Risposte recenti a Firefox is being redirected to www.videocop.comhttps://support.mozilla.org/it/questions/7399862010-09-02T08:19:19-07:00I was infected by the VideoCop bug, and it took me long time to figure out how to get rid of it. I’2010-09-02T08:19:19-07:00michael2https://support.mozilla.org/it/questions/739986?page=3#answer-100968<p>I was infected by the VideoCop bug, and it took me long time to figure out how to get rid of it. I’m really impressed by the ingenuity of its developers. It’s unlike any Malware I’ve ever dealt with before.
</p><pre> First off, let me go over the symptoms. You will frequently see advertisements for VideoCop on legitimate, well respected web sites that would never allow malicious web sites to advertise on their web pages. Mostly these ads show up on Google ad space.
Firefox frequently hangs as it’s trying to contact Google analytics.
After doing a Google search, and clicking on a result, you will be taken you to an unrelated, malicious web site, but if you “back arrow” to the results and click the link again, you will go to the correct web site.
The root of the problem is not on your computer, it’s on your router. Somehow, and I’m not quite sure how, the DNS entries on your router have been changed. I have a Linksys WRT54G v6.0 with the latest firmware, and the default password was changed the day I turned it on. My Wi-Fi security is enabled, even with MAC filtering. For the record, the DNS servers were 213.109.68.7, 213.109.73.245, 1.1.1.1.
I can only think of two ways this happened. Most likely, the Malware used my router’s password that was cached in my browser, or there is a vulnerability in the router that is being exploited. If the VideoCop hackers are using a vulnerability, there’s nothing we can do to prevent this from happening again except wait for Linksys to release a new firmware that fixes the vulnerability. But if it’s using a cached password, the solution is to never cache your router’s password.
To resolve this problem, first log into your router and change your password, and log back in with the new password. If IE or Firefox asks you if it should remember your password say “No”. Now clear the DNS servers (all 3) by putting 0’s in the boxes. 0.0.0.0 will tell your router to use your IPS’s DNS settings which are obtained as part of the DHCP protocol. Now fully scan your computer with MalWareBytes, Spybot Search and Destroy, and any other Spyware remover. Also, do a full scan with your resident antivirus since you’ve possibly picked up a few spywares with all of the VideoCop forwards you’ve been experiencing.
I hope this helps.
</pre>Here are the whois searches of the DNS addresses suggested by 'cheepgeeze...'...
208.67.222.222 http2010-08-24T08:56:46-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-31241<p>Here are the whois searches of the DNS addresses suggested by 'cheepgeeze...'...
</p><p>208.67.222.222 <a href="http://whois.domaintools.com/208.67.222.222" rel="nofollow">http://whois.domaintools.com/208.67.222.222</a>
</p><pre>208.67.222.220 <a href="http://whois.domaintools.com/208.67.222.220" rel="nofollow">http://whois.domaintools.com/208.67.222.220</a>
</pre>
<p><br>
...both of which resolve to OpenDNS... <a href="http://www.opendns.com/" rel="nofollow">http://www.opendns.com/</a>
</p><p>...who offer a range of commercial and free DNS services.
