X
Tap here to go to the mobile version of the site.

Support Forum

Firefox Browser hijacked

Posted

My wife's desktop pc was hit by what I'd call "A Super Bundle" which unleashed total havoc on her pc. It took me a great deal of work 2 full days chasing down all the crap this apparent harmless download created. My approach; I'd describe it as it was like pealing back layers of an onion until everything was removed. Or to return her machine back as close to normal as I could. One of the "Leftovers" from this attack is something called; www-searching.com which has hijacked all the browsers on her computer. Nothing has worked I mean nothing. A lot of time and a great deal of effort has gone into destroying this menace now I'm asking for help.

Thanks for your time. Doug Sr.

My wife's desktop pc was hit by what I'd call "A Super Bundle" which unleashed total havoc on her pc. It took me a great deal of work 2 full days chasing down all the crap this apparent harmless download created. My approach; I'd describe it as it was like pealing back layers of an onion until everything was removed. Or to return her machine back as close to normal as I could. One of the "Leftovers" from this attack is something called; www-searching.com which has hijacked all the browsers on her computer. Nothing has worked I mean nothing. A lot of time and a great deal of effort has gone into destroying this menace now I'm asking for help. Thanks for your time. Doug Sr.

Chosen solution

Ok so I followed your Firefox links which as I expected did not take my to any solutions but this isn’t necessarily a bad thing, it’s just being through. While still covering all the bags plus since I was already on her Firefox Browser (in a private Window) I typed about:config in the address bar just to see if there was maybe a mad string hijacking the initial browser which was taking the browser to www-search.com. I scrolled down the list and found nadda. So what does this suggest, the trigger has to be still on her pc, right? It has to be there is no other way -not to my knowledge. I did some more studying and I read an article that was just written last month on this subject which recommended downloading & installing YAC (Yet Another Cleaner) . So I gave it a chance & BOOM! Problem solved It Worked! By the way: this last posting was done on her pc with Firefox (not using a private window) after clicking the Firefox icon on her desktop task bar. & her other browsers are back to normal now as well.

Have a great day! Thanks for your help.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Shockwave Flash 16.0 r0
  • 5.1.31211.0

Application

  • Firefox 36.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
  • Support URL: https://support.mozilla.org/1/firefox/36.0.1/WINNT/en-US/

Extensions

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce 7150 / NVIDIA nForce 630i
  • adapterDescription2:
  • adapterDeviceID: 0x07e0
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvd3dum
  • adapterDrivers2:
  • adapterRAM: 128
  • adapterRAM2:
  • adapterSubsysID: 73991462
  • adapterSubsysID2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: False
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 1-31-2013
  • driverDate2:
  • driverVersion: 9.18.13.783
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 3
  • numTotalWindows: 3
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce 7150 / NVIDIA nForce 630i Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 9

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
FredMcD
  • Top 10 Contributor
3766 solutions 52028 answers

Helpful Reply

You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article.


Bookmark and use this; Mozilla Search Reset {web link} This add-on is very simple: on installation, it backs up and then resets your search preferences and home page to their default values, and then uninstalls itself. This affects the search bar, URL bar searches, and the home page.


Settings Guard for Firefox {web link} Detects and resets changes to settings that are frequently done by add-ons and application installers.


It’s very sad, but many of the software down-loaders / installers will trick you into installing not only their program, but other programs as well. You have heard of the fine print in shady contracts, right? Well, some installers you need to look at the itsy bitsy teeny weeny fine print. You are thinking you are giving the installer permission to install the program you want by using the recommended option. But if you use the Manual Option Instead, you discover all kinds of stuff that you do not even know what it is or what it does. From now on, everyone needs to Use The Manual Option to put a stop to this.

