X
Tap here to go to the mobile version of the site.

Support Forum

Got a terrible virus which operated mostly on FF. Had reinstall and erase all bookmarks and settings. How do I retrieve my bookmarks without getting the virus?

Posted

The virus took over FF mainly, I managed to clean the computer with the help of Bleeping Computer forum, with many cleaning tools, but the virus must have taken the form of some kind of hijacking add on that leached on to FF, and did not disappear. Only when I uninstalled ff including bookmarks and preferences, did it finally disappear (or so it seems, currently). Now I want to get my bookmarks back but I'm afraid once I log in to sync, somehow either through bookmarks or preferences the virus will return. I do have an older computer that is synced to my FF account, but this computer was turned off during the whole virus episode, so I'm also afraid when I start using that computer it will contract the virus as well. Is there a way to sync my FF to an older date, before I got that horrible virus? What can I do? Thanks a lot for all your help!!

The virus took over FF mainly, I managed to clean the computer with the help of Bleeping Computer forum, with many cleaning tools, but the virus must have taken the form of some kind of hijacking add on that leached on to FF, and did not disappear. Only when I uninstalled ff including bookmarks and preferences, did it finally disappear (or so it seems, currently). Now I want to get my bookmarks back but I'm afraid once I log in to sync, somehow either through bookmarks or preferences the virus will return. I do have an older computer that is synced to my FF account, but this computer was turned off during the whole virus episode, so I'm also afraid when I start using that computer it will contract the virus as well. Is there a way to sync my FF to an older date, before I got that horrible virus? What can I do? Thanks a lot for all your help!!

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.9 r900
  • 5.1.20913.0
  • VLC media player Web Plugin 2.0.6
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.3.133
  • NPWLPG

Application

  • Firefox 25.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
  • Support URL: https://support.mozilla.org/1/firefox/25.0.1/WINNT/en-US/

Extensions

  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • MyWordTool 0.1 (emily@wilford.biz) (Inactive)
  • Skype Click to Call 6.13.0.13771 ({82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 4000
  • adapterDescription2: NVIDIA GeForce GT 650M
  • adapterDeviceID: 0x0166
  • adapterDeviceID2: 0x0fd1
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
  • adapterDrivers2: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterRAM: Unknown
  • adapterRAM2: 2048
  • adapterVendorID: 0x8086
  • adapterVendorID2: 0x10de
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.16384
  • driverDate: 10-1-2013
  • driverDate2: 8-29-2013
  • driverVersion: 10.18.10.3316
  • driverVersion2: 9.18.13.2702
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 4000 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 10

Modified Preferences

  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131112160018
  • browser.startup.homepage_override.buildID: 20131112160018
  • browser.startup.homepage_override.mstone: 25.0.1
  • extensions.lastAppVersion: 25.0.1
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1384927715
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.sanitize.migrateFx3Prefs: True
  • storage.vacuum.last.index: 0
  • storage.vacuum.last.places.sqlite: 1384927715

Misc

  • User JS: No
  • Accessibility: No
John99 971 solutions 13138 answers

It is probably unlikely that you will be able to get a virus from uploading bookmarks. That is something that your malware forum at BleepingComputer should be able to advise you about.

It seems rather odd that the forum should advise delete your bookmarks. I would have hoped they would have advised first of all backing up and quarantining your Firefox Profile and or bookmarks.

It is may understanding that Sync is likely to be deprecated in the future and development has ceased. Sync is NOT intended to be a bookmarks backup itself, it is only to allow you to sync, and possibly then consider the synced device as a backup of sorts. You could try syncing the old machine.

There is not too much that can be done reliably without proper backups. Macs may use TimeMachine, and Windows may use Previous Versions

It is probably unlikely that you will be able to get a virus from uploading bookmarks. That is something that your malware forum at BleepingComputer should be able to advise you about. It seems rather odd that the forum should advise delete your bookmarks. I would have hoped they would have advised first of all backing up and quarantining your Firefox Profile and or bookmarks. It is may understanding that Sync is likely to be deprecated in the future and development has ceased. Sync is NOT intended to be a bookmarks backup itself, it is only to allow you to sync, and possibly then consider the synced device as a backup of sorts. You could try syncing the old machine. There is not too much that can be done reliably without proper backups. Macs may use TimeMachine, and Windows may use Previous Versions * see http://windows.microsoft.com/en-US/windows7/Previous-versions-of-files-frequently-asked-questions there is a posibility you could retrive bookmarks from that. Anything of value will be in the Firefox profile. You will need to look for your bookmarks backup folder, or the database file "places.sqlite"

Question owner

Thanks for your reply, John. They didn't (Bleeping computer forum) tell me to delete, I did it on my own before contacting them, but I do have all my bookmarks synced in the other computer, I was just worried about using it and was afraid it would also contract the virus once ff is on and synced. Since then the other computer was used, inadvertently, by my son. It turns out that the home page was changed, but luckily we didn't click on anything and deleted it right away, so there was no chance to contract the virus that way. I also deleted any other bookmarks that I thought were added or that I visited on the morning of the virus attack. I was also able to look into history and see exactly all the websites which gave me that problem. It looks like the old computer is safe, but I still didn't sync it with the new one because the new one is still behaving a bit oddly. I'm waiting for help at the BC forum. The interesting thing is that this virus seems to have been especially designed and tailored to attack FF although someone on the forum claims it attacked their Chrome browser. I love FF and only use it for browsing, always using script and ad blockers as well as WOT filters, always feeling safe from viruses that way. However, I suppose also that the ability to modify and engineer and add on to it makes FF also more vulnerable for change and malware attacks?

