X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Can't remove plugin. Malware. I can disable it, but there's no option to remove.

Veröffentlicht

A friend of mine accidentally installed something he shouldn't have which installed a plugin in Firefox called "Information Vine". The offending app is gone but the plugin remains.

The result of the addon was that it redirected every Google search to their own website (type something into Google... no "common phrase" dropdown... and it takes you to the malware's host website to display links to advertisers masquerading as Google search results.) And any installed adware/malware removal app already installed on his computer refuses to run (forcing me to install new software, which neither sees nor detects the malware.) His Avast Antivirus likewise does not detect the plugin.

Disabling the plugin solved the issue of redirecting his Google searches, but I can not find a way to *remove* the plugin itself. I've tried going thru his plugin folder (in his User\Profile directory), removing anything suspicious in his Registry that might be related, and even "HiJackThis" doesn't detect the plugin (even if I re-enable it.)

I'm stumped. How do I delete a plugin that can't be removed by conventional means? I've tried every answer found on Google but nothing works.

TIA

PS: Before anyone suggests it, I also already tried obtaining the path to the plugin via "about:plugins", found the folder and deleted it, yet it's still there.

A friend of mine accidentally installed something he shouldn't have which installed a plugin in Firefox called "Information Vine". The offending app is gone but the plugin remains. The result of the addon was that it redirected every Google search to their own website (type something into Google... no "common phrase" dropdown... and it takes you to the malware's host website to display links to advertisers masquerading as Google search results.) And any installed adware/malware removal app already installed on his computer refuses to run (forcing me to install new software, which neither sees nor detects the malware.) His Avast Antivirus likewise does not detect the plugin. Disabling the plugin solved the issue of redirecting his Google searches, but I can not find a way to *remove* the plugin itself. I've tried going thru his plugin folder (in his User\Profile directory), removing anything suspicious in his Registry that might be related, and even "HiJackThis" doesn't detect the plugin (even if I re-enable it.) I'm stumped. How do I delete a plugin that can't be removed by conventional means? I've tried every answer found on Google but nothing works. TIA PS: Before anyone suggests it, I also already tried obtaining the path to the plugin via "about:plugins", found the folder and deleted it, yet it's still there.

Geändert am von Mugsy

Ausgewählte Lösung

I contacted my friend last night and provided him with instructions on how to reenable the plugin, take a screenshot, and email it back to me.

He called back to say that after reenabling the plugin, the problem did not return and all is now fine. I had spent about an hour on his computer the day before deleting suspicious software and hand-deleting suspicious Registry entries (all Chinese characters), but never rechecked to see if I had fixed his issue. It appears now I had.

I even tried to visit "VineInformation.com" myself from home but the URL no longer exists. Ugh!

I don't like not knowing what happened, but ces't la vie.

Thanks all.

Diese Antwort im Kontext lesen 0

Mehr Details zum System

Installierte Plugins

  • Shockwave Flash 32.0 r0

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Weitere Informationen

FredMcD
  • Top 10 Contributor
4267 Lösungen 59840 Antworten
Veröffentlicht

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.


If you still have the redirect problem, Type about:support in the address bar and press Enter. Under the main banner, press the button; Copy Text To Clipboard.. Now in the Reply Box on the forum page, do a right-click in the box and select Paste.

This will show us your system details. No Personal Information Is Collected.

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up. -------------- If you still have the redirect problem, Type '''about:support''' in the address bar and press '''Enter.''' Under the main banner, press the button; '''Copy Text To Clipboard.'''. Now in the Reply Box on the forum page, do a right-click in the box and select '''Paste.''' This will show us your system details. '''No Personal Information Is Collected.'''
Veröffentlicht

Fragesteller

Thanks for the reply. I've uploaded my friend's browser data (saved to a text file) here .

The offending app appears in the data as "WideVine". The app was removed and the plugin disabled, but the references are still there.