</p><p>And here are some other options offered as Ubuntu how-to's:
</p><p>How To Change Your DNS Address In Ubuntu 10.04 Lucid Lynx
<a href="http://www.liberiangeek.net/2010/08/change-dns-information-ubuntu-10-04-lucid-lynx/" rel="nofollow">http://www.liberiangeek.net/2010/08/change-dns-information-ubuntu-10-04-lucid-lynx/</a>
</p>
<hr>
<p>Configure Ubuntu 10.04 Lucid Lynx To Use Google Public DNS
<a href="http://www.liberiangeek.net/2010/07/configure-ubuntu-10-04-lucid-lynx-google-public-dns/" rel="nofollow">http://www.liberiangeek.net/2010/07/configure-ubuntu-10-04-lucid-lynx-google-public-dns/</a>
</p>
<hr>
<p>Configure Ubuntu 10.04 Lucid Lynx to Use Comodo Secure DNS
<a href="http://www.liberiangeek.net/2010/08/configure-ubuntu-10-04-lucid-lynx-comodo-secure-dns/" rel="nofollow">http://www.liberiangeek.net/2010/08/configure-ubuntu-10-04-lucid-lynx-comodo-secure-dns/</a>
</p>
<hr>
<p>The Perfect Parental Control For Ubuntu 10.04 Lucid Lynx
<a href="http://www.liberiangeek.net/2010/05/the-perfect-parental-control-for-ubuntu-10-04-lucid-lynx/" rel="nofollow">http://www.liberiangeek.net/2010/05/the-perfect-parental-control-for-ubuntu-10-04-lucid-lynx/</a>
</p><p>BTW. Under Ubuntu these and any other web pages can be printed to .pdf files from Firefox by:
</p><p>- Selecting and copying the web page's title to the clipboard (the name can't include '/' or other illegal characters)
</p><p>- In Firefox click File--&gt;Print
</p><p>- In the pop-up dialog box's General tab click Print to File
</p><p>- Output format: PDF
</p><p>- Paste the web page's name into the name box to the left of the .pdf file name extension
</p><p>- Click the Print button and your .pdf file will be printed to the root level of your Home folder.
</p>A new threat which can be a consequence of the router hijack issue:
Fake Anti-Virus Launches Legit A2010-08-24T03:54:29-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-31153<p>A new threat which can be a consequence of the router hijack issue:
</p><p><strong>Fake Anti-Virus Launches Legit AV Uninstalls</strong>
(Originally Posted by Keith Ferrell Aug 23, 2010 11:28 AM)
</p><p>"A new variation on the Fake Anti-Virus scam actually launches legitimate uninstallers of anti-virus programs from Symantec, Microsoft, AVG and others.
</p><p>The phony anti-virus scam keeps getting new wrinkles, the latest being a pop-up Anti-Virus alert that warns users that their security program is uncertified and must be replaced. When the alert is clicked, it launches the user's legitimate anti-virus uninstall program.
</p><p>As Symantec reported, the fake a-v alert box starts the uninstall no matter where the user clicks. The pop-up's close button is as malicious as its OK button.
</p><p>Symantec notes that the Trojan carries uninstall launchers for "Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs." I would imagine that it won't be long before other security vendors find their products' uninstallers added to the payload..."
</p><p><a href="http://www.informationweek.com/blog/main/archives/2010/08/fake_antivirus.html" rel="nofollow">http://www.informationweek.com/blog/main/archives/2010/08/fake_antivirus.html</a>
</p>This redirection seems to be a router or DNS problem - buggered up by internet buttheads. Be nice if2010-08-22T16:33:41-07:00cheepgeezerhttps://support.mozilla.org/it/questions/739986?page=3#answer-30922<p>This redirection seems to be a router or DNS problem - buggered up by internet buttheads. Be nice if/when the footprint can get figured out by the antivirus companies and we can get a real fix/pteventive dat for it.
</p><p>Now, listen closely - in XP go to START/Control Panel/Network Connections/(right mouse on the connection that's malfunctioning(properties)/TCP/IP (Properties) and now, click the "Use the following DNS Server addresses" button.
Set Preferred to 208.67.222.222
Set Alternate to 208.67.222.220
</p><p>Bingo, system shoots around the re-directs and works fine.
You may get it back to working status by a hard reset and re-set-up of your router if you use one.
Good luck.
It worked for me.
If you use Vista or Win7 I suppose the same type method would work.
</p>Thank you, Thank you, THANK YOU. This is the ONLY site that I have found that had a solution to the2010-08-22T15:24:11-07:00schiffamchttps://support.mozilla.org/it/questions/739986?page=3#answer-30915<p>Thank you, Thank you, THANK YOU. This is the ONLY site that I have found that had a solution to the hijacking. Check your router and change the password.
</p><p>Rick, great job....&nbsp;:)
</p>It's not a firefox problem, the problem is in the routers!
