 pending crash in the given time range)
Extensions
----------
Name: Adblock Plus
Pop-up Addon
Version: 0.9.1
Enabled: true
ID: 
adblockpopups@jessehakanen.net
Name: NexxtCoup
Version: 1.0
Enabled: true
ID: 9riarpg2tby@u-rfbxgs.co.uk
Name: Search-NewTAb
Version: 2.1
Enabled: true
ID: 
zg8_r@wpbkvuiaajvc.com
Name: Troubleshooter
Version: 1.1a
Enabled: true
ID: 
troubleshooter@mozilla.org
Name: websave
Version: 3.7
Enabled: true
ID: td-ouoa@mtg-npvoe.org
Name: YoutubeAdblocker
Version: 1.0
Enabled: true
ID: iy2.ayea@tdoi-rkvzco.net
Important Modified 
Preferences
------------------------------
browser.cache.disk.capacity: 358400
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.cache.disk.smart_size_cached_value: 358400
browser.places.smartBookmarksVersion: 4
browser.privatebrowsing.autostart: true
browser.search.useDBForOrder: true
browser.sessionstore.upgradeBackup.latestBuildID: 20140212131424
browser.startup.homepage: www.google.com
browser.startup.homepage_override.buildID: 20140212131424
browser.startup.homepage_override.mstone: 27.0.1
dom.mozApps.used: true
extensions.lastAppVersion: 27.0.1
gfx.direct3d.last_used_feature_level_idx: 0
network.cookie.prefsMigrated: true
places.database.lastMaintenance: 1394059089
places.history.enabled: false
places.history.expiration.transient_current_max_pages: 104858
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
privacy.cpd.offlineApps: true
privacy.cpd.siteSettings: true
privacy.sanitize.migrateFx3Prefs: true
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1393825350
user.js Preferences
-------------------
Your profile folder contains a user.js file, which includes preferences that were not created by 
Firefox.
Graphics
--------
Adapter Description: Intel(R) HD Graphics 3000
Adapter Drivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32 
Adapter RAM: Unknown
Device ID: 0x0126
Direct2D Enabled: true
DirectWrite Enabled: true (6.2.9200.16571)
Driver Date: 1-29-2014
Driver Version: 9.17.10.3347
GPU #2 Active: false
GPU Accelerated Windows: 1/1 Direct3D 10
Vendor ID: 0x8086
WebGL Renderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 3000 Direct3D9Ex vs_3_0 ps_3_0)
windowLayerManagerRemote: false
AzureCanvasBackend: direct2d
AzureContentBackend: direct2d
AzureFallbackCanvasBackend: cairo
AzureSkiaAccelerated: 0
JavaScript
----------
Incremental GC: true
Accessibility
-------------
Activated: false
Prevent Accessibility: 0
Library Versions
----------------
NSPR
Expected minimum version: 4.10.2
Version in use: 4.10.2
NSS
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSSMIME
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSSSL
Expected minimum version: 3.15.4 Basic 
ECC
Version in use: 3.15.4 Basic ECC
NSSUTIL
Expected minimum version: 3.15.4
Version in use: 3.15.4

Thanks for the input, I collected this info without going into safe mode.

Modified by cor-el