X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Firefox is being redirected to www.videocop.com

Posted

For the past several days WOT has been intercepting random attempts to redirect Firefox 3.6.8 (running on fully up-to-date 64 bit Ubuntu 10.04 LTS) to various dangerous web sites. The most recent attempt was to: http://www.videocop.com/?aff=NGMzNTkwOWY6OjA%3D&src=counter

URL of affected sites

http://www.videocop.com/?aff=NGMzNTkwOWY6OjA%3D&src=counter

Additional System Details

Installed Plug-ins

  • -The next generation Java plug-in for Mozilla browsers.
  • Version 1.0.6 Goldeneye, copyright 1996-2007 The VideoLAN Teamhttp://www.videolan.org/
  • The Totem 2.30.2 plugin handles video and audio streams.
  • DivX Web Player version 1.4.0.233
  • This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.
  • Shockwave Flash 10.1 r53

Application

  • User Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8

More Information

For the past several days WOT has been intercepting random attempts to redirect Firefox 3.6.8 (running on fully up-to-date 64 bit Ubuntu 10.04 LTS) to various dangerous web sites. The most recent attempt was to: http://www.videocop.com/?aff=NGMzNTkwOWY6OjA%3D&src=counter

the-edmeister
  • Top 10 Contributor
  • Moderator
3197 solutions 24405 answers

Helpful Reply


Do you have that problem when running in the Firefox SafeMode? http://support.mozilla.com/en-US/kb/Safe+Mode Don't select anything right now, just use "Continue in SafeMode."

If not, see this: http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+theme...

Question owner

Hi the-edmeister. Thank you for responding.

I started Firefox in safe mode as per your instructions (Ff ran noticably faster) and this page...

http://www.search.pro/results.php?q=vacuum+cleaner+reviews&type=web&rs=1&_as=57&sx_kw=vacuum+cleaner+reviews&_ass=58752&sx_mkw=vacuum+cleaner+reviews&sx_v=0.0573

...opened simultaneously with another which I was trying to visit. Afterwards I visited a few more pages without anymore redirect attempts, and then decided to quit Firefox because I'm not comfortable running it without: Adblock Plus, WOT, NoScript, Flagfox, and Xmarks.

And after I quit Firefox I saw this in Terminal:

john@acer:~$ firefox -safe-mode

      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue()

john@acer:~$

Yesterday I had used Firefox's Clear Recent History option to: clear everything, quit Firefox, restart it, and then resynchronized all of my bookmarks and passwords via Xmarks. Shortly afterwards I experienced yet more redirect attempts which were fortunately intercepted by a combination of WOT and NoScript.

BTW. These redirect attempts only started less than a week ago.

Helpful Reply

Here are some more facts. At first I went to videoCOP, than momverstaion.com/my-coke-rewards started showing up.

The problem seems to pivot around results5.google.com which goes through a list of redirects so that every time you go to that web site in a row you will be redirected to a new web site.

The first site I wen to was travel.chinaontv.com/videos The next time I went to the URL K-directory which is over all police service directory.

What's up with results5.google.com I couldn't find it in my registry it may be hard coded.

Any problem with google and China?

Question owner

There is something under the momversation issue on the web called the Bing Virus. www.malwaresolution.com/m14/bing-hijack-virus-removal.html

I have now been redirected to seacrh.pro and pctools.com after going to Bing Virus Removal website. I don't recommend downloading software from these sites, I'd feel better about cnet. One of the redirects recommended stopZilla.

There may be more than on virus, I did experience a problem while downloading windows updates where bing took over firefox asking me to install it in firefox. I am not sure about how long I have been experiencing VideoCOP hijack. There are kinds of virus mentions regarding momversation. Redirects could render the entire web useless.