It's mentioned by a few previous posts in2010-08-20T15:43:50-07:00JBinCAhttps://support.mozilla.org/it/questions/739986?page=3#answer-30677<p>It's not a firefox problem, the problem is in the routers!
</p><p>It's mentioned by a few previous posts in this thread, and is discussed here as well <a href="http://tidystorm.com/423/the-redirect-virus-was-in-my-router/" rel="nofollow">external link</a>
One way or another, the DNS server addresses in our routers have been changed to hard-coded <a href="http://213.109.XXX.XXX" rel="nofollow">213.109.XXX.XXX</a>. Look-up domain name server for a little background if you are unfamiliar with the term. The bottom line is that with your router looking to these malicious sites as domain name servers, the sites can redirect you anywhere they want. They have redirected me to other sites that have had other viruses, so you need to scan and fix your computer as well.
</p><p>Firefox addon "noscript" DID prevent these redirects, but did not solve the root problem. Internet explorer and other machines still had the problem.
</p><p>As has been mentioned elswhere, you could take your laptop (if you have one) to a different network (friends house, starbucks, etc), and should find that the redirects do not happen any longer.
</p>So the answer seems to be not to use fire fox fornow?
2010-08-20T05:15:11-07:00davescurrenthttps://support.mozilla.org/it/questions/739986?page=3#answer-30577<p>So the answer seems to be not to use fire fox fornow?
</p>Same issue now solved for me. Now trying to clear up my GF's computer. Follow along on this thread a2010-08-16T13:59:14-07:00RickObanionhttps://support.mozilla.org/it/questions/739986?page=3#answer-29727<p>Same issue now solved for me. Now trying to clear up my GF's computer. Follow along on this thread and we will get an answer.
I did many things to mine to cure it, but did not write down what I was doing. Now that I am doing the GF's puter, I am doing it in a systematic way to nail down this issue.
<a href="http://www.bleepingcomputer.com/forums/topic337383.html" rel="nofollow">http://www.bleepingcomputer.com/forums/topic337383.html</a>
</p>For everyone:
http://en.wikipedia.org/wiki/Comparison_of_firewalls
For Ubuntu:
Easy... :-)
ht2010-08-12T15:17:25-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-28967<p><strong>For everyone:</strong>
<a href="http://en.wikipedia.org/wiki/Comparison_of_firewalls" rel="nofollow">http://en.wikipedia.org/wiki/Comparison_of_firewalls</a>
</p>
<hr>
<p><strong>For Ubuntu:</strong>
</p><p>Easy...&nbsp;:-)
<a href="http://blog.bodhizazen.net/linux/firewall-ubuntu-gufw/" rel="nofollow">http://blog.bodhizazen.net/linux/firewall-ubuntu-gufw/</a>
</p><p>Harder...
<a href="http://blog.bodhizazen.net/linux/firewall-ubuntu-desktops/" rel="nofollow">http://blog.bodhizazen.net/linux/firewall-ubuntu-desktops/</a>
</p><p>Harder still...
<a href="http://blog.bodhizazen.net/linux/firewall-ubuntu-servers/" rel="nofollow">http://blog.bodhizazen.net/linux/firewall-ubuntu-servers/</a>
</p><pre><em>Good grief!</em>&nbsp;:-( <a href="http://bodhizazen.net/Tutorials/iptables/" rel="nofollow">http://bodhizazen.net/Tutorials/iptables/</a>
</pre>
<hr>
<p>HOWTO: Graphical IP Blocker
<a href="http://ubuntuforums.org/showthread.php?t=530183" rel="nofollow">http://ubuntuforums.org/showthread.php?t=530183</a>
</p>
<hr>
<p>If anyone knows of an effective IP Blocker for Windows or Macintosh, then please post a link.
</p><p>Thank you.
</p>BTW:
"SECURITY WARNING: An actively exploited security hole in Adobe Flash 10.0 r45 and earlier can 2010-08-10T16:42:54-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-28537<p>BTW:
</p><p>"SECURITY WARNING: An actively exploited security hole in Adobe Flash 10.0 r45 and earlier can compromise your computer. Please use these instructions to update to Flash Player 10.1."
