X
Trykk her for å gå til den mobile utgaven av nettstedet.

Brukerstøtteforum

Need help killing nasty Firefox virus / adware

Skrevet

One of the computers in my office has a nasty Firefox virus / adware. Only Firefox is affected, Chrome and IE are okay. Get lots of advertising pop-ups even though pop-up blocking is enabled. Lots of nonstandard advertisement pictures appear on most web pages. Hyperlinks show more advertising pop-ups when you hover over some of them. Firefox performance is very slow. When I use "Copy Link Location" over hyperlinks and pop-ups they each have a different core URL - too many to try to block through firewall or virus software. AVG anti-virus scan, Malwarebytes scan, AdwCleaner, HitmanPro all come up clean. All Firefox plug-ins and extensions are disabled. Reset of Firefox didn't fix it. Deinstall/reinstall of Firefox didn't either. Ran CCleaner on both files and registry. No suspicious programs show up in Control Panel. Ran anti-virus, Malwarebytes, AdwCleaner, CCleaner again while in safe mode. No joy.

Any ideas?

Thanks,

Rob

One of the computers in my office has a nasty Firefox virus / adware. Only Firefox is affected, Chrome and IE are okay. Get lots of advertising pop-ups even though pop-up blocking is enabled. Lots of nonstandard advertisement pictures appear on most web pages. Hyperlinks show more advertising pop-ups when you hover over some of them. Firefox performance is very slow. When I use "Copy Link Location" over hyperlinks and pop-ups they each have a different core URL - too many to try to block through firewall or virus software. AVG anti-virus scan, Malwarebytes scan, AdwCleaner, HitmanPro all come up clean. All Firefox plug-ins and extensions are disabled. Reset of Firefox didn't fix it. Deinstall/reinstall of Firefox didn't either. Ran CCleaner on both files and registry. No suspicious programs show up in Control Panel. Ran anti-virus, Malwarebytes, AdwCleaner, CCleaner again while in safe mode. No joy. Any ideas? Thanks, Rob

Valgt løsning

Occasionally, malware might change settings in Firefox's program folders. To address that:

Clean Reinstall

We use this name, but it's not about removing your settings, it's about making sure the program files are clean. As described below, this process does not disturb your existing settings. Do NOT uninstall Firefox, that's not needed.

(1) Download a fresh installer for Firefox 37.0 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.)

(2) Exit out of Firefox (if applicable).

(3) Rename the program folder

(64-bit Windows folder names)

C:\Program Files (x86)\Mozilla Firefox

to

C:\Program Files (x86)\OldFirefox

(32-bit Windows folder names)

C:\Program Files\Mozilla Firefox

to

C:\Program Files\OldFirefox

(4) Run the installer you downloaded in #1. It should automatically connect to your existing settings.

Any difference?

Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders:

  • \OldFirefox\Plugins
  • \OldFirefox\browser\plugins
Les dette svaret i sammenhengen 39

Flere systemdetaljer

Installerte programtillegg

  • Adobe PDF Plug-In For Firefox and Netscape "9.5.5"
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.02
  • GEPlugin
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • LogMeIn, Inc. Remote Access Components
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 16.0 r0
  • Shockwave Flash 11.8 r800
  • 5.1.30514.0
  • NPWLPG
  • Yahoo Application State Plugin version 1.0.0.7
  • iTunes Detector Plug-in

Applikasjon

  • Brukeragent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0

Mer informasjon

Hjelpsomt svar

rerickson said

One of the computers in my office has a nasty Firefox virus / adware. Only Firefox is affected, Chrome and IE are okay. Get lots of advertising pop-ups even though pop-up blocking is enabled. Lots of nonstandard advertisement pictures appear on most web pages. Hyperlinks show more advertising pop-ups when you hover over some of them. Firefox performance is very slow. When I use "Copy Link Location" over hyperlinks and pop-ups they each have a different core URL - too many to try to block through firewall or virus software. AVG anti-virus scan, Malwarebytes scan, AdwCleaner, HitmanPro all come up clean. All Firefox plug-ins and extensions are disabled. Reset of Firefox didn't fix it. Deinstall/reinstall of Firefox didn't either. Ran CCleaner on both files and registry. No suspicious programs show up in Control Panel. Ran anti-virus, Malwarebytes, AdwCleaner, CCleaner again while in safe mode. No joy. Any ideas? Thanks, Rob

I forgot to mention - OS is Windows 8.1.

