X
Tap here to go to the mobile version of the site.

Support Forum

How am I supposed to get help with a browser hijacker when I cannot contact no one and every single option in the knowlege base concerning this doesn't work?

Posted

I have some spyware on my system that neither my malaware bytes, comodo antivirus, spybot search and destroy, and a few others I've tried, can detect. The piece of spyware is a browser hijacker that keeps hijacking my firefox homepage and nothing I can do will get rid of it.

the problem only happens in firefox and no other browser is affected. basically my homepage gets changed to the following:

http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox

Yes there are numerous options about this in the support section but none of them work. I have tried everything and I do mean everything and each time I restart firefox the bloody thing comes back. I've reset the pc - works until you close down the browser and restart it. I've gone into my profiles, i.e. user/AppData/Mozilla/firefox and deleted the .js files, parent.lock files - comes back on firefox restart. I've searched the registry the best I can. I have even put an entry into the Hosts file in syst32 and that has afforded me partial success in that I now get a 404 instead of the pesky and irritating jaamla search page. I have even gone into the About:config settings and wiped the url but no matter what I do it always comes back on restart and it's only with firefox.

This is something that firefox needs to look into and not assume that just because there are a few answers in the support section that they all work, because all of the options appear to work until firefox is restarted.

It even comes back after a complete uninstall and wipe - I am at a loss at what to do and where to go next. Please help!

I have some spyware on my system that neither my malaware bytes, comodo antivirus, spybot search and destroy, and a few others I've tried, can detect. The piece of spyware is a browser hijacker that keeps hijacking my firefox homepage and nothing I can do will get rid of it. the problem only happens in firefox and no other browser is affected. basically my homepage gets changed to the following: http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox Yes there are numerous options about this in the support section but none of them work. I have tried everything and I do mean everything and each time I restart firefox the bloody thing comes back. I've reset the pc - works until you close down the browser and restart it. I've gone into my profiles, i.e. user/AppData/Mozilla/firefox and deleted the .js files, parent.lock files - comes back on firefox restart. I've searched the registry the best I can. I have even put an entry into the Hosts file in syst32 and that has afforded me partial success in that I now get a 404 instead of the pesky and irritating jaamla search page. I have even gone into the About:config settings and wiped the url but no matter what I do it always comes back on restart and it's only with firefox. This is something that firefox needs to look into and not assume that just because there are a few answers in the support section that they all work, because all of the options appear to work until firefox is restarted. It even comes back after a complete uninstall and wipe - I am at a loss at what to do and where to go next. Please help!

Additional System Details

Installed Plug-ins

  • Shockwave Flash 13.0 r0
  • Google Update
  • VLC media player Web Plugin 2.1.3
  • Next Generation Java Plug-in 10.51.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • 5.1.20913.0
  • Citrix Online App Detector Plugin
  • Advanced SystemCare 7 Opera Plugin DLL
  • Foxit Reader Plug-In For Firefox and Netscape
  • Advanced SystemCare 7 Safari Plugin DLL
  • NPWLPG
  • Yahoo Application State Plugin version 1.0.0.7
  • Motive Plugin for Mozilla Browsers
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • 6.0.12.448

Application

  • Firefox 30.0
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
  • Support URL: https://support.mozilla.org/1/firefox/30.0/WINNT/en-US/

Extensions

  • Ads Removal 1.0.0 (adremoveext@adremoveext.net)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Advanced SystemCare Surfing Protection 1.0 (ascsurfingprotection@iobit.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x0046
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igdumdx32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: D [ Gamma: 3600 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ] D [ Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50 ]
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'tryNewerDriver', u'8.1500.1000.2202']
  • directWriteEnabled: False
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 7-28-2010
  • driverDate2:
  • driverVersion: 8.15.10.2189
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 9

Modified Preferences

  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 7
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140605174243
  • browser.startup.homepage: http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox
  • browser.startup.homepage_override.buildID: 0
  • browser.startup.homepage_override.mstone: ignore
  • dom.mozApps.used: True
  • extensions.lastAppVersion: 30.0
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1403026807
  • places.history.expiration.transient_current_max_pages: 101992
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.sanitize.migrateFx3Prefs: True
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1402940405

Misc

  • User JS: No
  • Accessibility: No
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

hello, you could try to run a scan of your system with adwcleaner which is a tool specialised on browser hijackers.

hello, you could try to run a scan of your system with [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner] which is a tool specialised on browser hijackers.
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Since you have Advanced SystemCare, I want to make sure that its settings rollback features is not the source of the torture. I see you have disabled the Surfing Protection extension, but can you also confirm that within the external Advanced SystemCare software itself, you have turned off Surfing Protection?