http://www.freespycheck.com/004/bing-hijack-virus-removal.html http://results5.google.com/click.php?q=momversation.com%20hijack&lnk=http%3A%2F%2Fwww.malwaresolution.com%2Fm14%2Fbing-hijack-virus-removal.html&ref=http%3A%2F%2Fwww.google.com%2Fwebhp%3Fhl%3Den%23hl%3Den%26q%3Dmomversation.com%2Bhijack%26aq%3Df%26aqi%3D%26aql%3D%26oq%3D%26gs_rfai%3D%26fp%3D49a49dc61d3a576c http://www.malwaresolution.com/m14/bing-hijack-virus-removal.html http://71229.123bounce.com/xtr3_new?sid=101830237&sa=6&p=1&s=71229&qt=1280541297&q=momversationcom+hijack&rf=http%3A%2F%2F40report.com%2F%3F65287b78756f7f696f7c6a764f4f0c404b480315184143414d4e45&enc=&enk=JoEmwWaBRpnm48bjJuPmiUaRJ%2BMmkQeBpqEmkSe5j4k%3D&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=a0a27593edb22977&qxsi=0a42d223ad494ea5&mk=1 http://clicks.searchmirror.com/xtr_new?q=momversationcom+hijack&enk=B7EnmSeRpsGPkUbjRuOmgebJpuMmkQeBpqFGgYa5j4k= http://71229.123bounce.com/xtr3_new?sid=101830237&sa=6&p=1&s=71229&qt=1280541297&q=momversationcom+hijack&rf=http%3A%2F%2F40report.com%2F%3F65287b78756f7f696f7c6a764f4f0c404b480315184143414d4e45&enc=&enk=JoEmwWaBRpnm48bjJuPmiUaRJ%2BMmkQeBpqEmkSe5j4k%3D&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=6e0a216b76124cd7&qxsi=0a42d223ad494ea5&mk=1 http://72.233.76.66/p/index.php?PHPSESSID=82740b380d65d669ebf6b3ffaa005dafa135b9481bff079d754e69cc821d0bdac0f7a40bffa063dd81beb7a3ab1a6e43e3a87a379e http://www.search.pro/results.php?q=momversationcom+hijack&type=web&rs=1&_as=50&sx_kw=momversationcom+hijack&_ass=71229&sx_mkw=momversationcom+hijack&sx_v=0.106005 http://ck.ads.affinity.com/ck1?ca=7fa1e6531df72e24f30db37b45de33fe306ad84138aa6080b886834f1fb1835f26fc4851dbab2b1aab4b97a53557e95f063d8de8a7ec7a537233f826800b512553026419cf38a0339f206177074d21cbc82f3516660bd539433ad810331d4ab204a506d61221e7841d0fcbd73123bc98bccbd4d941081f87bd6d6bc958c75c2cd4238067d467ca3f42dc01b8f3d4f68f89bea1652e230389286d20f620868d2da1718ed7aa0036dfd88246017133537f&adt=Looking+for+momversationcom+hijack&add=Find+%26+Compare+best+deals+in+your+area.+Top+sites+listed.&adr=http%3A%2F%2Fwww.search.pro%2Fresults.php%3Fq%3Dmomversationcom%2Bhijack%26type%3Dweb%26rs%3D1%26_as%3D50%26sx_kw%3Dmomversationcom%2Bhijack%26_ass%3D71229%26sx_mkw%3Dmomversationcom%2Bhijack%26sx_v%3D%7Brandomnumber%7D&axz=7682af378728f80890f1cdd849166661&&xsc=e93088672f0e19c620d002b442d3724220d002b442d37242&xsp=a181f592d52a04ee&xuc=b596486c5a98419cd1c1e3daf1297cc053bd3f77566931bbbbb4c5be58f54f01&xcf=4f918035dc22d167&xai=e915faa8d9b594ec&xsm=723cdce3e3700a082b47b990b4bff621 http://71229.123bounce.com/xtr_new?q=momversationcom+hijack&enk=JoEmwWaBRpnm48bjJuPmiUaRJ+MmkQeBpqEmkSe5j4k= http://results5.google.com/ http://www.google.com/webhp?hl=en#hl=en&q=momversation.com+hijack&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=49a49dc61d3a576c http://support.mozilla.com/tiki-view_forum_thread.php http://support.mozilla.com/en-US/forum/1/739986 http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=739986&forumId=1 http://www.discoverexactly.com/jump2/?affiliate=8002&subid=1936_2379&terms=videocop%20url http://72.233.76.66/p/index.php?PHPSESSID=7eed317804125b53d1cc89c59001ff937b1568087646d021acf8e83a9e08dac55dac6a4d183e&d=128053610390731 http://www.kdirectory.co.uk/results.asp?qry=videocop%20url&rfid=lka19_62023-8002.1936_2379&rfs=http%3A%2F%2Fwww.discoverexactly.com%2Fjump1%2F%3Faffiliate%3D8002%26subid%3D1936_2379%26terms%3Dvideocop%2520url%26sid%3DZ567043742081M0ITN3gzX2cjNfdTYfJTNy81N5MDM0UDM4ITM%26a%3Def8%26mr%3D1%26rc%3D0 http://r.looksmart.com/og/pr=Psr;ro=1;rc=1;digest=c58333c757a36a555d247cec1388f305;kid=89ed245fc43bd65eb99dcf9651408a2b;t=1280540397;v=8;data=kYRvXjSRn21PsGW7Tc2pko7JzgSGCMaheo__wx3Azm7G3jo03LioYndKbhwZ7Jk1_AoETm4A0ckMQnDJ67fbGI2z_otK1AOAWz5ZGetYTJ9svIcQjrOkqVY0RuUyjJKRdUVpvoX8hIVnwyXNcM5GJtDqP4GffFrAYR9kJLqxrGAg1tD2Q2GGog;uh=103x3799641002524859530;la=961442;lm=1287031;ad=707883916;ag=710096645;kw=781533653;qt=videocop%20url;vr=20;lt=BM;ip=75.37.7.111;pt=;st=233.22.203.0.0.0.0;os=654.165.1.0.1.164.2.5;sy=keyword;my=ROC;geo=894417;vid=0;subid=8002.1936_2379;opi=advp;ii=4282.3f8a.4c537eed.b68;pn=;to=;tc=1;po=1;pc=1;pi=advp;ts=;rm=|http://www.kdirectory.co.uk/results.asp?qry=videocop%20url&rfid=lka19_62023-8002.1936_2379&rfs= http://www.discoverexactly.com/jump1/?affiliate=8002&subid=1936_2379&terms=videocop%20url&sid=Z567043742081M0ITN3gzX2cjNfdTYfJTNy81N5MDM0UDM4ITM&a=ef8&mr=1&rc=0 http://64.15.72.104/click_second_new3.php?go=aHR0cDovL3d3dy5kaXNjb3ZlcmV4YWN0bHkuY29tL2p1bXAxLz9hZmZpbGlhdGU9ODAwMiZzdWJpZD0xOTM2XzIzNzkmdGVybXM9dmlkZW9jb3AlMjB1cmwmc2lkPVo1NjcwNDM3NDIwODFNMElUTjNnelgyY2pOZmRUWWZKVE55ODFONU1ETTBVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMDI=&aff=1936&subaff=2379&time=1280540397&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=eDsYick103QwTZjv9XC8z7W41kQF+h/TlegzSg24&se=YWJjc2VhcmNo&sid=9&pos=6&country=US http://64.15.72.104/click.php?go=aHR0cDovL3d3dy5kaXNjb3ZlcmV4YWN0bHkuY29tL2p1bXAxLz9hZmZpbGlhdGU9ODAwMiZzdWJpZD0xOTM2XzIzNzkmdGVybXM9dmlkZW9jb3AlMjB1cmwmc2lkPVo1NjcwNDM3NDIwODFNMElUTjNnelgyY2pOZmRUWWZKVE55ODFONU1ETTBVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMDI=&aff=1936&subaff=2379&time=1280540397&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=eDsYick103QwTZjv9XC8z7W41kQF+h/TlegzSg24&se=YWJjc2VhcmNo&sid=9&pos=6 http://72.233.76.66/p/index.php?PHPSESSID=7b699e850a560ea1233e7b37620143a2c5efc44b25931a15212bde57b900ca28007c4b7701a2bc7ed9 http://72.233.76.66/p/index.php?PHPSESSID=7eed317804125b53d1cc89c590004f44b951748eb551bdac818ff642af8eec2967bdc3b78183e3064853fa599e77a9101cedf947ada80ae43482edb7b2e6bf6cb49aee18bc1b&d=128053610390731 