<a href="https://support.mozilla.com/en-US/kb/Firefox+Support+Home+Page" rel="nofollow">https://support.mozilla.com/en-US/kb/Firefox+Support+Home+Page</a>
</p>What began as a moment of mirth on another forum soon produced (perhaps by coincidence as this brows2010-08-10T16:35:16-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-28535<p>What began as a moment of mirth on another forum soon produced (perhaps by coincidence as this browser redirect problem has been dragging on for a while now) an intrusion attempt alert in Firestarter (a firewall commonly employed by Ubuntu users):
</p><p>Time: Aug 11 00:26:10 Source: 213.109.65.90 Destination:&nbsp;:p In IF: wlan0 Out IF: Port: 53 Length: 88 ToS: 0x00 Protocol: ICMP Service: DNS
</p><p>So I checked out the source of said attempt...
</p><p><a href="http://www.ip-adress.com/whois/213.109.65.90" rel="nofollow">http://www.ip-adress.com/whois/213.109.65.90</a>"]213.109.65.90 IP Whois / Whois IP
</p><p>...and got this:
</p><p>213.109.65.90
</p><p>213.109.65.90 IP:
213.109.65.90
213.109.65.90 server location:
Russian Federation
213.109.65.90 ISP:
ProLite Ltd.
</p><p>213.109.65.90 Whois Information
</p><p>% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See [url]<a href="http://www.ripe.net" rel="nofollow">http://www.ripe.net</a><a href="/url" rel="nofollow">/url</a>[Who Is Domain][trace][Reverse DNS Search]/db/support/db-terms-conditions.pdf
</p><p>% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
</p><p>% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search] - 213.109.79.255[Who Is IP][trace][Reverse IP Search]'
</p><p>inetnum: 213.109.64.0[Who Is IP][trace][Reverse IP Search] - 213.109.79.255[Who Is IP][trace][Reverse IP Search]
netname: PROLITE-NET
descr: ProLite Ltd.
country: RU
org: ORG-PL83-RIPE
admin-c: NF1275-RIPE
tech-c: NF1275-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: MNT-PROLITE
mnt-routes: MNT-PROLITE
mnt-domains: MNT-PROLITE
source: RIPE # Filtered
</p><p>organisation: ORG-PL83-RIPE
org-name: ProLite Ltd.
org-type: OTHER
address: Russia, Nizhniy Novgorod, Pecherskiy syezd 22, off.12
e-mail: [Who Is Domain][trace][Reverse DNS Search]
mnt-ref: MNT-PROLITE
mnt-by: MNT-PROLITE
source: RIPE # Filtered
</p><p>person: <strong>Nikolay N. Filimonov</strong>
address: Russia, Nizhniy Novgorod, Pecherskiy syezd 22, off.12
phone: +7 831 4284242
nic-hdl: NF1275-RIPE
source: RIPE # Filtered
mnt-by: MNT-PROLITE
</p><p>% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search]/20AS49727'
</p><p>route: 213.109.64.0[Who Is IP][trace][Reverse IP Search]/20
descr: ProLite
origin: AS49727
mnt-by: MNT-PROLITE
mnt-routes: MNT-PROLITE
source: RIPE # Filtered
</p><p>% Information related to '213.109.64.0[Who Is IP][trace][Reverse IP Search]/21AS49727'
</p><p>route: 213.109.64.0[Who Is IP][trace][Reverse IP Search]/21
descr: ProLite
origin: AS49727
mnt-by: MNT-PROLITE
source: RIPE # Filtered
</p><p>Can anyone shed further light on <strong>Nikolay N. Filimonov'</strong>s antics?
</p><p>Thank you.
