Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox is being redirected to

  • 50 replies
  • 429 have this problem
  • Last reply by michael2

more options

For the past several days WOT has been intercepting random attempts to redirect Firefox 3.6.8 (running on fully up-to-date 64 bit Ubuntu 10.04 LTS) to various dangerous web sites. The most recent attempt was to:

URL of affected sites

All Replies (20)

more options

Do you have that problem when running in the Firefox SafeMode? Don't select anything right now, just use "Continue in SafeMode."

If not, see this:

more options

Hi the-edmeister. Thank you for responding.

I started Firefox in safe mode as per your instructions (Ff ran noticably faster) and this page...

...opened simultaneously with another which I was trying to visit. Afterwards I visited a few more pages without anymore redirect attempts, and then decided to quit Firefox because I'm not comfortable running it without: Adblock Plus, WOT, NoScript, Flagfox, and Xmarks.

And after I quit Firefox I saw this in Terminal:

john@acer:~$ firefox -safe-mode

      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Viewer *** WARNING: unhandled variable 18 () in NPN_GetValue()
      • NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue()


Yesterday I had used Firefox's Clear Recent History option to: clear everything, quit Firefox, restart it, and then resynchronized all of my bookmarks and passwords via Xmarks. Shortly afterwards I experienced yet more redirect attempts which were fortunately intercepted by a combination of WOT and NoScript.

BTW. These redirect attempts only started less than a week ago.

more options

Here are some more facts. At first I went to videoCOP, than started showing up.

The problem seems to pivot around which goes through a list of redirects so that every time you go to that web site in a row you will be redirected to a new web site.

The first site I wen to was The next time I went to the URL K-directory which is over all police service directory.

What's up with I couldn't find it in my registry it may be hard coded.

Any problem with google and China?

more options

There is something under the momversation issue on the web called the Bing Virus.

I have now been redirected to and after going to Bing Virus Removal website. I don't recommend downloading software from these sites, I'd feel better about cnet. One of the redirects recommended stopZilla.

There may be more than on virus, I did experience a problem while downloading windows updates where bing took over firefox asking me to install it in firefox. I am not sure about how long I have been experiencing VideoCOP hijack. There are kinds of virus mentions regarding momversation. Redirects could render the entire web useless.;ro=1;rc=1;digest=c58333c757a36a555d247cec1388f305;kid=89ed245fc43bd65eb99dcf9651408a2b;t=1280540397;v=8;data=kYRvXjSRn21PsGW7Tc2pko7JzgSGCMaheo__wx3Azm7G3jo03LioYndKbhwZ7Jk1_AoETm4A0ckMQnDJ67fbGI2z_otK1AOAWz5ZGetYTJ9svIcQjrOkqVY0RuUyjJKRdUVpvoX8hIVnwyXNcM5GJtDqP4GffFrAYR9kJLqxrGAg1tD2Q2GGog;uh=103x3799641002524859530;la=961442;lm=1287031;ad=707883916;ag=710096645;kw=781533653;qt=videocop%20url;vr=20;lt=BM;ip=;pt=;st=;os=654.;sy=keyword;my=ROC;geo=894417;vid=0;subid=8002.1936_2379;opi=advp;ii=4282.3f8a.4c537eed.b68;pn=;to=;tc=1;po=1;pc=1;pi=advp;ts=;rm=|;3yCoTE4;8rUD5ffHST:FXK4DXF5Xpi7;HcfM38:1qzw7zxyDlPGFqf5;JG3Y3kqg0CcZ7RqgRBB3:hG;baUd9pYzJGcVjYG25aIzJm9jQx5;3hGg59qF3l397kWFdpIX8jYzJoMonYqzqutYXFwX:X7ZdPwr1pqrb$O&c=E9BBE699%2D30B9%2D4D87%2DA02E%2D77AC38B046C4;2HMEZO6Kv9TorEA9V8M7LKAOTUFNJKdiZu0wpO6Xi3V;LOyBnPis1uQzjCxK;,1024,0,0,1272,801×tamp=1280538913&sig=03a6b2deefaf14de5411521fb20b88fe&a=1&pid=p_rs01&ip=;_ylt=AmNXDluGRVlxT.jl503QYxZ07hR.;_ylv=3?qid=20100722144622AAmBFDm&cid=396545665&state=resolved;_ylt=A0geupfEdFNM7l8BUQZXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDU21EajdFb0c3N2tIVjFkLlRGTndpQTNhU3lVSGIweFRkTVFBQ0wxMARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCB1cmwgcmVkaXJlY3QEc2FvAzEEdnRlc3RpZANhdmc-?p=videoCop+url+redirect&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0oG7_urdFNM5TcBAStXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDX205enNrb0c3N2tIVjFkLlRGTndpQUU1U3lVSGIweFRkS3NBQWptVARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCB1cmwgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=videoCop+url+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0oG786adFNMOqUAt_JXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDRk5OQ04wb0c3N2tIVjFkLlRGTndpQVk0U3lVSGIweFRkSm9BQzdNWQRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb0NvcCBmaXJlZm94IHByb2JsZW0gaXNzdWUgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=videoCop+firefox+problem+issue+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0geu1lKc1NMaTEARQpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDLndKcV8wb0c3N2tIVjFkLlRGTndpQWF1U3lVSGIweFRjMG9BQUZ0dgRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQNwcm9tby52aWRlb0NvcCBmaXJlZm94IHByb2JsZW0gaXNzdWUgaGlqYWNrBHNhbwMxBHZ0ZXN0aWQDYXZn?p=promo.videoCop+firefox+problem+issue+hijack&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0geuponc1NMS00BFa5XNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDUU1Galprb0c3N2tIVjFkLlRGTndpQXNiU3lVSGIweFRjeWNBQWxHTwRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb2NvcCBmaXJlZm94BHNhbwMxBHZ0ZXN0aWQDYXZn?p=videocop+firefox&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0oG76itclNMCOcAoTZXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDWlpuVXRFb0c3N2tIVjFkLlRGTndpQTRtU3lVSGIweFRjcTBBRGhHeARuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlb2NvcCBwcm9ibGVtIGZpcmVmb3gEc2FvAzEEdnRlc3RpZANhdmc-?p=videocop+problem+firefox&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us;_ylt=A0geupuSclNMw2QBMqVXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGFvAzAEZnIDeWhzLWF2Z2IEaG9zdHB2aWQDNjhwVUFVb0c3N2tIVjFkLlRGTndpQVJ0U3lVSGIweFRjcElBQlVnRwRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN2aWRlbyBjb3AgcmVkaXJlY3Rpb24Ec2FvAzEEdnRlc3RpZANhdmc-?p=video+cop+redirection&fr2=sb-top&fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us