http://www.investorplace.com/stock-picks/hot-stocks/verizon/verizon-iphone-likely-coming-soon.html?sendroicid=1a38dd25-fad8-44fa-8a32-fe17400a0215&sendroikwd=RON2 http://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=76320&x=701b:KnVBj3NBdXBG25e9DVB7ZSswH5rIo5Ipo5C5d:e94XH5oSCLZ9jwjJFW:h2p4QjqL6Tt2jxfD:My75Np:36M:jMqFpMV;3yCoTE4;8rUD5ffHST:FXK4DXF5Xpi7;HcfM38:1qzw7zxyDlPGFqf5;JG3Y3kqg0CcZ7RqgRBB3:hG;baUd9pYzJGcVjYG25aIzJm9jQx5;3hGg59qF3l397kWFdpIX8jYzJoMonYqzqutYXFwX:X7ZdPwr1pqrb$O&c=E9BBE699%2D30B9%2D4D87%2DA02E%2D77AC38B046C4 http://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=76320&x=lQlApNVrW9ACaeijVHM8vp9jlCRd1gMhZ3Mpf3M5qeQ8v:iVr3R5eCOw196s05rtn:TwLmWQjHBo0pQn7TMCf5AFi5BnLKzngEAv43ZcgE0hYpMb0gRQpKiSEpisquz0jExmJbAupAyR1TUo4p73VKybqE6:TvANL855fCFM18gjWlQ9VE1EYeOiUO6:fBB;2HMEZO6Kv9TorEA9V8M7LKAOTUFNJKdiZu0wpO6Xi3V;LOyBnPis1uQzjCxK; http://64.15.72.104/click_second_new3.php?go=aHR0cDovL3BkYS5tdi5iaWRzeXN0ZW0uY29tL2Jpbi9maW5kd2hhdC5kbGw/Y2xpY2t0aHJvdWdoJnk9NzYzMjAmeD1sUWxBcE5Wclc5QUNhZWlqVkhNOHZwOWpsQ1JkMWdNaFozTXBmM001cWVROHY6aVZyM1I1ZUNPdzE5NnMwNXJ0bjpUd0xtV1FqSEJvMHBRbjdUTUNmNUFGaTVCbkxLem5nRUF2NDNaY2dFMGhZcE1iMGdSUXBLaVNFcGlzcXV6MGpFeG1KYkF1cEF5UjFUVW80cDczVkt5YnFFNjpUdkFOTDg1NWZDRk0xOGdqV2xROVZFMUVZZU9pVU82OmZCQjsySE1FWk82S3Y5VG9yRUE5VjhNN0xLQU9UVUZOSktkaVp1MHdwTzZYaTNWO0xPeUJuUGlzMXVRempDeEs7&b=MC4wMDM=&aff=1936&subaff=2379&time=1280540397&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=ezgbiso20HczTpvs9nO/zLa61EYH+B3Rl+oxSA+6&se=ZmluZHdoYXQ=&sid=56&pos=5&country=US http://64.15.72.104/click.php?go=aHR0cDovL3BkYS5tdi5iaWRzeXN0ZW0uY29tL2Jpbi9maW5kd2hhdC5kbGw/Y2xpY2t0aHJvdWdoJnk9NzYzMjAmeD1sUWxBcE5Wclc5QUNhZWlqVkhNOHZwOWpsQ1JkMWdNaFozTXBmM001cWVROHY6aVZyM1I1ZUNPdzE5NnMwNXJ0bjpUd0xtV1FqSEJvMHBRbjdUTUNmNUFGaTVCbkxLem5nRUF2NDNaY2dFMGhZcE1iMGdSUXBLaVNFcGlzcXV6MGpFeG1KYkF1cEF5UjFUVW80cDczVkt5YnFFNjpUdkFOTDg1NWZDRk0xOGdqV2xROVZFMUVZZU9pVU82OmZCQjsySE1FWk82S3Y5VG9yRUE5VjhNN0xLQU9UVUZOSktkaVp1MHdwTzZYaTNWO0xPeUJuUGlzMXVRempDeEs7&b=MC4wMDM=&aff=1936&subaff=2379&time=1280540397&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=ezgbiso20HczTpvs9nO/zLa61EYH+B3Rl+oxSA+6&se=ZmluZHdoYXQ=&sid=56&pos=5 http://stulus.com/?6528607e7c7c7558534d3e4a726d http://67.210.14.98/redirect.php?q=videoCOP%20URL http://67.210.14.29/?q=videoCOP%20URL&f=2 http://72.233.76.66/p/index.php?PHPSESSID=7de422c805571c2dafb2f7bbee0008650cf76a277062e77137bf37e2bc0b560530c9ae02e64cebd129050f8cb8&d=128053610390731 http://rs4.1936_2379.asklots.com/jump2/?affiliate=rs4&subid=1936_2379&terms=videocop%20url http://travel.chinaontv.com/videos/6390?part=1 http://rs4.1936_2379.asklots.com/jump1/?affiliate=rs4&subid=1936_2379&terms=videocop%20url&sid=Z546043925%40MzXzQDM2AzNfNzN18lMz8lM08VOyEDM0UDM4ITM&a=ef8&mr=1&rc=0 http://64.15.72.104/click_second_new3.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvY29wJTIwdXJsJnNpZD1aNTQ2MDQzOTI1JTQwTXpYelFETTJBek5mTnpOMThsTXo4bE0wOFZPeUVETTBVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMDU=&aff=1936&subaff=2379&time=1280540132&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=fj0ej88z1XI2SZbk/nu3xL602kgJ9hPfmeQ/RgG0&se=YWJjc2VhcmNo&sid=9&pos=3&country=US http://64.15.72.104/click.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvY29wJTIwdXJsJnNpZD1aNTQ2MDQzOTI1JTQwTXpYelFETTJBek5mTnpOMThsTXo4bE0wOFZPeUVETTBVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMDU=&aff=1936&subaff=2379&time=1280540132&searcher_ip=75.37.7.111&cnt=21843&qq=videoCOP+url&mode=&seid=fj0ej88z1XI2SZbk/nu3xL602kgJ9hPfmeQ/RgG0&se=YWJjc2VhcmNo&sid=9&pos=3 http://search.avg.com/dns_err.aspx?i=23&l=en&tp=dns&q=http%3A%2F%2Fwww.2.php%2F&iy=b&ychte=us&al=us&alu=ww http://www.google.com/search?q=videoCOP+url&hl=en&client=firefox-a&rls=org.mozilla:en-US:official&ei=I31TTIeiGsT48AbHvfSOBQ&start=40&sa=N http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http%3A%2F%2Fsupport.mozilla.com%2Ftiki-view_forum_thread.php%3Flocale%3Den-US%26comments_parentId%3D739986%26forumId%3D1&ei=I31TTIeiGsT48AbHvfSOBQ&usg=AFQjCNHK5IthO0krPiTUZz44t9tU6mMQMQ http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=videoCOP+url&aq=f&aqi=m1&aql=&oq=&gs_rfai= http://www.google.com/search?hl=en&client=firefox-a&hs=Ugg&rls=org.mozilla%3Aen-US%3Aofficial&q=videoCOP.com&aq=f&aqi=&aql=&oq=&gs_rfai= http://c.findology.com/3.php?time=1280539047&objTimStr=0.74199100%2B1280539047&goto=9c873cf444de5c9b0e87d4f8e18e836f-wsufSF3k34%094S.F4.4.www%09%09R_aNfw%09U44w%09YqoItEtR%2BWai%09OqLotitz0atNI%092vvR%3A%2F%2Fnnn.OqLotitz0.EtQ%2FAqoEiqEH.R2R%3FAqo_qo%3DwFkFUSf3%26Wai%3D2vvR%25Fj%25sO%25sOnnn%25sIQtQYIaNjvqtL%25sIEtQ%25sOQ0%25soEtHI%25soaInjaoN%25FOO%25FoOzQNEHs%25sURjavLIa%25FoU44w%25sos4kF%26joY_Nqo%3Dsk3kF%26joY_qo%3DwwSww%26v0RI%3DatL%26ovN%3Dsfwf_f4_Ff_wu_sk_S4%26i2L%3Dnj0S%26atL_WLqMWI%3Df%26aIoqaIEv_Wai%3D%26AitEH_joWiv%3Dw%26QtoI%3DOqbIo%26oA2L%3DoAU%09f.fws%09sk3kF%09w%09s4kF%09%09k%09GLqvIo+rvjvIN%09Gr%09mtQYIaNjvqtL.EtQ%09nj0S-kESF43j4ASswS%09mtXqiij%2FS.f+%28CqLotnN%3B+G%3B+CqLotnN+Dl+S.w%3B+IL-Gr%3B+aY%3Aw.3.s.u%29+8IEHt%2Fsfwff4ss+6qaIOtb%2FF.U.u+%28.Dpl+7Ve+F.S.Ff4s3%29&screenpro=1280,1024,0,0,1272,801 http://www.momversation.com/my-coke-rewards?f=fgmsck2&partner=6771-2743 http://216.133.243.28/bidclick.php?bid_id=13436509&bid=0.012&site_id=6771&adv_sid=24943&adv_id=11511&said=2743&ron_unique=0&redirect_url=&type=ron&kw=videocop+url&url=http%3A%2F%2Fwww.momversation.com%2Fmy-coke-rewards%3Ff%3Dfgmsck2%26partner%3D6771-2743×tamp=1280538913&sig=03a6b2deefaf14de5411521fb20b88fe&a=1&pid=p_rs01&ip=75.37.7.111 