</p>
<hr>
<p>UPDATE:
</p><p>"Poisoned" Router DNS Settings
<a href="http://www.technibble.com/forums/showpost.php?p=144318&amp;postcount=1" rel="nofollow">http://www.technibble.com/forums/showpost.php?p=144318&amp;postcount=1</a>
</p><p>An excerpt:
</p><p>"FYI
</p><p>Discovered a new one today (new to me!). A virus that changed the DNS settings in a Netgear WPN824 router. The router had the default password. A quick search on the Internet shows routers "poisoned" by viruses that can modify router settings when the user has NOT changed the default password. Y'all be sure to change your default passwords on customer routers (I usually do this).
</p><p>Background:
Customer brings me an infected laptop that has a hijacked browser and I pulled the hard disk and slaved to my bench PC to clean it (SOP). It had several Java script viruses (AVG shows twitters.class, skypeqd.class, mailvue.class, AppleT.class all in jar_cache). Removed viruses with AVG.
</p><p>So I gave the laptop a "clean up/tune up" afterward. Customer picks up laptop, goes back home, and calls me within hours: "it's still going to the wrong web sites". So I ask him to drop it back by the shop to check it out again. Pull the hard disk, scan with AVG &amp; Malwarebytes and it's clean. The browser is NOT hijacked in my shop. Put it back into PC and scan with his AVG &amp; Malwarebytes and it's clean. He calls while I have it and says: "now my wife's laptop is hijacked!". I pack up his machine and go over to his home and run an IPCONFIG /ALL in a CMD window and the DNS servers shown is 213.109.64.5 (which resolves to a Russian network!) Wow!
</p><p>Go into his Netgear router and low and behold the DNS setting has been changed from "Get Automatically from ISP" to "use these DNS Servers" with the above numbers typed in. Bingo. Change it to "Get Automatically from ISP" and it's all good.
</p><p>It is a good reason to always change the default password."
</p>Good post Rick! :) Thanks for sharing your experience and insight.
As for preventing a repeat o2010-08-08T09:33:48-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-27906<p>Good post Rick!&nbsp;:) Thanks for sharing your experience and insight.
</p><p>As for preventing a repeat of the browser redirect problem? It would appear that resetting one's router to its factory defaults, entering in the settings which one needs, and then protecting it with a secure password would be prudent.
</p><p>On the software side of taking preventative measures, I am pleased to report that, for the past several days, my Ubuntu 10.04/Firefox 3.6.8 rig has not experienced any further browser redirect problems since I began using the Firefox Add-ons I mentioned earlier.
</p><p>There is one new wrinkle though. In Ghostery--&gt;Freferences--&gt;Ghostery Options--&gt;Blocking I had enabled web bug blocking and selected All for the list of items which appears there. However, since then a few new ones have crept into said list as I've surfed the Internet, so I've had to re-click the All option to include these intrusive newcomers. I expect that this is something I'll have to do after each Internet session from now on in order to maintain an enhanced level of security.
</p>I managed to defeat this thing finally. As someone suggested, it is in the router. I ran Sophos Anti2010-08-07T13:08:32-07:00RickObanionhttps://support.mozilla.org/it/questions/739986?page=3#answer-27780<p>I managed to defeat this thing finally. As someone suggested, it is in the router. I ran Sophos Anti-Rootkit, MalwareBytes, superAntispyware, ComboFix and avast.
First, MalwareBytes would not connect for an update. That I found odd. So I went and grabbed the manual update.
I was getting the same issues as everyone else. First, hanging on Google Analytics, then <a href="http://surveys.cnet.com" rel="nofollow">surveys.cnet.com</a>, the video cop and other redirects.
I got so annoyed, I reformated.,,,AND IT WAS STILL THERE!!
Not possible, I thought. If this was a BIOS infection, I may as well toss the thing out.
Then someone suggested i check my router config since I never did change the default linksys admin password.
I logged into the router and KABAM...the entire GUI page was mangled, I could not alter any settings.
I hit the reset button, and got the interface back. I uploaded a new firmware update.
I swept my computer one more time to be sure I still had nothing, and connected.
Everything works perfect now. I did the same to my GF's computer before I let her connect to my router...found 74 various tracking cookies none of which stuck out more than the other.