Next, based on an earlier thread (home page can't be changed always is automatically setting back to : http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox How to fix this problem?), I just want to confirm that you cleanly removed Firefox's program folder when you uninstalled/reinstalled because in that thread, the culprit was in the program folder.

Here's what I suggest at this point:

(1) If needed, download a fresh installer for Firefox 30 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.)

(2) Exit out of Firefox.

(3) Rename the folder

C:\Program Files (x86)\Mozilla Firefox

to

C:\Program Files (x86)\OldFirefox

(4) Run the installer you downloaded in #1. It should automatically connect to your existing settings.

Can you reset your home page and have it stick?

Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders:

  • C:\Program Files (x86)\OldFirefox\Plugins
  • C:\Program Files (x86)\OldFirefox\browser\plugins
Since you have Advanced SystemCare, I want to make sure that its settings rollback features is not the source of the torture. I see you have disabled the Surfing Protection extension, but can you also confirm that within the external Advanced SystemCare software itself, you have turned off Surfing Protection? Next, based on an earlier thread ([https://support.mozilla.org/questions/938518 home page can't be changed always is automatically setting back to : http://www.ggle.org.uk/index.php?hp=1&OVKWID=firefox How to fix this problem?]), I just want to confirm that you cleanly removed Firefox's program folder when you uninstalled/reinstalled because in that thread, the culprit was in the program folder. Here's what I suggest at this point: (1) If needed, download a fresh installer for Firefox 30 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.) (2) Exit out of Firefox. (3) Rename the folder C:\Program Files (x86)\Mozilla Firefox to C:\Program Files (x86)\OldFirefox (4) Run the installer you downloaded in #1. It should automatically connect to your existing settings. Can you reset your home page and have it stick? Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders: * C:\Program Files (x86)\OldFirefox\Plugins * C:\Program Files (x86)\OldFirefox\browser\plugins
alan_r 127 solutions 1451 answers

A simple thing to try - disable your Ads Removal 1.0.0 extension shown in your System Details. I don't know it but it doesn't look too good on Google.

A simple thing to try - disable your Ads Removal 1.0.0 extension shown in your System Details. I don't know it but it doesn't look too good on Google.
FredMcD
  • Top 10 Contributor
4246 solutions 59405 answers

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.

You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us!

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up. Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of. You can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility] * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Did this fix your problems? Please report back to us!

Question owner

Hi philipp

Already done it and it doesn't detect anything I'm afraid. Sorry.

Hi philipp Already done it and it doesn't detect anything I'm afraid. Sorry.

Question owner

Hi jscher2000

Thanks for your time and your suggestions. Well spotted...I did actually disable that myself as I only downloaded the Advanced System Care utility as a result of this problem driving me to the point of despair, and I didn't really want another utility starting up and using system resources as I didn't plan on keeping it, especially since it didn't detect anything.

Yes I did turn on browser guard, and it didn't even detect that my browser homepage was hijacked from 127.0.0.1/index.html (which is what I manually set it to) to that pesky Jaamla search page.

Anyway, just to let you know that I have already done the stuff you have suggested and I actually went as so far as to just delete the folder completely. I made sure I had all my bookmarks backed up, which is the only thing I wanted to keep and I deleted the whole profile before destroying any remaining folders both in program and in profile folders.

This is definitely a firefox issue regardless of the original cause of infection. The fact that firefox is defenseless against this hijacker is worrying to say the least. Even more worrying is the fact that NO Security tool that I have tried so far is able to even detect it. Whatever 'it' is.

I have Malware Bytes premium , spybot search and destroy, Spyware blaster, Comodo Antivirus these are my default programs.

Additional programs I have tried include:

Hijack This Malaware Bytes Anti Exploit (may keep this one) TDSS Killer IOBit Malaware fighter Advanced System Care AVG (Bad Move) Will continue to look for programs...but no luck so far!