http://216.133.243.28/2.php?sid=6771&keyword=videocop+url&goto=9c873cf444de5c9b0e87d4f8e18e836f-wsufSF3k34%094S.F4.4.www%09%09R_aNfw%09U44w%09YqoItEtR%2BWai%09OqLotitz0atNI%092vvR%3A%2F%2Fnnn.OqLotitz0.EtQ%2FAqoEiqEH.R2R%3FAqo_qo%3DwFkFUSf3%26Wai%3D2vvR%25Fj%25sO%25sOnnn%25sIQtQYIaNjvqtL%25sIEtQ%25sOQ0%25soEtHI%25soaInjaoN%25FOO%25FoOzQNEHs%25sURjavLIa%25FoU44w%25sos4kF%26joY_Nqo%3Dsk3kF%26joY_qo%3DwwSww%26v0RI%3DatL%26ovN%3Dsfwf_f4_Ff_wu_sk_S4%26i2L%3Dnj0S%26atL_WLqMWI%3Df%26aIoqaIEv_Wai%3D%26AitEH_joWiv%3Dw%26QtoI%3DOqbIo%26oA2L%3DoAU%09f.fws%09sk3kF%09w%09s4kF%09%09k%09GLqvIo+rvjvIN%09Gr%09mtQYIaNjvqtL.EtQ%09nj0S-kESF43j4ASswS%09mtXqiij%2FS.f+%28CqLotnN%3B+G%3B+CqLotnN+Dl+S.w%3B+IL-Gr%3B+aY%3Aw.3.s.u%29+8IEHt%2Fsfwff4ss+6qaIOtb%2FF.U.u+%28.Dpl+7Ve+F.S.Ff4s3%29&objTimStr=0.74199100+1280539047 http://c.findology.com/r/?goto=027bdbd7cafbdaa8a3af037a09410135-wsufSF3k34%094S.F4.4.www%09%09R_aNfw%09U44w%09YqoItEtR%2BWai%09OqLotitz0atNI%092vvR%3A%2F%2Fnnn.OqLotitz0.EtQ%2FAqoEiqEH.R2R%3FAqo_qo%3DwFkFUSf3%26Wai%3D2vvR%25Fj%25sO%25sOnnn%25sIQtQYIaNjvqtL%25sIEtQ%25sOQ0%25soEtHI%25soaInjaoN%25FOO%25FoOzQNEHs%25sURjavLIa%25FoU44w%25sos4kF%26joY_Nqo%3Dsk3kF%26joY_qo%3DwwSww%26v0RI%3DatL%26ovN%3Dsfwf_f4_Ff_wu_sk_S4%26i2L%3Dnj0S%26atL_WLqMWI%3Df%26aIoqaIEv_Wai%3D%26AitEH_joWiv%3Dw%26QtoI%3DOqbIo%26oA2L%3DoAU%09f.fws%09sk3kF%09w%09s4kF%09%09k%09GLqvIo+rvjvIN%09Gr%09mtQYIaNjvqtL.EtQ%09nj0S%09mtXqiij%2FS.f+%28CqLotnN%3B+G%3B+CqLotnN+Dl+S.w%3B+IL-Gr%3B+aY%3Aw.3.s.u%29+8IEHt%2Fsfwff4ss+6qaIOtb%2FF.U.u+%28.Dpl+7Ve+F.S.Ff4s3%29&objTimStr=0.90047200+1280539497&pc=ZmluZG9sb2d5&said=2743 http://results5.google.com/click.php?q=videoCOP%20URL&lnk=http%3A%2F%2Fsupport.mozilla.com%2Ftiki-view_forum_thread.php%3Flocale%3Den-US%26comments_parentId%3D739986%26forumId%3D1&ref=http%3A%2F%2Fwww.google.com%2Fwebhp%3Fhl%3Den%23hl%3Den%26q%3DvideoCOP%2BURL%26aq%3Df%26aqi%3Dm1%26aql%3D%26oq%3D%26gs_rfai%3D%26fp%3D49a49dc61d3a576c http://www.google.com/webhp?hl=en#hl=en&q=videoCOP+url&aq=f&aqi=m1&aql=&oq=&gs_rfai=&fp=49a49dc61d3a576c https://support.mozilla.com/en-US/forum/1/741690 http://www.google.com/url?sa=t&source=web&cd=8&ved=0CCoQFjAH&url=https%3A%2F%2Fsupport.mozilla.com%2Fen-US%2Fforum%2F1%2F741690&ei=a3lTTJrVJcP88Aa3iLWqDw&usg=AFQjCNE1I0gai_TdYYA3_1xjoTZ-en7SCA http://www.google.com/url?sa=t&source=web&cd=10&ved=0CDEQFjAJ&url=http%3A%2F%2Fanswers.yahoo.com%2Fquestion%2Findex%3Fqid%3D20100722144622AAmBFDm&ei=MnlTTOauJoH88AbP58SxBA&usg=AFQjCNHQrhh5E4XAIOTf-7UX3tvBvkiQ9A http://answers.yahoo.com/question/index?qid=20100722144622AAmBFDm http://www.google.com/search?q=videoCOP+adware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a http://results5.google.com/click.php?q=videoCOP%20after%20unisnstall&lnk=http%3A%2F%2Fanswers.yahoo.com%2Fquestion%2Findex%3Fqid%3D20100722144622AAmBFDm&ref=http%3A%2F%2Fwww.google.com%2Fwebhp%3Fhl%3Den%23hl%3Den%26q%3DvideoCOP%2Bafter%2Bunisnstall%26aq%3Df%26aqi%3Dm1%26aql%3D%26oq%3D%26gs_rfai%3D%26fp%3D49a49dc61d3a576c http://www.google.com/webhp?hl=en#hl=en&q=videoCOP+after+unisnstall&aq=f&aqi=m1&aql=&oq=&gs_rfai=&fp=49a49dc61d3a576c http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBQQFjAA&url=http%3A%2F%2Fforum.cheatengine.org%2Fviewtopic.php%3Ft%3D513498%26sid%3D7594faf4119d2eda76d39f5c34d96eb2&ei=pnZTTJzgIYH98AbU5vHLBA&usg=AFQjCNEMSrHL9gWV1MEgsEH8M1T9hQCbnA http://forum.cheatengine.org/viewtopic.php?t=513498&sid=7594faf4119d2eda76d39f5c34d96eb2 http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBcQFjAB&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Fp%3D1515306&ei=pnZTTJzgIYH98AbU5vHLBA&usg=AFQjCNGgvrFxU7w0rICe8y7ks24SF9Yu3w http://forums.majorgeeks.com/showthread.php?p=1515306 http://www.google.com/search?hl=en&client=firefox-a&hs=Z80&rls=org.mozilla%3Aen-US%3Aofficial&q=browser+videoCOP+redirection&aq=f&aqi=m1&aql=&oq=&gs_rfai= http://support.mozilla.com/en-US/forum/1/733747#threadId734918 http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBQQFjAA&url=http%3A%2F%2Fsupport.mozilla.com%2Fen-US%2Fforum%2F1%2F733747&ei=_nVTTOSMD4L_8Abul9SrAw&usg=AFQjCNFjMNyCWaVZiOjlpfK0MFX-QQZEyA http://support.mozilla.com/en-US/forum/1/733747 http://www.google.com/search?q=browser+videoCOP+problem&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a http://search.yahoo.com/search?fr=ans_qp_1&p=videoCOP+hijack+&submit-go=Search http://answers.yahoo.com/question/nextQuestion;_ylt=AmNXDluGRVlxT.jl503QYxZ07hR.;_ylv=3?qid=20100722144622AAmBFDm&cid=396545665&state=resolved http://answers.yahoo.com/question/index?qid=20100730130038AANvvvq http://results5.google.com/click.php?q=video%20cop%20hijack&lnk=http%3A%2F%2Fanswers.yahoo.com%2Fquestion%2Findex%3Fqid%3D20100722144622AAmBFDm&ref=http%3A%2F%2Fwww.google.com%2Fwebhp%3Fhl%3Den%23hl%3Den%26%26sa%3DX%26ei%3Dt3FTTP2xCML-8Aa2nayMBA%26ved%3D0CBEQBSgA%26q%3Dvideo%2Bcop%2Bhijack%26spell%3D1%26fp%3D49a49dc61d3a576c