After firefox 11.0 or Nightly (most recent version) returns search results and I click on a link, I am often redirected to a site called happili.com
I ran malwarebytes which is the one I use along with AVG Professional and problem still happened.
When I contacted malwarebytes support this is what they said:
"Fully uninstall Firefox and all user profiles, this has been found to be an add on in Firefox profiles."
So is this a Firefox problem and does this mean we should not use Firefox?
Additional System Details
A few times a week
This started when...
a week ago
- Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- iTunes Detector Plug-in
- Shockwave Flash 11.1 r102
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- Adobe Acrobat Plug-In Version 6.00 for Netscape
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
No, you actually have a virus on your computer. Download and Run TDSSKiller http://support.kaspersky.com/faq/?qid=208283363. If you are still having problems with Malware after that, I would recommend either http://www.bleepingcomputer.com/virus-removal/, or having your computer cleaned by a professional.
What Malwarebytes was recommending was creating a new Firefox profile to help eliminate the virus. It isn't a problem with Firefox, but an infection of your computer :/ Once you have the virus cleaned off, you can try running Firefox again, and hopefully you won't be having redirects. If you do, I'll walk you through creating a new profile
yes if you can please let me know how to create a new profile in Firefox that would be great. I am having the same problem when I use Nightly. I have run ALL of the malware and spyware and since the issue is intermittent I don't know if it is gone, so I'd rather create new profiles for Firefox and Nightly, thanks.
PS do you know which program installs this happili thing as an add-on?
Many thanks for your help, I really appreciate it.
To create a new profile: close Firefox and start up in the Profile Manager as described in Managing profiles. Any time you want to switch profiles, close Firefox and return to this dialog.
You actually want to create a brand new profile, and transfer your data from the old one to your new one. Use the link provided above to create a new profile, then read Recovering important data from an old profile to move your data from your old one to your new one.
There is no "firefox.exe"-p in my Mozilla Firefox folder, and the run firefox.exe -p does not do anything. basically i cannot get to the profile manager.
thanks in advance for any thoughts/guidance.
run firefox.exe -p does not do anything
On Windows 7, you type firefox.exe -p in the search box on the start menu.
The profile manager won't start up if Firefox is running (you just get a new window). Make sure to completely exit Firefox before you run it. If necessary, restart Windows to ensure that all Firefox windows are fully shut down.
Make sure to leave a space between the firefox.exe and -P
You may also need to use the full path to the Firefox program.
- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -P
that worked. i followed the steps to create a new profile, moved my bookmarks over and deleted the old profile. restarted twice, and when I try to start firefox (after a restart) it says "firefox is already running" and will not let me open it!
You also need to remove the profiles.ini file if you remove the Firefox Profile Folder manually and not via the profile manager.
okay I did this, and followed the steps in the rest of the post, it is STILL happening...so I guess it was not related to the old profile because I created a new one AND deleted the old one, restarted, deleted the profiles.ini, restarted again and it is still happening....
Are you using Google for your searches? Have you read the Google Redirect Virus threads? You might have skipped a step in the clean-up process.
I already did all that and it hasnt worked
Hi lillyhen1, I'm sorry to hear that you have this problem as well. After TDSSKiller and Malwarebytes Anti-malware do not remove the infection, you might also need to restore some Firefox settings. Or you could create a new profile and then import your bookmarks into it.
First, I recommend backing up your Firefox settings in case something goes wrong. See Backing up your information. (You can copy your entire Firefox profile folder somewhere outside of the Mozilla folder.)
Close Firefox and start up in the Profile Manager as described in Managing profiles. Any time you want to switch profiles, close Firefox and return to this dialog.
To move your bookmarks, see Recovering important data from an old profile. I think it would be wise to delay importing other settings until you confirm that the problem has been solved by the new profile, and be very selective about your add-ons.
Hope this helps.
Thank you so much for your help, i updated my antivirus, removed several unwanted programs trying to figure out if any of these were causing the issue, also deleted my profile and created a new one and so far it seems to be working thank you!
I have this problem too. TDSSKiller didn't seem to find anything amiss. Windows defender didn't either.
I found this on the net today....
I have just done this, and so far, no redirects yet. This has been an intermittent issue, so I do not know yet if this is it, but its another try in your arsenal.
Incidentally, I had installed "Translate This" to help me with some Chinese sites. For me, it wasn't a "drive-by download". I do not know if this is it, but right now I am swatting at anything that moves.
I am still having this problem as of yesterday (only with firefox and nightly NOT with Internet Explorer) and I have run ALL th the antivirus and malware programs mentioned. As of yesterday malwarebytes stopped me from going to the sites...here is what my log file says from yesterday:
2012/04/21 11:40:38 -0700 LAPTOP mdf3 IP-BLOCK 220.127.116.11 (Type: outgoing, Port: 56451, Process: firefox.exe)
2012/04/21 12:22:59 -0700 LAPTOP mdf3 IP-BLOCK 18.104.22.168 (Type: outgoing, Port: 57149, Process: firefox.exe)
2012/04/21 20:33:46 -0700 LAPTOP mdf3 IP-BLOCK 22.214.171.124 (Type: outgoing, Port: 60427, Process: firefox.exe)
Modified by mdf3
Anubi, thanks for that link. The 2 extensions I had were Translate This 2.0! and PDF Viewer 0.2.414 so I disabled. I can't see how I got it from history b/c I got it April 1 and the folks on this forum had me delete my firefox profile a week ago so my history is gone. Not sure if any of the techs here are informing firefox of these vulnerable extensions. I didn't ask or give permission for firefox to install either of them...
Any software you install can add an add-on to Firefox. In some cases, this is how "freeware" is possible: the publisher of the add-on pays the publisher of the freeware to load it on your computer along with their own software. Ethical publishers will notify you of this and give you the option to opt out (or not install either program), but some publishers do not notify you or make it very difficult to uninstall the tag-along software.
(Note: "Ethical" is my personal judgment, not a legal conclusion.)
Modified by jscher2000
thanks, right now I would like to focus on a solution, and not sure why Mozilla is not putting people on this so the Translate This! 2.0 (which looks like it comes from Mozilla?) is blocked.
Thanks, mdf3, for confirming.
I have not experienced any more redirects after disabling the Translate This! extension.
The main reason I even accepted the code is that I, too, thought it came from Mozilla.
It may not have made any difference, I wonder if anybody got a "drive-by" download and install of this, or did they, like me, install this from the Mozilla site? I think we all knew Google had been working on the translator, and figured this extension was nothing more than a button on Firefox to invoke the Google command.
Further research ( now knowing affiliation with Translate THIS! ):..
The cat is now in the bag.
Jscher2000's comment about rogue software coming as a trojan is so true. I find a lot of paid software is just as bad. I have most noted this on "businesses" which insist you run a special "viewer" for their "protected content".
It seems the money shot is to load some malware that mimics a diagnostic displaying a serious problem, then when you go online to look up some rare malady your machine is displaying, they offer a paid cure for it, which only launches yet more malware. And now, they have your credit card number! You soon dig yourself in so deep that even a professional can't get it out and you end up wiping the entire machine and reinstalling the OS from scratch. And have to get new credit card numbers.
Modified by anubi