TIA

Thanks for the reply. I've uploaded my friend's browser data (saved to a text file) [https://1drv.ms/u/s!Ao-enUp7fI728VeSshwvAGr1vFNl here] . The offending app appears in the data as "WideVine". The app was removed and the plugin disabled, but the references are still there. TIA
FredMcD
  • Top 10 Contributor
4267 Lösungen 59840 Antworten
Veröffentlicht

Mugsy said

This application has not been configured to display crash reports.

Type about:preferences#advanced<enter> in the address bar. Select Data Choices. Turn on Enable Crash Reporter.

Note: For Firefox 56+ its; about:preferences#privacy Under Firefox Data Collection turn on Allow Firefox To Send Crash Reports.

''Mugsy [[#answer-1200557|said]]'' <blockquote> This application has not been configured to display crash reports. </blockquote> Type '''about:preferences#advanced'''<enter> in the address bar. Select '''Data Choices. ''' Turn on '''Enable Crash Reporter. ''' Note: For Firefox 56+ its; '''about:preferences#privacy''' Under '''Firefox Data Collection''' turn on '''Allow Firefox To Send Crash Reports. '''
FredMcD
  • Top 10 Contributor
4267 Lösungen 59840 Antworten
Veröffentlicht

Did you run the mal-scanners?

Mugsy said

. . . . it redirected every Google search . . .

Type about:preferences#search<enter> in the address bar. You can select any search engine to be your default from here.

You can also remove an engine from here.

Did you run the mal-scanners? ''Mugsy [[#question-1251453|said]]'' <blockquote> . . . . it redirected every Google search . . . </blockquote> Type '''about:preferences#search'''<enter> in the address bar. You can select any search engine to be your default from here. You can also remove an engine from here.
Veröffentlicht

Fragesteller

Thanks for the reply.

His browser is not crashing, and I have run numerous malware/adware scans. I am simply trying to remove the now-disabled offending plugin from his system.

As noted, his "Avast AV" did not detect a problem, nor did "HiJackThis" detect the BHO. Another AdWare detector called "Exterminate It" detected a couple of apps it identified as AdWare, but they were old & unrelated to his current issue. I removed them anyway.

Also, as noted, when the plugin is disabled, he is able to search normally using Google once again (which he visits via the URL, not the FF search bar.)

PS: This is FF Quantum v65.

Thanks for the reply. His browser is not crashing, and I have run numerous malware/adware scans. I am simply trying to remove the now-disabled offending plugin from his system. As noted, his "Avast AV" did not detect a problem, nor did "HiJackThis" detect the BHO. Another AdWare detector called "Exterminate It" detected a couple of apps it identified as AdWare, but they were old & unrelated to his current issue. I removed them anyway. Also, as noted, when the plugin is disabled, he is able to search normally using Google once again (which he visits via the URL, not the FF search bar.) PS: This is FF Quantum v65.

Geändert am von Mugsy

McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Hello Mugsy,

Just in case you'd like some info about the WideVine plugin :

https://support.mozilla.org/en-US/kb/enable-drm

And please see FredMcD's post (Chosen Solution) and my post in this thread :

https://support.mozilla.org/en-US/questions/1247772

Hello Mugsy, Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm And please see FredMcD's post (Chosen Solution) and my post in this thread : https://support.mozilla.org/en-US/questions/1247772
Veröffentlicht

Fragesteller

Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done.

Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done.
McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Mugsy said

Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done.

How about :

  • The article about the WideVine plugin?
  • My post in that thread  ?
''Mugsy [[#answer-1200604|said]]'' <blockquote> Thanks for the reply, but I've already seen that post and it provides no helpful information other than to suggest performing a MalWare scan, which I have already done. </blockquote> How about : * The article about the WideVine plugin? * My post in that thread ?
Veröffentlicht

Fragesteller

I have already removed the WideVine app yet the plugin remains.

I had already seen those posts prior to posting and they did not resolve the problem.

I have already removed the WideVine app yet the plugin remains. I had already seen those posts prior to posting and they did not resolve the problem.
McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Mugsy said

I have already removed the WideVine app yet the plugin remains.