Hi jscher2000 Thanks for your time and your suggestions. Well spotted...I did actually disable that myself as I only downloaded the Advanced System Care utility as a result of this problem driving me to the point of despair, and I didn't really want another utility starting up and using system resources as I didn't plan on keeping it, especially since it didn't detect anything. Yes I did turn on browser guard, and it didn't even detect that my browser homepage was hijacked from 127.0.0.1/index.html (which is what I manually set it to) to that pesky Jaamla search page. Anyway, just to let you know that I have already done the stuff you have suggested and I actually went as so far as to just delete the folder completely. I made sure I had all my bookmarks backed up, which is the only thing I wanted to keep and I deleted the whole profile before destroying any remaining folders both in program and in profile folders. This is definitely a firefox issue regardless of the original cause of infection. The fact that firefox is defenseless against this hijacker is worrying to say the least. Even more worrying is the fact that NO Security tool that I have tried so far is able to even detect it. Whatever 'it' is. I have Malware Bytes premium , spybot search and destroy, Spyware blaster, Comodo Antivirus these are my default programs. Additional programs I have tried include: Hijack This Malaware Bytes Anti Exploit (may keep this one) TDSS Killer IOBit Malaware fighter Advanced System Care AVG (Bad Move) Will continue to look for programs...but no luck so far!
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Helpful Reply

I think the next step is to use Windows 7's auditing feature to figure out what processes are touching the file other than firefox.exe.

This is somewhat arduous to set up, but here's what I did. I have Win 7 Pro and I don't know whether this works on other versions.

(1) Open the Event Viewer to the Security log

Start menu > Control Panel > System and Security category > Administrative Tools

This should launch a folder of shortcuts. Double-click Event Viewer. If Windows objects, you may need to right-click> Run as Administrator.

In the left pane of the Event Viewer, click Security.

(2) Enable object auditing

In the Administrative Tools folder, double-click Local Security Policy (or right-click > Run as Administrator).

In the left pane, expand Local Policies and click Audit Policy.

In the right pane, double-click Audit object access and turn on both success and failure and OK the change. (screen shot attached)

(3) Enable auditing on prefs.js

Right-click your prefs.js file > Properties, click the Security tab, then the Advanced button. In the Advanced Security Settings dialog, click the Audit tab, then the Continue button. (screen shot attached)

Click the Add button and type Everyone, then click Check Names. After you click OK, you should get a dialog with numerous checkboxes. Clicking the Full Control box for each column should select everything. Then OK that. (screen shot attached)

(4) Test

Change a preference in Firefox that updates prefs.js (for example, you can change your home page). Then when you switch over to the Event Viewer, you can click Refresh on the right side (or choose a different category such as Application and then Security again to refresh the list), and you should find a listing in the File System task category for "a handle to the object was requested" for prefs.js, showing firefox.exe to be the active process. (screen shot attached)

(5) Assuming the test works, exit Firefox and watch for any other process touching the file.

When you're through, you probably want to turn this all off again, since it does use cycles in the background.

I think the next step is to use Windows 7's auditing feature to figure out what processes are touching the file other than firefox.exe. This is somewhat arduous to set up, but here's what I did. I have Win 7 Pro and I don't know whether this works on other versions. (1) Open the Event Viewer to the Security log Start menu > Control Panel > System and Security category > Administrative Tools This should launch a folder of shortcuts. Double-click Event Viewer. If Windows objects, you may need to right-click> Run as Administrator. In the left pane of the Event Viewer, click Security. (2) Enable object auditing In the Administrative Tools folder, double-click Local Security Policy (or right-click > Run as Administrator). In the left pane, expand Local Policies and click Audit Policy. In the right pane, double-click Audit object access and turn on both success and failure and OK the change. (screen shot attached) (3) Enable auditing on prefs.js Right-click your prefs.js file > Properties, click the Security tab, then the Advanced button. In the Advanced Security Settings dialog, click the Audit tab, then the Continue button. (screen shot attached) Click the Add button and type Everyone, then click Check Names. After you click OK, you should get a dialog with numerous checkboxes. Clicking the Full Control box for each column should select everything. Then OK that. (screen shot attached) (4) Test Change a preference in Firefox that updates prefs.js (for example, you can change your home page). Then when you switch over to the Event Viewer, you can click Refresh on the right side (or choose a different category such as Application and then Security again to refresh the list), and you should find a listing in the File System task category for "a handle to the object was requested" for prefs.js, showing firefox.exe to be the active process. (screen shot attached) (5) Assuming the test works, exit Firefox and watch for any other process touching the file. When you're through, you probably want to turn this all off again, since it does use cycles in the background.

Question owner

Hi jscher2000

Thank you for your input which is very much appreciated. I will try that this weekend and get back to you. Sadly, I don't have the time I would like to sit down and do it this evening...I think it's probably better to wait for the weekend when I don't have to worry about time constraints or being disturbed.

I'll keep you posted.

Hi jscher2000 Thank you for your input which is very much appreciated. I will try that this weekend and get back to you. Sadly, I don't have the time I would like to sit down and do it this evening...I think it's probably better to wait for the weekend when I don't have to worry about time constraints or being disturbed. I'll keep you posted.