more options

Stopzilla says so far I Downloader C and Downloader 1 trojans If you try and save the web address for this report. Click on save bookmark and when it comes up it will say firefox is being redirected to

Also I noticed that the same probelm of redirection can occur with Yahoo, when using the yahoo tool bar.

I'm the one who also found the Bing Virus and supplied some of the above info, I sse in my case that firefox has two browsers up and one seems plagued.

The browser is being attacked so the current page will be interpreted as the redirect.


more options

Likewise, while the web page is on google search the icon in the tool bar already says

more options

Same problems with firefox running fully up to date under vista and xp. Several weeks on xp now (as of 08/01/10) and just started on vista.

Along with the redirects to videocop, surveys.cnet cause laready loaded pages to become blank white pages, and google analytics seems to open up a full screen white page when a lot of this is going on.

Sounds like someone wrote a little bug to drive up traffic stats to me, and firefox itself seems to be infected with it.

more options

OK folks. I installed the Firefox Add-on 'Ghostery'...

...(to augment Adblock Plus, Flagfox, NoScript, WOT, and Xmarks which I've had installed for some time now) about a day ago, and so far there have been no further Firefox redirect attempts (which, with only one exception, had been intercepted and thwarted by WOT with an assist by NoScript).

I've adjusted Ghostery's Options as follows:

- Options pane: check mark 'Enable bug list auto update' and 'Enable ghost count (shows a count of the trackers found)'.

- Look and Feel pane: c/m 'Show Alert Bubble', and 'Dismiss Alert Bubble after 15 seconds' Please note that said bubble allows one to observe what is being blocked.

- Performance pane: c/m 'Enable GhosteryLite mode for increased performance' Please note that experimenting with the other options offered here may prove to be beneficial.

- Blocking pane: click 'On' and Select: 'All'.

- Whitelist pane: I've added nothing to this, so far...

Also note that a Google search of this redirect problem will produce a number of links which claim to offer a remedy. According to WOT - Safe Browsing Tool (Web Of Trust)...

...these are dangerous sites (whose aim is likely to install even worse malware). It seems then that this pesky browser redirect nonsense is a ploy aimed at herding frustrated Internet users to these attack sites. :-(

If you haven't already done so, please consider installing (directly from Mozilla) & using the Firefox add-ons mentioned in this post (Xmarks isn't security-related but it's darn useful) to enhance your browser's security.

