X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

findamo.com has hijacked my homepage how can I remove it ?

Posted

My homepage in Firefox has been hijacked by www.findamo.com. Re-setting the homepage does not work. Avast, CCcleaner, Spybot and DDSKill cannot detect it as malware. It is caused by a plugin called bPortectorForWindows. It puts many java scripts on the system. The executable and dll are found in the C:\Documents And Settings\All Users\Application Data\bProtectorForWindows folder. The exe file can be removed but the dll and .settings file cannot be removed as you are informed that they are being used by another user. An entry is also found in Scheduled tasks which runs every minute called bprotect which executes se.exe from the system32 folder of Windows. The exe file can be removed and the scheduled task can be removed. After re-starting the system everything except the scheduled task has been re-created and the home page remains as www.findamo.com. I have tried stopping each running service and deleting bprotect.dll and bprotect.settings but to no avail. I have even tried to install Recovery Console from the XP CD to allow me to delete these files but I get a blue screen crash saying that either a virus is present on the HDD or it is corrupt. Running CHKDSK /F proves that the HDD is not corrupted. All plugins have been removed but the problem persists. IE8 had the same problem but it has an option to stop software from changing the desired homepage and this solved the problem for IE8 once this option was set.

Chosen solution

Thanks again mha007 from jual99. Unfortunately this did not solve the problem. I had already removed all add-ons as I thought this might be the problem. In the meantime I have found a solution which works. From http://www.neuber.com/taskmanager/ I downloaded "Security Task Manager". It is a free trial. For anyone else with the problem this is how you use it. Once the file is downloaded - run it - it will show all processes on a system and their potential security risk. Look for any entry of bProtectorForWindows and click on it. It is only shown as a low risk. Then click the remove button. It will say that it cannot be removed because it is in use by other users but gives the option of removing it the next time Windows starts - so click this option. Close "Security Task Manager" and re-boot. Once re-booted you will find that the bProtectorFoeWindows folder has actually been removed. Re-set your home page in Firefox in the usual manner and you will find that it now works fine. My thanks to neuber for their trial software

Read this answer in context 8

Additional System Details

This happened

Every time Firefox opened

This started when...

15th May 2012

Installed Plug-ins

All have been removed

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0

More Information

Name
Firefox
Version
12.0
User Agent
Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Profile Directory
Enabled Plugins
about:plugins
Build Configuration
about:buildconfig
Crash Reports
about:crashes
Memory Use
about:memory
Extensions
Name
Version
Enabled
ID
Important Modified Preferences
Name
Value
accessibility.blockautorefreshtruebrowser.cache.disk.capacity1048576browser.cache.disk.smart_size.first_runfalsebrowser.cache.disk.smart_size_cached_value1048576browser.places.smartBookmarksVersion2browser.startup.homepagehttp://www.findamo.com?ch=12&cid=275browser.startup.homepage_override.buildID20120420145725browser.startup.homepage_override.mstonerv:12.0extensions.lastAppVersion12.0keyword.URLhttp://www.findamo.com/search.html?ch=12&cid=275&q=network.cookie.prefsMigratedtrueplaces.history.expiration.transient_current_max_pages93634privacy.sanitize.migrateFx3Prefstrue
Graphics
Adapter DescriptionNVIDIA Quadro NVS 160MVendor ID0x10deDevice ID0x06ebAdapter RAMUnknownAdapter Driversnv4_dispDriver Version6.14.11.8992Driver Date5-12-2010WebGL RendererBlocked for your graphics driver version. Try updating your graphics driver to version 257.21 or newer.GPU Accelerated Windows0. Blocked for your graphics driver version. Try updating your graphics driver to version 257.21 or newer.

philipp
  • Top 10 Contributor
  • Moderator
2042 solutions 8891 answers

hello, go to help > troubleshooting information & click on the "show folder" button next to profile directory. a explorer windows should open up. in this folder look out for a file called user.js and delete/rename it & restart firefox to see if the homepage settings are kept afterwards.

you can also use the free version of malwarebytes to run a full scan of your system: http://www.malwarebytes.org/products/malwarebytes_free

Hasan 477 solutions 5600 answers

You said:

  • "The executable and dll are found in the C:\Documents And Settings\All Users\Application Data\bProtectorForWindows folder."
  • "An entry is also found in Scheduled tasks which runs every minute called bprotect which executes se.exe from the system32 folder of Windows."
  • "I have tried stopping each running service and deleting bprotect.dll and bprotect.settings but to no avail."