http://search.yahoo.com/search;_ylt=A0geupfEdFNM7l8BUQZXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDU21EajdFb0c3N2tIVjFkLlRGTndpQTNhU3lVSGIweFRkTVFBQ0wxMARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCB1cmwgcmVkaXJlY3QEc2FvAzEEdnRlc3RpZANhdmc-?p=videoCop+url+redirect&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0oG7_urdFNM5TcBAStXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDX205enNrb0c3N2tIVjFkLlRGTndpQUU1U3lVSGIweFRkS3NBQWptVARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCB1cmwgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=videoCop+url+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0oG786adFNMOqUAt_JXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDRk5OQ04wb0c3N2tIVjFkLlRGTndpQVk0U3lVSGIweFRkSm9BQzdNWQRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCBmaXJlZm94IHByb2JsZW0gaXNzdWUgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=videoCop+firefox+problem+issue+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0geu1lKc1NMaTEARQpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDLndKcV8wb0c3N2tIVjFkLlRGTndpQWF1U3lVSGIweFRjMG9BQUZ0dgRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQNwcm9tby52aWRlb0NvcCBmaXJlZm94IHByb2JsZW0gaXNzdWUgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=promo.videoCop+firefox+problem+issue+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0geuponc1NMS00BFa5XNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDUU1Galprb0c3N2tIVjFkLlRGTndpQXNiU3lVSGIweFRjeWNBQWxHTwRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb2NvcCBmaXJlZm94BHNhbwMxBHZ0ZXN0aWQDYXZn?p=videocop+firefox&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0oG76itclNMCOcAoTZXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDWlpuVXRFb0c3N2tIVjFkLlRGTndpQTRtU3lVSGIweFRjcTBBRGhHeARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb2NvcCBwcm9ibGVtIGZpcmVmb3gEc2FvAzEEdnRlc3RpZANhdmc-?p=videocop+problem+firefox&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://search.yahoo.com/search;_ylt=A0geupuSclNMw2QBMqVXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDNjhwVUFVb0c3N2tIVjFkLlRGTndpQVJ0U3lVSGIweFRjcElBQlVnRwRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlbyBjb3AgcmVkaXJlY3Rpb24Ec2FvAzEEdnRlc3RpZANhdmc-?p=video+cop+redirection&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=video%20cop%20hijack http://72.233.76.66/p/index.php?PHPSESSID=7228db9b011b8fd5574a0f4316014a3ebf7924b859c7e6590eae&d=128053610390731 http://rs4.1936_2379.asklots.com/jump2/?affiliate=rs4&subid=1936_2379&terms=video%20cop%20hijack http://www.bestaddirectory.com/search-results.aspx?keywords=video+cop+hijack http://www.bestaddirectory.com/search-results.aspx?referrer=adcomtq&keywords=video+cop+hijack&camp=0-adcom-hightqspread-phasr&q=video+cop+hijack&affiliate=rs4-1936_2379&domaingroup=testgroup1 http://www.phasrws.com/search-results.aspx?referrer=adcomTQ&keywords=Video%20Cop%20Hijack&camp=0-Adcom-HighTQSpread-Phasr&q=Video%20Cop%20Hijack&affiliate=rs4-1936_2379&domaingroup=testgroup1 http://rs4.1936_2379.asklots.com/jump1/?affiliate=rs4&subid=1936_2379&terms=video%20cop%20hijack&sid=Z256044330%40%40gMfhTM1cTO1MzX4QzNy8FNx8FO08FOyEzNzUDM4ITM&a=ef8&mr=1&rc=0 http://64.15.72.104/click_second_new3.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvJTIwY29wJTIwaGlqYWNrJnNpZD1aMjU2MDQ0MzMwJTQwJTQwZ01maFRNMWNUTzFNelg0UXpOeThGTng4Rk8wOEZPeUV6TnpVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMTI=&aff=1936&subaff=2379&time=1280537128&searcher_ip=75.37.7.111&cnt=21843&qq=video+cop+hijack&mode=&seid=czATgsI+2Hg7RJri+H2xwrm02kgJ9hPfmeQ/RgG0&se=YWJjc2VhcmNo&sid=9&pos=2&country=US http://64.15.72.104/click.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvJTIwY29wJTIwaGlqYWNrJnNpZD1aMjU2MDQ0MzMwJTQwJTQwZ01maFRNMWNUTzFNelg0UXpOeThGTng4Rk8wOEZPeUV6TnpVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMTI=&aff=1936&subaff=2379&time=1280537128&searcher_ip=75.37.7.111&cnt=21843&qq=video+cop+hijack&mode=&seid=czATgsI+2Hg7RJri+H2xwrm02kgJ9hPfmeQ/RgG0&se=YWJjc2VhcmNo&sid=9&pos=2 http://72.233.76.66/p/index.php?PHPSESSID=71e696530d7dd43ab8a5e0acf900cbd6264b639599eb197438510b706bd36b981d371cda5b564db85095b062b3 http://72.233.76.66/p/index.php?PHPSESSID=7228db9b011b8fd5574a0f431600266ef89db9be9e14ad1203d523154ed64344cd176c50a7454674959c8a1c8e2d261e325aeaa91ee645ae&d=128053610390731 http://www.informationgetter.com/search-results.aspx?keywords=video+cop+hijack&q=video+cop+hijack http://www.informationgetter.com/search-results.aspx?keywords=video+cop+hijack&referrer=adcomtq&camp=0-infogetter-phasrtest-adcom&group=ron&keyword=ron&q=video+cop+hijack&affiliate=rs4-1936_2379&domaingroup=ctrtest http://www.phasrws.com/search-results.aspx?keywords=Video%20Cop%20Hijack&referrer=adcomTQ&camp=0-INFOGETTER-PhasrTest-Adcom&group=RON&keyword=RON&q=Video%20Cop%20Hijack&affiliate=rs4-1936_2379&domaingroup=ctrtest http://rs4.1936_2379.asklots.com/jump1/?affiliate=rs4&subid=1936_2379&terms=video%20cop%20hijack&sid=Z215044338%40%40QMfhTM1cTO1MzX4QzNy8FNx8FO08FOyEzNzUDM4ITM&a=ef8&mr=1&rc=0 http://64.15.72.104/click_second_new3.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvJTIwY29wJTIwaGlqYWNrJnNpZD1aMjE1MDQ0MzM4JTQwJTQwUU1maFRNMWNUTzFNelg0UXpOeThGTng4Rk8wOEZPeUV6TnpVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMTI=&aff=1936&subaff=2379&time=1280537128&searcher_ip=75.37.7.111&cnt=21843&qq=video+cop+hijack&mode=&seid=cjESg8M/2Xk6RZvj+Xyww7i120kI9xLemOU+RwC1&se=YWJjc2VhcmNo&sid=9&pos=1&country=US http://64.15.72.104/click.php?go=aHR0cDovL3JzNC4xOTM2XzIzNzkuYXNrbG90cy5jb20vanVtcDEvP2FmZmlsaWF0ZT1yczQmc3ViaWQ9MTkzNl8yMzc5JnRlcm1zPXZpZGVvJTIwY29wJTIwaGlqYWNrJnNpZD1aMjE1MDQ0MzM4JTQwJTQwUU1maFRNMWNUTzFNelg0UXpOeThGTng4Rk8wOEZPeUV6TnpVRE00SVRNJmE9ZWY4Jm1yPTEmcmM9MA==&b=MC4wMTI=&aff=1936&subaff=2379&time=1280537128&searcher_ip=75.37.7.111&cnt=21843&qq=video+cop+hijack&mode=&seid=cjESg8M/2Xk6RZvj+Xyww7i120kI9xLemOU+RwC1&se=YWJjc2VhcmNo&sid=9&pos=1 http://stulus.com/?6528607e7c7c753b7f726e3f48484842474e http://67.210.14.98/redirect.php?q=video%20cop%20hijack http://67.210.14.29/?q=video%20cop%20hijack&f=2 http://www.stopzilla.com/products/stopzilla/spywareremover-white.do?aid=10372&cid=1004