You may have ad / mal-ware. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. ---------------------------------- Bookmark and use this; '''[https://addons.mozilla.org/en-US/firefox/addon/searchreset/ Mozilla Search Reset]''' {web link} This add-on is very simple: on installation, it backs up and then resets your search preferences and home page to their default values, and then uninstalls itself. This affects the search bar, URL bar searches, and the home page. ---------------- '''[https://addons.mozilla.org/en-US/firefox/addon/settings-guard Settings Guard for Firefox]''' {web link} Detects and resets changes to settings that are frequently done by add-ons and application installers. ----------------------- It’s very sad, but many of the software down-loaders / installers will trick you into installing not only their program, '''but other programs as well'''. You have heard of the '''fine print in shady contracts''', right? Well, some installers you need to look at the '''itsy bitsy teeny weeny fine print'''. You are thinking you are giving the installer permission to install the program you want by using the '''recommended''' option. But if you use the '''Manual Option Instead''', you discover all kinds of stuff that '''you do not even know what it is or what it does'''. From now on, everyone needs to '''Use The Manual Option''' to put a stop to this.
John99 971 solutions 13138 answers

The file names used may sometimes change and also if you have one lot of adware there is possibly others you have not yet discovered so the standard advice is to do scans with multiple and up to date software, after uninstalling any obvious unwanted Firefox add-ons, and unwanted Windows programs - use the Windows Control panel. See

Note the search reset addon installs, reset ssettings and uninstalls itself, but it will not necessarily make permenant changes if adware still exists.

Are you posting from your wife's pc ? (So details aside relate to the problem PC ? e.g. no user.js - That's good )

Please post back to say how you get on, what was tried & what was found, or for further advice.


You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Windows 8 has antivirus built-in already.

The file names used may sometimes change and also if you have one lot of adware there is possibly others you have not yet discovered so the standard advice is to do scans with multiple and up to date software, after uninstalling any obvious unwanted Firefox add-ons, and unwanted Windows programs - use the Windows Control panel. See * [[Remove a toolbar that has taken over your Firefox search or home page]] * [[Troubleshoot Firefox issues caused by malware]] ** http://malwaretips.com/blogs/remove-www-searching-com-virus/ Note the search reset addon installs, reset ssettings and uninstalls itself, but it will not necessarily make permenant changes if adware still exists. Are you posting from your wife's pc ? (So details aside relate to the problem PC ? e.g. no user.js - That's good ) Please post back to say how you get on, what was tried & what was found, or for further advice. -------- You can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://support.kaspersky.com/viruses/disinfection/5350 Anti-Rootkit Utility - TDSSKiller] * [http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner AdwCleaner] (for more info, see this [http://www.bleepingcomputer.com/download/adwcleaner/ alternate AdwCleaner download page]) * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Windows 8 has antivirus [http://www.microsoft.com/security/pc-security/windows8.aspx#antivirus built-in] already.

Question owner

She is running Windows 7. Ok here is what it's defeated so far/ CCleaner/ Malwarebytes (the free version)/ very thorough scrubbing's (Full Scans) with Emsisoft both the Emergency Kit and the Commandline Scanner. This is all on top of Windows Defender not seeing a thing. Most of my leg work was plain and simply using regedit and manually removing as many of the culprit's as I could find. It's a huge list!! Then coming back with CCleaner scrubbing as many broken links I just created as possible in the registry. It was argues work doing it this way and each time was followed up with primary scans from CCleaner and Malwarebytes. What blew my mind was with each scan yielded more results removing more parasites. With Firefox I've thought I cleaned all the phony Tasks and as I said, I scrubbed the registry and of coarse went thru all the manual settings. I'm thinking it's down to uninstalling Firefox, scan, clean, crawl the system one more time then reinstall Firefox. For that matter I might have to do that with all of her browsers unless there is a better way. Thanks.

She is running Windows 7. Ok here is what it's defeated so far/ CCleaner/ Malwarebytes (the free version)/ very thorough scrubbing's (Full Scans) with Emsisoft both the Emergency Kit and the Commandline Scanner. This is all on top of Windows Defender not seeing a thing. Most of my leg work was plain and simply using regedit and manually removing as many of the culprit's as I could find. It's a huge list!! Then coming back with CCleaner scrubbing as many broken links I just created as possible in the registry. It was argues work doing it this way and each time was followed up with primary scans from CCleaner and Malwarebytes. What blew my mind was with each scan yielded more results removing more parasites. With Firefox I've thought I cleaned all the phony Tasks and as I said, I scrubbed the registry and of coarse went thru all the manual settings. I'm thinking it's down to uninstalling Firefox, scan, clean, crawl the system one more time then reinstall Firefox. For that matter I might have to do that with all of her browsers unless there is a better way. Thanks.
John99 971 solutions 13138 answers

Should be no need to uninstall Firefox. Most of the adware/malware is likely installed globally in Windows, otherwise it is easily removed from Firefox.