Also, I check for system, browser, and add-on updates before commencing each new Internet session.

more options

Hi This is Mark,

This problem is a lot worse than I originally suspected. I have tried most of the free anti-virus and anti-trojan products with good ratings on cnet, STOPzilla, IObit360, Malwarebytes, AVG, Avira, Threatfire, ESET, McAfee, Emisoft Anti-Malware, Vipre Antivirus, I down loaded Kaspersky but had a problem installing it, I also tried Adarwe before, and Panada (not cloud). I also have the AntiLogger which didn't find anything.

Originally I was one user (Administrator priv) infected. I was unable to delete that user from another and I am seeing the problem on other user logins. The problem can also be expressed from links on other pages like the Fry's Display Link of the San Jose Mercury News, which took me to or something like that for a locked browser using a popup asking me to complete the quiz "HOW WILL YOU DIE", this redirect occurred on a new admin account user, along with the VideoCOP problem currently working off of google from my computer. Adaware may be worth trying again since I first noticed the problem when uninstalling it. I have collected a bunch of data from a HiJack tool while mys browser was locked on "How Will You Die", But I disconnected my internet at that time.

This is a killer problem. I also tried disconnecting the router and relogging in and changing the password and that failed and I still have videoCOP, and the list of redirects. Also I have noticed that Explorer may become locked up if you visit an infected users files or a downloaded video. System problems may occur when trying to deal with the first infected user.

This problem could end research on the internet, but I have seen that its purpose (according to some) is to force users to certain businesses... not sure myself though. It could be an attack. If anyone finds any software to fix this problem please tell me. This level of attack requires uniform collaboration between all anti-virus and anti-malware companies.

more options

On almost every site I visit recently the page will load for a second and then get redirected to a page that never loads. At the bottom of the browser is a message "waiting for google analytics. Has google gone mad? Don't they have enough money????????????? Has firefox gone off the deep end. This is the most annoying thing I have every encountered with firefox AND THERE HAVE BEEN PLENTY of things in the past to annoy me. Ive adjusted cookies, deleted history, I have done private browsing I'm at my wits end. WHY IS IT DOING THIS? I basically have to reload the page then click STOP in order to view the page I need to look at. I refuse to use Exploder. This is Madness. Is this what open source is coming to? Then CLOSE IT.

more options

Hi Anonymous. Hi moreinternetcrap. :D

Have you tried the approach I outlined in the post immediately above both of yours?

As of this moment I've not had any Firefox browser redirects since.

  • crosses fingers*
more options

I developed this same problem 3 days ago in FFox 3.6.8, but already had Ghostery, AdblockPlus and WOT installed. I use ESET Nod32 on my XP SP3 desktop.

The hijack first only occured from Google search results in FFOX, but has since spread to Google search results in IE8 *AND* search results in Wikipedia (from FFOX).

There is a long delay after I click a link, after which I end up on the final hijack destination. My FFOX history shows the following 4 redirects before the final hijack destination at :

No. 1:

No. 2:

No. 3:;1UJf8dM:0II2mZL:bvL2qrIJUJnziTzXJULQutKEcTZROKtJDVICpvT4slaJL;mm:IZmAJ6vqxmwj52xC5orLZcjhJbN3vJaOnIJ4lMoJ3oxuan7XJG4BPvp5vTBMPoUOv6oJImNz4mLwZIc95vBl7Zwf;oifI10zvIi1r2AvNzPXnmUDrt6mJ2bbaZjUU2H6Uuvh3wICG2RTlzQPPu6u

No. 4:;:1IE6l0E:Y3;oUFPunr5c8yEZ06hTRrW5xuYoae;4Q0lJC1moqxtiGuWiHFyAYwtwiCLnBXePqITU2I3MSibkx0;oz9CI8zen0vPhAIUJTCj3WiltmXeRxiyI8:tMb7tFII;1uXjtyLWwcxexc:Gjb0;xD3LbVN5HAitRa3Yz1FL0lNWUUyL7ry7A26XgBrL5s15ZOy7jsrjeHk$k1&c=DBDF0B36%2D0B63%2D455B%2D9E08%2DBD3CFDB3449B

No. 5 (final destination hijack):

As yet, I am unable to eliminate the issue and am having problems restarting my PC (winlogon.exe errors).

more options

to John Gary B.