Perform the suggestions mentioned below:

1) Restart your Windows in Safe Mode as described in the following article:

  • http://support.microsoft.com/kb/315265
  • Uninstall suspicious/unknown softwares from Control Panel -> Add/Remove Programs
  • Delete ALL the files you pointed-out while using your Windows in Safe Mode
  • Also perform the following suggestions while your Windows is in Safe Mode.

2) Is my Firefox problem a result of MALWARE ??

-> Do a MALWARE check with these Malware Scanning programs. You need to scan with all programs because each program detects different malware. Make sure that you UPDATE each program to get the latest version of their Databases before doing a Scan. Also, Close All other Applications (softwares) before Starting to Run Scans.

-> After performing all the above steps, now Restart your system.

3) Reset your homepage as described in this article -> Restore the default home page

Check and tell if its working.

Helpful Reply

Thank you all for your assistance from jual99. In safe mode the suspect files cannot be deleted. Malwarebytes' Anti-Malware found nothing. SuperAntispyware was the best as it found 2 entries for bprotect and was able to delete them - however the problem still exists. Spybot found nothing. Ad-Ware found nothing. Microsoft Safety Scanner found nothing. Windows Defender found nothing. TDSSKiller which I have tried previously also found nothing I will keep trying and post a result when and if I am successful.

Hasan 477 solutions 5600 answers

Start Firefox in -> Troubleshoot Firefox issues using Safe Mode to check if your add-ons/extensions are causing the problems.

Check and tell if its working normally while using Firefox in Troubleshoot Firefox issues using Safe Mode.

Chosen Solution

Thanks again mha007 from jual99. Unfortunately this did not solve the problem. I had already removed all add-ons as I thought this might be the problem. In the meantime I have found a solution which works. From http://www.neuber.com/taskmanager/ I downloaded "Security Task Manager". It is a free trial. For anyone else with the problem this is how you use it. Once the file is downloaded - run it - it will show all processes on a system and their potential security risk. Look for any entry of bProtectorForWindows and click on it. It is only shown as a low risk. Then click the remove button. It will say that it cannot be removed because it is in use by other users but gives the option of removing it the next time Windows starts - so click this option. Close "Security Task Manager" and re-boot. Once re-booted you will find that the bProtectorFoeWindows folder has actually been removed. Re-set your home page in Firefox in the usual manner and you will find that it now works fine. My thanks to neuber for their trial software

aimhigh4once 0 solutions 2 answers

I have done all of the above and still no resolution...including the neuber. I am at a loss:(

philipp
  • Top 10 Contributor
  • Moderator
2042 solutions 8891 answers

hello, aimhigh4once - did any of the tools you've used pick up & remove the bprotector program running on your pc? you can double-check by downloading & installing hijackthis and see if anything referencing to bprotector is remaining in your configuration (if so, select & fix the entry).

if everything is cleared & the findamo homepage is still showing up after each restart of firefox, please go to firefox > help > troubleshooting information & click the "show folder" button next to profile directory. a new explorer window should open up, in there search for a file called user.js and rename it to something like olduser.js.

How to fix preferences that won't save

aimhigh4once 0 solutions 2 answers

I updated superspyware this am. It picked up 5 of their adwares. I removed them all. Then I went to my computer and deleted all programs that were from 5/23/2012. I have been able now to change my homepage back to roadrunner. Thank you everyone for your help:) Have a great Memorial Day weekend. I will be staying home since its race weekend here and moving about the city is difficult and Thanks again:D

johnbrown 0 solutions 1 answers

Hello Owner.....Your suggestion worked like a charm. Many,many thanks !!!....I am very computer iterate and was going to manually edit my registry tonight....now I don't have too !!!

karlasillen 0 solutions 1 answers

(Findamo actually comes with an uninstaller so its very easy to uninstall it. Just go to control panel and click on the uninstall button.

Modified by karlasillen