''rerickson [[#question-1055403|said]]'' <blockquote> One of the computers in my office has a nasty Firefox virus / adware. Only Firefox is affected, Chrome and IE are okay. Get lots of advertising pop-ups even though pop-up blocking is enabled. Lots of nonstandard advertisement pictures appear on most web pages. Hyperlinks show more advertising pop-ups when you hover over some of them. Firefox performance is very slow. When I use "Copy Link Location" over hyperlinks and pop-ups they each have a different core URL - too many to try to block through firewall or virus software. AVG anti-virus scan, Malwarebytes scan, AdwCleaner, HitmanPro all come up clean. All Firefox plug-ins and extensions are disabled. Reset of Firefox didn't fix it. Deinstall/reinstall of Firefox didn't either. Ran CCleaner on both files and registry. No suspicious programs show up in Control Panel. Ran anti-virus, Malwarebytes, AdwCleaner, CCleaner again while in safe mode. No joy. Any ideas? Thanks, Rob </blockquote> I forgot to mention - OS is Windows 8.1.
jscher2000
  • Top 10 Contributor
8872 løsninger 72576 svar

Could you check whether Firefox has a non-standard connection setting? You can do that here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

The default "Use system proxy settings" should piggyback on your Windows/IE "LAN" settings. But you can try "No proxy" to see whether that makes any difference.


It sounds as though you have undertaken the standard clean-up measures, but just in case: Here's my suggested procedure for tracking down and cleaning up bad add-ons.

(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Take out as much trash as possible here.

(2) Open Firefox's Add-ons page using either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons

In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".

In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

Any improvement?

(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.

Success?

Could you check whether Firefox has a non-standard connection setting? You can do that here: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button The default "Use system proxy settings" should piggyback on your Windows/IE "LAN" settings. But you can try "No proxy" to see whether that makes any difference. ---- It sounds as though you have undertaken the standard clean-up measures, but just in case: Here's my suggested procedure for tracking down and cleaning up bad add-ons. (1) Open the Windows '''Control Panel''', Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Take out as much trash as possible here. (2) Open Firefox's '''Add-ons page''' using either: * Ctrl+Shift+a * "3-bar" menu button (or Tools menu) > Add-ons In the left column, click '''Plugins'''. Set nonessential and unrecognized plugins to "Never Activate". In the left column, click '''Extensions'''. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step. Any improvement? (3) You can search for remaining issues with the '''scanning/cleaning tools''' listed in our support article: [[Troubleshoot Firefox issues caused by malware]]. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case. Success?
jscher2000
  • Top 10 Contributor
8872 løsninger 72576 svar

Valgt løsning

Occasionally, malware might change settings in Firefox's program folders. To address that:

Clean Reinstall

We use this name, but it's not about removing your settings, it's about making sure the program files are clean. As described below, this process does not disturb your existing settings. Do NOT uninstall Firefox, that's not needed.

(1) Download a fresh installer for Firefox 37.0 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.)

(2) Exit out of Firefox (if applicable).

(3) Rename the program folder

(64-bit Windows folder names)

C:\Program Files (x86)\Mozilla Firefox

to

C:\Program Files (x86)\OldFirefox

(32-bit Windows folder names)

C:\Program Files\Mozilla Firefox

to

C:\Program Files\OldFirefox

(4) Run the installer you downloaded in #1. It should automatically connect to your existing settings.

Any difference?

Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders:

  • \OldFirefox\Plugins
  • \OldFirefox\browser\plugins
Occasionally, malware might change settings in Firefox's program folders. To address that: '''Clean Reinstall''' We use this name, but it's not about removing your settings, it's about making sure the program files are clean. As described below, this process does not disturb your existing settings. Do NOT uninstall Firefox, that's not needed. (1) Download a fresh installer for Firefox 37.0 from https://www.mozilla.org/firefox/all/ to a convenient location. (Scroll down to your preferred language.) (2) Exit out of Firefox (if applicable). (3) Rename the program folder ''(64-bit Windows folder names)'' C:\Program Files (x86)\Mozilla Firefox to C:\Program Files (x86)\OldFirefox ''(32-bit Windows folder names)'' C:\Program Files\Mozilla Firefox to C:\Program Files\OldFirefox (4) Run the installer you downloaded in #1. It should automatically connect to your existing settings. Any difference? Note: Some plugins may exist only in that OldFirefox folder. If something essential is missing, look in these folders: * \OldFirefox\Plugins * \OldFirefox\browser\plugins

Eieren av spørsmålet

Thanks jscher2000. I tried everything in both your posts. The very last thing - Clean Reinstall - appears to have done the trick. Keeping my fingers crossed it stays dead. Thanks so much for taking the time to help.

Rob

Thanks jscher2000. I tried everything in both your posts. The very last thing - Clean Reinstall - appears to have done the trick. Keeping my fingers crossed it stays dead. Thanks so much for taking the time to help. Rob
JimmyTwoShoes 0 løsninger 1 svar

Seems someone over at Bleeping Computers found the route of the problem.

http://www.bleepingcomputer.com/forums/t/571984/ads-by-name/page-3#entry3671244

The short version of it is to try renaming "C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js" & "C:\Program Files (x86)\Mozilla Firefox\my.cfg" to something like "oldmy-prefs.js" & "oldmy.cfg" then restart Firefox. If that fixes the problem, delete the files you named old and you are clean!