The fact this is affecting all browsers as you mention in your first post probably indicates you are missing some adware. Make sure all the tools are up to date, maybe some malware has morphed and is not being detected.

You should try with all the listed tools. AwCleaner specialises in adware that may detect something the others do not. Whilst an article Ilinked to mentioned virus in relation tosearching.com it possibly is hijacking adware, and not a virus. The sort of thing some people will deliberately install. Not something AV sofware will detect.

Should be no need to uninstall Firefox. Most of the adware/malware is likely installed globally in Windows, otherwise it is easily removed from Firefox. The fact this is affecting all browsers as you mention in your first post probably indicates you are missing some adware. Make sure all the tools are up to date, maybe some malware has morphed and is not being detected. You should try with all the listed tools. AwCleaner specialises in adware that may detect something the others do not. Whilst an article Ilinked to mentioned ''virus'' in relation to''searching.com'' it possibly is hijacking adware, and not a ''virus''. The sort of thing some people will deliberately install. Not something AV sofware will detect.

Chosen Solution

Ok so I followed your Firefox links which as I expected did not take my to any solutions but this isn’t necessarily a bad thing, it’s just being through. While still covering all the bags plus since I was already on her Firefox Browser (in a private Window) I typed about:config in the address bar just to see if there was maybe a mad string hijacking the initial browser which was taking the browser to www-search.com. I scrolled down the list and found nadda. So what does this suggest, the trigger has to be still on her pc, right? It has to be there is no other way -not to my knowledge. I did some more studying and I read an article that was just written last month on this subject which recommended downloading & installing YAC (Yet Another Cleaner) . So I gave it a chance & BOOM! Problem solved It Worked! By the way: this last posting was done on her pc with Firefox (not using a private window) after clicking the Firefox icon on her desktop task bar. & her other browsers are back to normal now as well.

Have a great day! Thanks for your help.

Ok so I followed your Firefox links which as I expected did not take my to any solutions but this isn’t necessarily a bad thing, it’s just being through. While still covering all the bags plus since I was already on her Firefox Browser (in a private Window) I typed about:config in the address bar just to see if there was maybe a mad string hijacking the initial browser which was taking the browser to www-search.com. I scrolled down the list and found nadda. So what does this suggest, the trigger has to be still on her pc, right? It has to be there is no other way -not to my knowledge. I did some more studying and I read an article that was just written last month on this subject which recommended downloading & installing YAC (''Yet Another Cleaner'') . So I gave it a chance & BOOM! Problem solved It Worked! By the way: this last posting was done on her pc with Firefox (not using a private window) after clicking the Firefox icon on her desktop task bar. & her other browsers are back to normal now as well. Have a great day! Thanks for your help.
John99 971 solutions 13138 answers

Glad to hear you solved the problem.

One method of directing the browser to an unexpected page is to append something to the shortcut used to launch Firefox. That does not show up in about:config as it is a change external to Firefox. Another method is use of a file user.js, something I mentioned in my first post.

Personally I would not trust or recommend YAC. Malwrebytes is well known and I think generally agreed to be trustworthy. Look what they posted about YAC

Glad to hear you solved the problem. One method of directing the browser to an unexpected page is to append something to the shortcut used to launch Firefox. That does not show up in ''about:config'' as it is a change external to Firefox. Another method is use of a file ''user.js'', something I mentioned in my first post. Personally I would '''not''' trust or recommend YAC. Malwrebytes is well known and I think generally agreed to be trustworthy. Look what they posted about YAC *https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/