Question owner

Stopzilla says so far I Downloader C and Downloader 1 trojans If you try and save the web address for this report. Click on save bookmark and when it comes up it will say firefox is being redirected to videocop.com

Also I noticed that the same probelm of redirection can occur with Yahoo, when using the yahoo tool bar.

I'm the one who also found the Bing Virus and supplied some of the above info, I sse in my case that firefox has two browsers up and one seems plagued.

The browser is being attacked so the current page will be interpreted as the redirect.

Mark

Question owner

Likewise, while the web page is on google search the icon in the tool bar already says momversation.com

Question owner

Same problems with firefox running fully up to date under vista and xp. Several weeks on xp now (as of 08/01/10) and just started on vista.

Along with the redirects to videocop, surveys.cnet cause laready loaded pages to become blank white pages, and google analytics seems to open up a full screen white page when a lot of this is going on.

Sounds like someone wrote a little bug to drive up traffic stats to me, and firefox itself seems to be infected with it.

Question owner

OK folks. I installed the Firefox Add-on 'Ghostery'...

https://addons.mozilla.org/en-US/firefox/addon/9609/

...(to augment Adblock Plus, Flagfox, NoScript, WOT, and Xmarks which I've had installed for some time now) about a day ago, and so far there have been no further Firefox redirect attempts (which, with only one exception, had been intercepted and thwarted by WOT with an assist by NoScript).

I've adjusted Ghostery's Options as follows:

- Options pane: check mark 'Enable bug list auto update' and 'Enable ghost count (shows a count of the trackers found)'.

- Look and Feel pane: c/m 'Show Alert Bubble', and 'Dismiss Alert Bubble after 15 seconds' Please note that said bubble allows one to observe what is being blocked.

- Performance pane: c/m 'Enable GhosteryLite mode for increased performance' Please note that experimenting with the other options offered here may prove to be beneficial.

- Blocking pane: click 'On' and Select: 'All'.

- Whitelist pane: I've added nothing to this, so far...