This seems to be a very recent virus/adware exploiting an issue with Firefox. Hopefully this will get passed on to Mozillas Dev Team to take a look at.

Seems someone over at Bleeping Computers found the route of the problem. [http://www.bleepingcomputer.com/forums/t/571984/ads-by-name/page-3#entry3671244 http://www.bleepingcomputer.com/forums/t/571984/ads-by-name/page-3#entry3671244] The short version of it is to try renaming "'''C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js'''" & "'''C:\Program Files (x86)\Mozilla Firefox\my.cfg'''" to something like "'''oldmy-prefs.js'''" & "'''oldmy.cfg'''" then restart Firefox. If that fixes the problem, delete the files you named old and you are clean! This seems to be a very recent virus/adware exploiting an issue with Firefox. Hopefully this will get passed on to Mozillas Dev Team to take a look at.

Endret av JimmyTwoShoes

jscher2000
  • Top 10 Contributor
8872 løsninger 72576 svar

Hi JimmyTwoShoes, the

C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\somerandomname.js

file is used to set default preferences or even to "lock" preferences in Firefox. It points to a particular

C:\Program Files (x86)\Mozilla Firefox\anyrandomname.cfg

file. I think there have been one or two other unwanted programs doing a similar thing in the past.

Because the file names could be anything, we generally recommend using the "Clean Reinstall" procedure as a quick way to replace the program folder instead of trying to investigate the files. But if you prefer a more surgical approach, it makes sense to be suspicious of anything in

C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\

which normally only has a channel-prefs.js file in it with one active line after the comment block:

pref("app.update.channel", "release");
Hi JimmyTwoShoes, the C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\''somerandomname''.js file is used to set default preferences or even to "lock" preferences in Firefox. It points to a particular C:\Program Files (x86)\Mozilla Firefox\''anyrandomname''.cfg file. I think there have been one or two other unwanted programs doing a similar thing in the past. Because the file names could be anything, we generally recommend using the "Clean Reinstall" procedure as a quick way to replace the program folder instead of trying to investigate the files. But if you prefer a more surgical approach, it makes sense to be suspicious of anything in C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\ which normally only has a channel-prefs.js file in it with one active line after the comment block: pref("app.update.channel", "release");
c2mail 0 løsninger 1 svar

Just a note for whom the above "clean install" did not fix this nasty problem. (I'm using WINXP.) I had the same symptoms as rerickson iterated. Sometimes I had so many popups on my window in one case (had popups turned off in Firefox, of course), that I could see only a tiny bit of the web page in the middle ! I would also get new ad web pages being spawned when I just clicked on the background of a web page.

I tried uninstalling and even deleted (besides the "Program Files" directory) my Firefox files in "Documents & Settings" (i.e. I deleted almost all files except my "places.." and "cookies..." files). This all had no effect on the damned popups and cursor-popups. The problem affected only Firefox and not IE.

The cause turned out to be that I had a POS called "intelliterm" installed. It's binary is called "itsvc.exe" and if you see that running in your taskmgr, you know you have this same problem. As a quick fix, just killing the itsvc.exe process stopped the web ads and junk. You want to uninstall the intelliterm product under "Add or remove programs".

Hope this helps those who couldn't fix the malware with the clean re-install. I'm surprised that one of the developers here hasn't had this problem. I guess they are more conservative surfers than I am.

Just a note for whom the above "clean install" did not fix this nasty problem. (I'm using WINXP.) I had the same symptoms as rerickson iterated. Sometimes I had so many popups on my window in one case (had popups turned off in Firefox, of course), that I could see only a tiny bit of the web page in the middle ! I would also get new ad web pages being spawned when I just clicked on the background of a web page. I tried uninstalling and even deleted (besides the "Program Files" directory) my Firefox files in "Documents & Settings" (i.e. I deleted almost all files except my "places.." and "cookies..." files). This all had no effect on the damned popups and cursor-popups. The problem affected only Firefox and not IE. The cause turned out to be that I had a POS called "intelliterm" installed. It's binary is called "itsvc.exe" and if you see that running in your taskmgr, you know you have this same problem. As a quick fix, just killing the itsvc.exe process stopped the web ads and junk. You want to uninstall the intelliterm product under "Add or remove programs". Hope this helps those who couldn't fix the malware with the clean re-install. I'm surprised that one of the developers here hasn't had this problem. I guess they are more conservative surfers than I am.
jscher2000
  • Top 10 Contributor
8872 løsninger 72576 svar

Hi c2mail, thank you for the tip.

There are numerous programs that can cause this problem, and the original poster had already run through the routine steps for malware cleanup and add/remove programs, so we jumped to some other issues rather than starting at the beginning.

Hi c2mail, thank you for the tip. There are numerous programs that can cause this problem, and the original poster had already run through the routine steps for malware cleanup and add/remove programs, so we jumped to some other issues rather than starting at the beginning.