Thanks for your reply, John. They didn't (Bleeping computer forum) tell me to delete, I did it on my own before contacting them, but I do have all my bookmarks synced in the other computer, I was just worried about using it and was afraid it would also contract the virus once ff is on and synced. Since then the other computer was used, inadvertently, by my son. It turns out that the home page was changed, but luckily we didn't click on anything and deleted it right away, so there was no chance to contract the virus that way. I also deleted any other bookmarks that I thought were added or that I visited on the morning of the virus attack. I was also able to look into history and see exactly all the websites which gave me that problem. It looks like the old computer is safe, but I still didn't sync it with the new one because the new one is still behaving a bit oddly. I'm waiting for help at the BC forum. The interesting thing is that this virus seems to have been especially designed and tailored to attack FF although someone on the forum claims it attacked their Chrome browser. I love FF and only use it for browsing, always using script and ad blockers as well as WOT filters, always feeling safe from viruses that way. However, I suppose also that the ability to modify and engineer and add on to it makes FF also more vulnerable for change and malware attacks?
John99 971 solutions 13138 answers

Hi again Iris,

BC Forum & snap.do

 I'm waiting for help at the BC forum. The interesting thing is that this virus seems to have been especially designed and tailored to attack FF although someone on the forum claims it attacked their Chrome browser.

I found one of your BC threads and notice mention of snap.do.

I suggest you continue taking advice from BC, they are experts on this sort of thing. You could have more than one problem and multiple adware/malware. Some of these adware toolbars have removal tools that work, but there is the possibility of getting even worse problems by following the wrong or outdated advice. Part of the removal process may involve registry hacks and it is wise to get one-to-one advice on how to do that safely.

As I said follow BC advice but you may be interested in some background info.

Preserve & backup bookmarks now on both machines
You may get problems from opening bookmark and especially installing software from the bookmarked sites, but it is probably safe to back up your bookmarks. It is important to note that standard bookmark importing in Firefox completely overwrites current bookmarks so it is advisable to backup bookmarks by exporting them before and after any changes or restores.

The planned replacement for Sync will likely be a proper backup service but you should not rely on the current Firefox Sync for backup purposes. You should make sure you have independent bookmark backup on a second device & probably separate backup files.

  1. Please post back with how you get on in making the backup files and following BC advice.
  2. Have you anything else important for Firefox on the old or current machine ?
    Passwords and login details for instance stored automatically by Firefox ?
Hi again Iris, <u>BC Forum & ''snap''.''do''</u><br /> '' I'm waiting for help at the BC forum. The interesting thing is that this virus seems to have been especially designed and tailored to attack FF although someone on the forum claims it attacked their Chrome browser.'' I found one of your BC threads and notice mention of ''snap''.''do''. * http://www.bleepingcomputer.com/forums/t/514850/hijacked-by-surveyssnapdo-redirects-video-player-fake-adobe-cant-run-dds/ I suggest you continue taking advice from BC, they are experts on this sort of thing. You could have more than one problem and multiple adware/malware. Some of these adware toolbars have removal tools that work, but there is the possibility of getting even worse problems by following the wrong or outdated advice. Part of the removal process may involve registry hacks and it is wise to get one-to-one advice on how to do that safely. As I said follow BC advice but you may be interested in some background info. * I believe ''snap''.''do'' installs globally and affects other browsers also see <br /> http://www.telegraph.co.uk/technology/advice/10323797/What-is-Snap.do-Toolbar.html <br />(Note ''snap''.''do'' is a website and toolbar rather than a virus.) *Other threads in this forum show users have successfully removed ''snap''.''do'' look at this thread and the threads and other information it links to <br /> ''Remove completely ''snap''.''do'', restart and it still persist''[/questions/968709] <u>Preserve & backup bookmarks now on both machines</u><br /> You may get problems from opening bookmark and especially installing software from the bookmarked sites, but it is probably safe to back up your bookmarks. It is important to note that standard bookmark importing in Firefox completely overwrites current bookmarks so it is advisable to backup bookmarks by exporting them before and after any changes or restores. * Follow this advice to '''create the backup files''' <br /> [[Restore bookmarks from backup or move them to another computer#w_manual-backup]]'''_manual-backup''' The planned replacement for Sync will likely be a proper backup service but you should not rely on the current Firefox Sync for backup purposes. You should make sure you have independent bookmark backup on a second device & probably separate backup files. #Please post back with how you get on in making the backup files and following BC advice. #Have you anything else important for Firefox on the old or current machine ? <br />Passwords and login details for instance stored automatically by Firefox ?