Also note that a Google search of this redirect problem will produce a number of links which claim to offer a remedy. According to WOT - Safe Browsing Tool (Web Of Trust)...

https://addons.mozilla.org/en-US/firefox/addon/3456/

...these are dangerous sites (whose aim is likely to install even worse malware). It seems then that this pesky browser redirect nonsense is a ploy aimed at herding frustrated Internet users to these attack sites. :-(

If you haven't already done so, please consider installing (directly from Mozilla) & using the Firefox add-ons mentioned in this post (Xmarks isn't security-related but it's darn useful) to enhance your browser's security.

Also, I check for system, browser, and add-on updates before commencing each new Internet session.

Question owner

Hi This is Mark,

This problem is a lot worse than I originally suspected. I have tried most of the free anti-virus and anti-trojan products with good ratings on cnet, STOPzilla, IObit360, Malwarebytes, AVG, Avira, Threatfire, ESET, McAfee, Emisoft Anti-Malware, Vipre Antivirus, I down loaded Kaspersky but had a problem installing it, I also tried Adarwe before, and Panada (not cloud). I also have the AntiLogger which didn't find anything.

Originally I was one user (Administrator priv) infected. I was unable to delete that user from another and I am seeing the problem on other user logins. The problem can also be expressed from links on other pages like the Fry's Display Link of the San Jose Mercury News, which took me to quiznexus.com or something like that for a locked browser using a popup asking me to complete the quiz "HOW WILL YOU DIE", this redirect occurred on a new admin account user, along with the VideoCOP problem currently working off of google from my computer. Adaware may be worth trying again since I first noticed the problem when uninstalling it. I have collected a bunch of data from a HiJack tool while mys browser was locked on "How Will You Die", But I disconnected my internet at that time.

This is a killer problem. I also tried disconnecting the router and relogging in and changing the password and that failed and I still have videoCOP, and the list of redirects. Also I have noticed that Explorer may become locked up if you visit an infected users files or a downloaded video. System problems may occur when trying to deal with the first infected user.

This problem could end research on the internet, but I have seen that its purpose (according to some) is to force users to certain businesses... not sure myself though. It could be an attack. If anyone finds any software to fix this problem please tell me. This level of attack requires uniform collaboration between all anti-virus and anti-malware companies.

Question owner

On almost every site I visit recently the page will load for a second and then get redirected to a page that never loads. At the bottom of the browser is a message "waiting for google analytics. Has google gone mad? Don't they have enough money????????????? Has firefox gone off the deep end. This is the most annoying thing I have every encountered with firefox AND THERE HAVE BEEN PLENTY of things in the past to annoy me. Ive adjusted cookies, deleted history, I have done private browsing I'm at my wits end. WHY IS IT DOING THIS? I basically have to reload the page then click STOP in order to view the page I need to look at. I refuse to use Exploder. This is Madness. Is this what open source is coming to? Then CLOSE IT.

Question owner

Hi Anonymous. Hi moreinternetcrap. :D

Have you tried the approach I outlined in the post immediately above both of yours?

As of this moment I've not had any Firefox browser redirects since.

  • crosses fingers*

Question owner

I developed this same problem 3 days ago in FFox 3.6.8, but already had Ghostery, AdblockPlus and WOT installed. I use ESET Nod32 on my XP SP3 desktop.

The hijack first only occured from Google search results in FFOX, but has since spread to Google search results in IE8 *AND* search results in Wikipedia (from FFOX).

There is a long delay after I click a link, after which I end up on the final hijack destination. My FFOX history shows the following 4 redirects before the final hijack destination at juggle.com/search/ :

No. 1:

http://64.111.212.234/c.php?s=eNot0kuPokAUBeAfZKL1oIqqhQsaVHAUFdoHbibWqxsVARHQTv34sZPJTU5OcpbfPVsEKHKt49jl56W3YAiI-z8RgAC4GECMKGFW4l0bhfOruCXfIlyOrZJUOhITR2CBNaeuQfxkgKIOUtxI-JdQIE5aGhcypgxk0BUSEfekiVRGAmERtdDquJz2CrZfZy_zYh-z5M_Fu9Dl3jyPh4AnQAVTHlH_vKj30T2bDkYbt-IzmuLXqO6r9b4cPWm3G1DRgTTf8ee1HZECwDg6oD_5ZJCycLHmGLy6Hl1Gst48Jvkt6u_8dsST52vvZSEtf8pi67ySanbzRVTr9Sbz73pF2n46X4DMdE0tDw0LA9GYbgWb8E4mnr6mr6_ks81Etr5IsvYjIPL1rnITFi8_Vsu-m7Zyu8nrlV8kVQwk6RqP4UKDvECDVZHOb7NX57E28YuNs706XSSaVAbdLmVJGW6RfAa4Bo9cH_Cumqs7Ws3TYOZ35ddHiMNn_F3EbfAIr_DHScnxWCx-gtFjm9G3DQRs6A4R5EPoEGs5eXc4fEsOObPAWmQVVnhxqeARqeaYkrNAYPxefs9iezp8lAKR62kW94si7sRmPLZY6bew6zBOkDQGAU6FopALaBA2GNu3PTD49yf4SRiuiBJAEFdz7GqkGfgHoprDag

No. 2:

http://68.169.92.38/c.php?re=1&r=eNot0kuPokAUBeAfZKL1oIqqhQsaVHAUFdoHbibWqxsVARHQTv34sZPJTU5OcpbfPVsEKHKt49jl56W3YAiI-z8RgAC4GECMKGFW4l0bhfOruCXfIlyOrZJUOhITR2CBNaeuQfxkgKIOUtxI-JdQIE5aGhcypgxk0BUSEfekiVRGAmERtdDquJz2CrZfZy_zYh-z5M_Fu9Dl3jyPh4AnQAVTHlH_vKj30T2bDkYbt-IzmuLXqO6r9b4cPWm3G1DRgTTf8ee1HZECwDg6oD_5ZJCycLHmGLy6Hl1Gst48Jvkt6u_8dsST52vvZSEtf8pi67ySanbzRVTr9Sbz73pF2n46X4DMdE0tDw0LA9GYbgWb8E4mnr6mr6_ks81Etr5IsvYjIPL1rnITFi8_Vsu-m7Zyu8nrlV8kVQwk6RqP4UKDvECDVZHOb7NX57E28YuNs706XSSaVAbdLmVJGW6RfAa4Bo9cH_Cumqs7Ws3TYOZ35ddHiMNn_F3EbfAIr_DHScnxWCx-gtFjm9G3DQRs6A4R5EPoEGs5eXc4fEsOObPAWmQVVnhxqeARqeaYkrNAYPxefs9iezp8lAKR62kW94si7sRmPLZY6bew6zBOkDQGAU6FopALaBA2GNu3PTD49yf4SRiuiBJAEFdz7GqkGfgHoprDag&u=ad3d56fcc54091e2ecc3885c6d1f0f6b&cid=736f1ad9670de0bbfd9a3cc03f9e8714&rc=0&pa=&ref1=&ref2=