We connected and even her computer..which was the first infected, worked fine. I had her reset her modem at home...and finally no issues there either.
So my best guess is that some type of low level malware opened the door for something more complex which began altering my router and sending me to places I did not want to go and also stopped outgoing traffic to websites that would help. I couldn't get on to most help sites without major difficulty.
MalwareBytes now updates via the update button, window updates again, and I can get to sites like <a href="http://bleepingcomputer.com" rel="nofollow">bleepingcomputer.com</a> or <a href="http://majorgeeks.com" rel="nofollow">majorgeeks.com</a> without being redirected to their 404 error page.
I don't know which one of these steps in particular killed the computer portion of the malware, but resetting hte router seemed to kill that part.
I have no idea how to stop it from happening again. Judging by the other sites, all kinds of people are having the same issue.
This may be a rewritten variant of the ZLOB trojan...but I don't have the experience or knowledge to say for sure.
</p>Hi TonyTonyTony.
I was experiencing the occasional frozen blank page similar to what you've describ2010-08-06T11:41:22-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-27507<p>Hi TonyTonyTony.
</p><p>I <em>was</em> experiencing the occasional frozen blank page similar to what you've described before installing and using the Firefox Add-on Ghostery in addition to the Add-ons: Adblock Plus, NoScript, Beef Taco, Flagfox, WOT, and Xmarks.
</p><p>In a belt &amp; suspenders approach to further combating browser redirects I' ve since installed the Ff Add-on BetterPrivacy as well.
</p>I just checked my e-mail and found that there had been a half dozen or so replies to this thread. So2010-08-06T11:27:19-07:00JohnGaryB.https://support.mozilla.org/it/questions/739986?page=3#answer-27500<p>I just checked my e-mail and found that there had been a half dozen or so replies to this thread. So I deleted all of the notifications of said replies save for the most recent one, and then proceeded to this thread with the expectation of reading all of the replies.
</p><p>When I arrived I found only two replies which I hadn't seen before (one from TonyTonyTony, Posted August 4, 2010 9:29:41 PM PDT, and one from numberzguy, Posted August 6, 2010 9:21:12 AM PDT). The rest were missing.&nbsp;:-(
</p><p>Fortunately I have the text of the one post that I didn't delete from my e-mail notifications. As this post contains info which IMO is useful to resolving what's behind this ongoing browser redirect issue, here is the text of said post in its entirety:
</p><p>""Cochango" has posted a reply to a thread you're watching.
You can view the thread and reply at the following URL:
</p><p><a href="https://support.mozilla.com/en-US/forum/1/739986#threadId746474" rel="nofollow">https://support.mozilla.com/en-US/forum/1/739986#threadId746474</a>
</p><p>Message:
</p>
<hr>
<p>Same problem on three devices - non-networked. When it showed up on my Ipad I knew something screwy was up and it had to be with the router. Looked at DNS config and saw three static DNS addresses that I never put in. Set back to Zeros and so far so good.
It's in the router Watson because that's the only thing ALL THREE my devices have in common. No print or file sharing with the Pad but I get redirected using Safari browser. Slam Dunk."
</p><p>In the wake of the missing posts in this thread - and given that, for the first time ever, I had to register as a user of this forum to submit a (this) post - is there a new moderation policy in place on the Firefox Support Forum, and if so, does it include deleting posts such as the one from 'Cochango' cited here?
</p><p>Thank you.
</p>I have this problem too.
1) it seemed to start with Defence Center. I used Malwarebytes to get rid 2010-08-06T02:21:12-07:00numberzguyhttps://support.mozilla.org/it/questions/739986?page=3#answer-27401<p>I have this problem too.
</p><p>1) it seemed to start with Defence Center. I used Malwarebytes to get rid of that, but the problem persists
</p><p>2) Some sites suggest that this is a rootkit virus. These are very stubborn and hard to get at. I am sure I have the virus, but I have tried about 6 virus tools and none have found the problem. Is it new?