Installed Ghostery you suggested. AND enabled web bug blocking. No redirects so far. I block all third party cookies and NOW I get to see all the other spooks who care about where i'm surfing to. THANKS.... it's just making me that much more paranoid. But I have f*&ked the f#%kers.... I hope

more options

Ghostery is interesting. There are so many companies out there tracking us, it is no wonder the internet works at all.

more options

@moreinternetcrap: enjoy it while it lasts....

@Frank C: Some GNU/Linux-based (immune to Windows malware) help:

FREE Bootable AntiVirus Rescue CDs Download List:

more options

I have the EXACT same problem as moreinternetcrap.

This problem first happened to me after or around the time I got infected with conficker. conficker managed to install the fake antivirus thingie and create some phony windows security alerts as well.

I had to treat those problems with MalwareBytes and Sophos conficker removal tool, an updated AVG, and reinstall Spybot.

That apparently got rid of the conficker problems but Firefox is still hosed.

Anyone else notice a similar theme?

more options

@Anonymous. Have you tried uninstalling Firefox and then installing the latest version?

more options

Hi, I just did all of the scans with the trial version of kaspersky and found nothing. The redirect problem still was occurring when blocking everything with the ghostery addon.

Spyware Terminator picked up nothing as well as the key logger detection software. Since all browsers are effected perhaps the URL request is being changed at the last minute. I will look into Sophos, there is also something called combofix, but they recommend live support. This problem has been seen for over a year, however the setup has changed a few times.


more options

Hi Mark (Anonymous).

Are you the same 'Anonymous' in this thread...

How to redirects

..which, in part, discusses changing router settings as a means of combating these browser redirects?

more options

A member of another forum I haunt found this...

Beef Taco (Targeted Advertising Cookie Opt-Out)

"Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies."

...So I decided to Google Beef Taco (Targeted Advertising Cookie Opt-Out), malware to see if I could dig up anything before installing Beef Taco (five pages of search results yielded no dirt on Beef Taco although some of the sites offering it were marked by WOT as being dangerous) and from this thread...

Reviews for Targeted Advertising Cookie Opt-Out (TACO)

...I found this eye-opening post written by one Ty Evans on July 16, 2010:

"Sadly, there is no software currently available anywhere that will remove Flash Cookies. All any of these programs do at best is temporarily remove some of them. The developers of these flash cookies are very aware of all these deletion attempts, so they add a variety of codes that prevent any deletions. The programs move the cookies to several different files in the system which allows them to continuously repopulate immediately after they are removed from any of the locations. No developer of any of these deletion programs has come up with a way to find and delete these flash cookies all at the same time, and prevent them from being added again. One of the biggest culprits is Adobe with their Flash Player, along with other programs, which has always been a security risk and still is. Adobe is in cooperation with the advertising community and develops their products in cooperation with them, with features that allow advertisers to use the Adobe Flash Player to infiltrate any computer using the Flash Player and place flash cookies on any user’s system. The Adobe Flash Player therefore as a result is very vulnerable to hackers, etc. If advertisers can use it to place Flash Cookies on a user’s system, a hacker can easily place a Trojan program or any other type program on anyone’s system. The Adobe Flash Player is especially vulnerable when a user allows the Flash Player to take control of their webcam and microphone hardware. The Adobe Flash Player is FREE to the user. Adobe does not charge the user for the Flash Player; they get paid by the advertisers. That’s how Adobe makes their money for Flash Player. Even more insidious is they way Adobe provides the settings feature for Flash Player; it’s controlled by them on their site, and apparently the advertisers as well. Users who attempt to change the settings only think they are being changed. This is another way in which Adobe and the advertisers trick users. The settings will return to the original state the advertisers have programmed them for to ensure that they can continue to place Flash Cookies on a user’s system. A user can verify this by selecting the settings option, which accesses the Adobe site, then change the settings to their preferences, and then close the program. Then restart the program and access the settings again. The user will discover that the settings have been changed back to the way Adobe and the advertisers set them. There are numerous reliable sources that support these facts. Anyone who disputes them is likely a plant or part of the Adobe and advertiser ilk.

Here are a couple of sites where you can verify these facts (there are many more, just do your research):

It's sad that this is how unscrupulous these businesses are, but that's what greedy companies do everywhere. Ethics are not a part of any business like these.

Good luck!"

And a few Google search results pages later I found this must-read piece on a site named Slashdot:

Hackers Use Banner Ads on Major Sites to Hijack Your PC

  1. 1
  2. 2
  3. 3