The WideVine plugin is built-in and can't be removed. To disable it you can set it to 'Never Activate' (hence I gave you a link to that article about WideVine).

''Mugsy [[#answer-1200611|said]]'' <blockquote> I have already removed the WideVine app yet the plugin remains. </blockquote> The WideVine plugin is built-in and can't be removed. To disable it you can set it to 'Never Activate' (hence I gave you a link to that article about WideVine).
Veröffentlicht

Fragesteller

As stated in my initial post, I have already disabled the plugin.

I wish to remove it. It is malware and has no business being present at all.

As stated in my initial post, I have already disabled the plugin. I wish to remove it. It is malware and has no business being present at all.
McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Mugsy said

As stated in my initial post, I have already disabled the plugin. I wish to remove it. It is malware and has no business being present at all.

The WideVine plugin is not malware. And, like I said before, you can't remove it, just disable it, like you have already done.

What you menioned in your original post ('Information Vine') is not the same thing as the WideVine plugin - hence I asked you to take a look at my post in that other thread.

I can't tell you what you want to hear - maybe somebody else can (sorry .... )

''Mugsy [[#answer-1200625|said]]'' <blockquote> As stated in my initial post, I have already disabled the plugin. I wish to remove it. It is malware and has no business being present at all. </blockquote> The WideVine plugin is not malware. And, like I said before, you can't remove it, just disable it, like you have already done. What you menioned in your original post ('Information Vine') is not the same thing as the WideVine plugin - hence I asked you to take a look at my post in that other thread. I can't tell you what you want to hear - maybe somebody else can (sorry .... )
Veröffentlicht

Fragesteller

My friend informed me he downloaded "Map" software which installed the "WideVine" plugin. The installer prompted if he also wanted to install additional utilities and he foolishly clicked "Yes".

Disabling the "WideVine" plugin disables the redirected searches.

So it wasn't "WideVine" that installed the MalWare, it was the installer itself.

But all of this is irrelevant. The plugin is present and needs to go.

My friend informed me he downloaded "Map" software which installed the "WideVine" plugin. The installer prompted if he also wanted to install additional utilities and he foolishly clicked "Yes". Disabling the "WideVine" plugin disables the redirected searches. So it wasn't "WideVine" that installed the MalWare, it was the installer itself. But all of this is irrelevant. The plugin is present and needs to go.

Geändert am von Mugsy

McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Your friend installed 'Map' - that is not the same as 'Information Vine', as you mentioned earlier .... There is some malware with the word 'Map' - see these search results .....

But again : the WideVine plugin is not malware and as far as I know it can't be removed.

The fact that after you disabled the plugin, searches are 'back to normal' : I'm convinved that that is just a coincidence. Removing the malware (whatever it was) is more likely the reason why the problem disappeared.

If you (or your friend) are not happy with the built-in WideVine plugin, then I can only hope that someone else will be able to tell you how to remove it ......

Your friend installed 'Map' - that is not the same as 'Information Vine', as you mentioned earlier .... There is some malware with the word 'Map' - see [https://www.google.nl/search?authuser=1&ei=_cx2XNOkCZGWsAfj_YJI&q=in+firefox+%3A++Map+malware&oq=in+firefox+%3A++Map+malware&gs_l=psy-ab.3...14156.17547..20010...0.0..0.81.974.14......0....1..gws-wiz.......0i71j0i8i7i30j0i13j0i13i30j0i8i13i30.GY4_NdIcIbs these search results .....] But again : the WideVine plugin is ''not'' malware and as far as I know it can't be removed. The fact that after you disabled the plugin, searches are 'back to normal' : I'm convinved that that is just a coincidence. Removing the malware (whatever it was) is more likely the reason why the problem disappeared. If you (or your friend) are not happy with the built-in WideVine plugin, then I can only hope that someone else will be able to tell you how to remove it ......
James
  • Top 25 Contributor
  • Moderator
1600 Lösungen 11321 Antworten
Veröffentlicht

Mugsy said

I wish to remove it. It is malware and has no business being present at all.