</p><p>3) Additional issue: I have tried to roll back to a previous Restore Point for MS XP Pro. I cannot get the Restore Point feature to work.
</p>Actually, it DOES seem possible we've all visited the same site to me.
By the way, when Google anal2010-08-04T14:29:41-07:00TonyTonyTonyhttps://support.mozilla.org/it/questions/739986?page=3#answer-27119<p>Actually, it DOES seem possible we've all visited the same site to me.
</p><p>By the way, when Google analytics freezes your browser, has anyone else had the instances where it also pops-under a screen sized blank white browser window? That's not 100% of the time, but I've noticed it on occasion.
</p>Hi, I have had all the same problems that are described here for the past few weeks. I've cleaned my2010-08-04T04:24:49-07:00AnonymousUserhttps://support.mozilla.org/it/questions/739986?page=3#answer-1048<p>Hi, I have had all the same problems that are described here for the past few weeks. I've cleaned my laptop with several antivirus programs and have found a few infections and got rid of them, but the redirects still occur. I have not tried the various firefox addons yet, but I will. I am also having redirect problems with IE 8.
</p><p>A major thing I have noticed is that this only occurs on my laptop when it is on my home network. Whenever I am on the network at my parents' home or at the coffee shop down the street, the redirects stop. I have reset my linksys router by holding the reset button for 45 seconds and have also changed the router password and the wireless access password.
</p><p>Another thing I have noticed is that ads on some pages are different when I'm on my home network, such as normal movie ads on <a href="http://rottentomatoes.com" rel="nofollow">rottentomatoes.com</a> changing to various cheap-looking clicksor ads. The ads return to normal when I am on a different network.
</p><p>Has anyone else noticed any of these problems? Has anyone had the same problems when on a network other than their own?
</p>Thanks Everybody Keep adding your input. Actually you can trace this problem on the web under most o2010-08-03T15:31:46-07:00AnonymousUserhttps://support.mozilla.org/it/questions/739986?page=3#answer-1049<p>Thanks Everybody Keep adding your input. Actually you can trace this problem on the web under most of the unwanted URLs and the word redirect or hijack. Right now there doesn't appear to be a universal way to log viral problems, any suggestions?
</p><p>Norton used to be number one... but all of these malware teams are competing against each other.
</p><p>But this is a growing problem with no current solution. Firefox with addons deals with the problem well, Opera seems to be needing some tracking blocking so it is still suffering.
</p><p>You can go to any flash movie and use the flash storage settings and set it 0 then press okay and it will empty it or
CCleaner can have the flash cookie cleaner. For Fire Fox check the options the out for Ghostery and Beef Taco to block trakers. For Ghostery you can block the 100 tracking companies and add more. Better Privacy will allow you to delete them before using flash or when leaving firefox.
</p><p>So if there is a single URL to collect all malware list it, otherwise keep adding description and URL information to this blog, then people will find it when they search. Granted Firefox is the safest.
</p><p>Videocop ad appeared on Opera
<a href="http://www.brothersoft.com/combofix-292397.html" rel="nofollow">http://www.brothersoft.com/combofix-292397.html</a>
But not on Firefox
<a href="http://www.brothersoft.com/combofix-292397.html" rel="nofollow">http://www.brothersoft.com/combofix-292397.html</a>
Could be coincidence? After cleaning(via firefox) not on Opera?
</p><p>There is still shockwave player and any number of non-adobe products that could be used in the same way.
</p><p>Thanks Everyone,
</p><p>Mark
</p>@Tony.
...And it's unlikely that everyone here has visited a common web site... *cue the Twilight Zo2010-08-03T15:03:04-07:00AnonymousUserhttps://support.mozilla.org/it/questions/739986?page=3#answer-1050<p>@Tony.
</p><p>...And it's unlikely that everyone here has visited a common web site... *cue the Twilight Zone theme*&nbsp;:D
</p><p>I just use the Add-ons mentioned above with the latest version of Firefox (3.6.8, Mozilla Firefox for Ubuntu canonical - 1.0) running default settings.
</p>