No. 3:

http://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=byzeu1K;1UJf8dM:0II2mZL:bvL2qrIJUJnziTzXJULQutKEcTZROKtJDVICpvT4slaJL;mm:IZmAJ6vqxmwj52xC5orLZcjhJbN3vJaOnIJ4lMoJ3oxuan7XJG4BPvp5vTBMPoUOv6oJImNz4mLwZIc95vBl7Zwf;oifI10zvIi1r2AvNzPXnmUDrt6mJ2bbaZjUU2H6Uuvh3wICG2RTlzQPPu6u

No. 4:

http://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=lT5O09haDybyOyC6J:;:1IE6l0E:Y3;oUFPunr5c8yEZ06hTRrW5xuYoae;4Q0lJC1moqxtiGuWiHFyAYwtwiCLnBXePqITU2I3MSibkx0;oz9CI8zen0vPhAIUJTCj3WiltmXeRxiyI8:tMb7tFII;1uXjtyLWwcxexc:Gjb0;xD3LbVN5HAitRa3Yz1FL0lNWUUyL7ry7A26XgBrL5s15ZOy7jsrjeHk$k1&c=DBDF0B36%2D0B63%2D455B%2D9E08%2DBD3CFDB3449B

No. 5 (final destination hijack):

http://www.juggle.com/search/?t=V776044&q=rental+suv&cid=80C037B3%2D0A08%2D4418%2D8A4E%2D687BF850A020

As yet, I am unable to eliminate the issue and am having problems restarting my PC (winlogon.exe errors).

Question owner

to John Gary B.

Installed Ghostery you suggested. AND enabled web bug blocking. No redirects so far. I block all third party cookies and NOW I get to see all the other spooks who care about where i'm surfing to. THANKS.... it's just making me that much more paranoid. But I have f*&ked the f#%kers.... I hope

Question owner

Ghostery is interesting. There are so many companies out there tracking us, it is no wonder the internet works at all.

Question owner

@moreinternetcrap: enjoy it while it lasts....

@Frank C: Some GNU/Linux-based (immune to Windows malware) help:

FREE Bootable AntiVirus Rescue CDs Download List: http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Question owner

I have the EXACT same problem as moreinternetcrap.

This problem first happened to me after or around the time I got infected with conficker. conficker managed to install the fake antivirus thingie and create some phony windows security alerts as well.

I had to treat those problems with MalwareBytes and Sophos conficker removal tool, an updated AVG, and reinstall Spybot.

That apparently got rid of the conficker problems but Firefox is still hosed.

Anyone else notice a similar theme?

Question owner

@Anonymous. Have you tried uninstalling Firefox and then installing the latest version?

Question owner

Hi, I just did all of the scans with the trial version of kaspersky and found nothing. The redirect problem still was occurring when blocking everything with the ghostery addon.

Spyware Terminator picked up nothing as well as the key logger detection software. Since all browsers are effected perhaps the URL request is being changed at the last minute. I will look into Sophos, there is also something called combofix, but they recommend live support. This problem has been seen for over a year, however the setup has changed a few times.

Mark

Question owner

Hi Mark (Anonymous).

Are you the same 'Anonymous' in this thread...

How to http://results5.google.com redirects http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=664263&forumId=1

..which, in part, discusses changing router settings as a means of combating these browser redirects?

Question owner

A member of another forum I haunt found this...

Beef Taco (Targeted Advertising Cookie Opt-Out)

"Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies."

https://addons.mozilla.org/en-US/firefox/addon/180650/

...So I decided to Google Beef Taco (Targeted Advertising Cookie Opt-Out), malware to see if I could dig up anything before installing Beef Taco (five pages of search results yielded no dirt on Beef Taco although some of the sites offering it were marked by WOT as being dangerous) and from this thread...

Reviews for Targeted Advertising Cookie Opt-Out (TACO) https://addons.mozilla.org/en-US/firefox/reviews/display/11073

...I found this eye-opening post written by one Ty Evans on July 16, 2010:

"Sadly, there is no software currently available anywhere that will remove Flash Cookies. All any of these programs do at best is temporarily remove some of them. The developers of these flash cookies are very aware of all these deletion attempts, so they add a variety of codes that prevent any deletions. The programs move the cookies to several different files in the system which allows them to continuously repopulate immediately after they are removed from any of the locations. No developer of any of these deletion programs has come up with a way to find and delete these flash cookies all at the same time, and prevent them from being added again. One of the biggest culprits is Adobe with their Flash Player, along with other programs, which has always been a security risk and still is. Adobe is in cooperation with the advertising community and develops their products in cooperation with them, with features that allow advertisers to use the Adobe Flash Player to infiltrate any computer using the Flash Player and place flash cookies on any user’s system. The Adobe Flash Player therefore as a result is very vulnerable to hackers, etc. If advertisers can use it to place Flash Cookies on a user’s system, a hacker can easily place a Trojan program or any other type program on anyone’s system. The Adobe Flash Player is especially vulnerable when a user allows the Flash Player to take control of their webcam and microphone hardware. The Adobe Flash Player is FREE to the user. Adobe does not charge the user for the Flash Player; they get paid by the advertisers. That’s how Adobe makes their money for Flash Player. Even more insidious is they way Adobe provides the settings feature for Flash Player; it’s controlled by them on their site, and apparently the advertisers as well. Users who attempt to change the settings only think they are being changed. This is another way in which Adobe and the advertisers trick users. The settings will return to the original state the advertisers have programmed them for to ensure that they can continue to place Flash Cookies on a user’s system. A user can verify this by selecting the settings option, which accesses the Adobe site, then change the settings to their preferences, and then close the program. Then restart the program and access the settings again. The user will discover that the settings have been changed back to the way Adobe and the advertisers set them. There are numerous reliable sources that support these facts. Anyone who disputes them is likely a plant or part of the Adobe and advertiser ilk.

Here are a couple of sites where you can verify these facts (there are many more, just do your research):

http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

http://lifehacker.com/5334984/web-sites-using-flash-instead-of-browser-cookies-to-track-your-activity

It's sad that this is how unscrupulous these businesses are, but that's what greedy companies do everywhere. Ethics are not a part of any business like these.

Good luck!"

And a few Google search results pages later I found this must-read piece on a site named Slashdot:

Hackers Use Banner Ads on Major Sites to Hijack Your PC http://it.slashdot.org/it/07/11/19/1517209.shtml