What the Widevine has been used for in Firefox as it can be used on sites like Netflix and Amazon Prime Video. https://support.mozilla.org/en-US/kb/enable-drm

I believe you are the first to claim it is malware or comes with malware.

''Mugsy [[#answer-1200625|said]]'' <blockquote> I wish to remove it. It is malware and has no business being present at all. </blockquote> What the Widevine has been used for in Firefox as it can be used on sites like Netflix and Amazon Prime Video. https://support.mozilla.org/en-US/kb/enable-drm I believe you are the first to claim it is malware or comes with malware.
McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

McCoy said

Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm

Maybe the fact that James gives you the same information about the WideVine plugin, will convince you  ?

''McCoy [[#answer-1200594|said]]'' <blockquote> Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm </blockquote> Maybe the fact that James gives you the same information about the WideVine plugin, will convince you ?
Veröffentlicht

Fragesteller

AFAIK, the software was not called "Map". He stated he was looking for "Map" software (instead of using "Yahoo Maps as usual.")

After doing so, every time he went to Google to search for something, the search results always resulted in a page with a graphic logo in the upper left that read "Vine Information" followed by links to products related & not to his search query.

Disabling the "WideVine" plugin, Google stopped redirecting his searches to "Vine Information".

I'm not sure how much clearer I can be, or what any of this has to do with being unable to remove an installed plugin.

AFAIK, the software was not called "Map". He stated he was looking for "Map" software (instead of using "Yahoo Maps as usual.") After doing so, every time he went to Google to search for something, the search results always resulted in a page with a graphic logo in the upper left that read "Vine Information" followed by links to products related & not to his search query. Disabling the "WideVine" plugin, Google stopped redirecting his searches to "Vine Information". I'm not sure how much clearer I can be, or what any of this has to do with being unable to remove an installed plugin.
Veröffentlicht

Fragesteller

James said

I believe you are the first to claim it is malware or comes with malware.

I'm not claiming "WideVine" is malware. I'm telling you the program that installed the plugin may have modified/replaced or otherwise installed something called "WideVine" that was redirecting his searches.

Whether or not it is a legitimate copy of the "WideVine" plugin, I can not say. All I can tell you is a plugin calling itself "WideVine" was redirecting his searches, and defies removal.

''James [[#answer-1200658|said]]'' <blockquote> I believe you are the first to claim it is malware or comes with malware. </blockquote> I'm not claiming "WideVine" is malware. I'm telling you the program that installed the plugin may have modified/replaced or otherwise installed something called "WideVine" that was redirecting his searches. Whether or not it is a legitimate copy of the "WideVine" plugin, I can not say. All I can tell you is a plugin calling itself "WideVine" was redirecting his searches, and defies removal.
Veröffentlicht

Fragesteller

McCoy said

McCoy said
Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm

Maybe the fact that James gives you the same information about the WideVine plugin, will convince you  ?

Convince me of what? There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not.

''McCoy [[#answer-1200660|said]]'' <blockquote> ''McCoy [[#answer-1200594|said]]'' <blockquote> Just in case you'd like some info about the WideVine plugin : https://support.mozilla.org/en-US/kb/enable-drm </blockquote> Maybe the fact that James gives you the same information about the WideVine plugin, will convince you ? </blockquote> Convince me of what? There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not.
McCoy
  • Top 10 Contributor
546 Lösungen 5143 Antworten
Veröffentlicht

Mugsy said

Convince me of what?

Convince you of the fact that the (built-in) WideVine plugin is not malware.

There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not.

Again : the plugin is built-in and can't be removed.

I give up ......

''Mugsy [[#answer-1200665|said]]'' <blockquote> Convince me of what? </blockquote> Convince you of the fact that the (built-in) WideVine plugin is not malware. <blockquote> There are no removal instructions at that link. And you are assuming this plugin is legitimate software that should be easily removable. Clearly it is not. </blockquote> Again : the plugin is ''built-in'' and can't be removed. I give up ......